tests/common: migrate auth tests #1

Signed-off-by: Chao Chen <chaochn@amazon.com>

tests/common/auth_test.go

@@ -65,3 +65,68 @@ func TestAuthDisable(t *testing.T) {
 		}
 	})
 }
+
+func TestAuthGracefulDisable(t *testing.T) {
+	testRunner.BeforeTest(t)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(config.ClusterConfig{ClusterSize: 1}))
+	defer clus.Close()
+	cc := testutils.MustClient(clus.Client())
+	testutils.ExecuteUntil(ctx, t, func() {
+		require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth")
+		donec := make(chan struct{})
+		rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword)))
+
+		go func() {
+			defer close(donec)
+			// sleep a bit to let the watcher connects while auth is still enabled
+			time.Sleep(time.Second)
+			// now disable auth...
+			if err := rootAuthClient.AuthDisable(ctx); err != nil {
+				t.Errorf("failed to auth disable %v", err)
+				return
+			}
+			// ...and restart the node
+			clus.Members()[0].Stop()
+			if err := clus.Members()[0].Start(ctx); err != nil {
+				t.Errorf("failed to restart member %v", err)
+				return
+			}
+			// the watcher should still work after reconnecting
+			require.NoErrorf(t, rootAuthClient.Put(ctx, "key", "value", config.PutOptions{}), "failed to put key value")
+		}()
+
+		wCtx, wCancel := context.WithCancel(ctx)
+		defer wCancel()
+
+		watchCh := rootAuthClient.Watch(wCtx, "key", config.WatchOptions{Revision: 1})
+		wantedLen := 1
+		watchTimeout := 10 * time.Second
+		wanted := []testutils.KV{{Key: "key", Val: "value"}}
+		kvs, err := testutils.KeyValuesFromWatchChan(watchCh, wantedLen, watchTimeout)
+		require.NoErrorf(t, err, "failed to get key-values from watch channel %s", err)
+		require.Equal(t, wanted, kvs)
+		<-donec
+	})
+}
+
+func TestAuthStatus(t *testing.T) {
+	testRunner.BeforeTest(t)
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(config.ClusterConfig{ClusterSize: 1}))
+	defer clus.Close()
+	cc := testutils.MustClient(clus.Client())
+	testutils.ExecuteUntil(ctx, t, func() {
+		resp, err := cc.AuthStatus(ctx)
+		require.NoError(t, err)
+		require.Falsef(t, resp.Enabled, "want auth not enabled but enabled")
+
+		require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth")
+		rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword)))
+		resp, err = rootAuthClient.AuthStatus(ctx)
+		require.NoError(t, err)
+		require.Truef(t, resp.Enabled, "want enabled but got not enabled")
+	})
+}

tests/e2e/ctl_v3_auth_test.go

@@ -26,8 +26,6 @@ import (
 	"go.etcd.io/etcd/tests/v3/framework/e2e"
 )
 
-func TestCtlV3AuthGracefulDisable(t *testing.T)     { testCtl(t, authGracefulDisableTest) }
-func TestCtlV3AuthStatus(t *testing.T)              { testCtl(t, authStatusTest) }
 func TestCtlV3AuthWriteKey(t *testing.T)            { testCtl(t, authCredWriteKeyTest) }
 func TestCtlV3AuthRoleUpdate(t *testing.T)          { testCtl(t, authRoleUpdateTest) }
 func TestCtlV3AuthUserDeleteDuringOps(t *testing.T) { testCtl(t, authUserDeleteDuringOpsTest) }
@@ -93,80 +91,6 @@ func ctlV3AuthEnable(cx ctlCtx) error {
 	return e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "Authentication Enabled")
 }
 
-func authGracefulDisableTest(cx ctlCtx) {
-	if err := authEnable(cx); err != nil {
-		cx.t.Fatal(err)
-	}
-
-	cx.user, cx.pass = "root", "root"
-
-	donec := make(chan struct{})
-
-	go func() {
-		defer close(donec)
-
-		// sleep a bit to let the watcher connects while auth is still enabled
-		time.Sleep(time.Second)
-
-		// now disable auth...
-		if err := ctlV3AuthDisable(cx); err != nil {
-			cx.t.Fatalf("authGracefulDisableTest ctlV3AuthDisable error (%v)", err)
-		}
-
-		// ...and restart the node
-		node0 := cx.epc.Procs[0]
-		if rerr := node0.Restart(context.TODO()); rerr != nil {
-			cx.t.Fatal(rerr)
-		}
-
-		// the watcher should still work after reconnecting
-		if perr := ctlV3Put(cx, "key", "value", ""); perr != nil {
-			cx.t.Errorf("authGracefulDisableTest ctlV3Put error (%v)", perr)
-		}
-	}()
-
-	err := ctlV3Watch(cx, []string{"key"}, kvExec{key: "key", val: "value"})
-
-	if err != nil {
-		if cx.dialTimeout > 0 && !isGRPCTimedout(err) {
-			cx.t.Errorf("authGracefulDisableTest ctlV3Watch error (%v)", err)
-		}
-	}
-
-	<-donec
-}
-
-func ctlV3AuthDisable(cx ctlCtx) error {
-	cmdArgs := append(cx.PrefixArgs(), "auth", "disable")
-	return e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "Authentication Disabled")
-}
-
-func authStatusTest(cx ctlCtx) {
-	cmdArgs := append(cx.PrefixArgs(), "auth", "status")
-	if err := e2e.SpawnWithExpects(cmdArgs, cx.envMap, "Authentication Status: false", "AuthRevision:"); err != nil {
-		cx.t.Fatal(err)
-	}
-
-	if err := authEnable(cx); err != nil {
-		cx.t.Fatal(err)
-	}
-
-	cx.user, cx.pass = "root", "root"
-	cmdArgs = append(cx.PrefixArgs(), "auth", "status")
-
-	if err := e2e.SpawnWithExpects(cmdArgs, cx.envMap, "Authentication Status: true", "AuthRevision:"); err != nil {
-		cx.t.Fatal(err)
-	}
-
-	cmdArgs = append(cx.PrefixArgs(), "auth", "status", "--write-out", "json")
-	if err := e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "enabled"); err != nil {
-		cx.t.Fatal(err)
-	}
-	if err := e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "authRevision"); err != nil {
-		cx.t.Fatal(err)
-	}
-}
-
 func authCredWriteKeyTest(cx ctlCtx) {
 	// baseline key to check for failed puts
 	if err := ctlV3Put(cx, "foo", "a", ""); err != nil {