Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: e2e and integration test for timetolive

Browse Source 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
This commit is contained in:
Hitoshi Mitake 2023-03-31 23:07:23 +09:00
parent 71e85e9ded
commit c62b5db79d
3 changed files with 142 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
integration/v3_auth_test.go
View File

@ -150,12 +150,10 @@ func testV3AuthWithLeaseRevokeWithRoot(t *testing.T, ccfg ClusterConfig) {
// wait for lease expire // wait for lease expire
time.Sleep(3 * time.Second) time.Sleep(3 * time.Second)
tresp, terr := api.Lease.LeaseTimeToLive( tresp, terr := rootc.TimeToLive(
context.TODO(), context.TODO(),
&pb.LeaseTimeToLiveRequest{ leaseID,
ID: int64(leaseID), clientv3.WithAttachedKeys(),
Keys: true,
},
) )
if terr != nil { if terr != nil {
t.Error(terr) t.Error(terr)
@ -526,3 +524,85 @@ func TestV3AuthWatchErrorAndWatchId0(t *testing.T) {
<-watchEndCh <-watchEndCh
} }
func TestV3AuthWithLeaseTimeToLive(t *testing.T) {
clus := NewClusterV3(t, &ClusterConfig{Size: 1})
defer clus.Terminate(t)
users := []user{
{
name: "user1",
password: "user1-123",
role: "role1",
key: "k1",
end: "k3",
},
{
name: "user2",
password: "user2-123",
role: "role2",
key: "k2",
end: "k4",
},
}
authSetupUsers(t, toGRPC(clus.Client(0)).Auth, users)
authSetupRoot(t, toGRPC(clus.Client(0)).Auth)
user1c, cerr := clientv3.New(clientv3.Config{Endpoints: clus.Client(0).Endpoints(), Username: "user1", Password: "user1-123"})
if cerr != nil {
t.Fatal(cerr)
}
defer user1c.Close()
user2c, cerr := clientv3.New(clientv3.Config{Endpoints: clus.Client(0).Endpoints(), Username: "user2", Password: "user2-123"})
if cerr != nil {
t.Fatal(cerr)
}
defer user2c.Close()
leaseResp, err := user1c.Grant(context.TODO(), 90)
if err != nil {
t.Fatal(err)
}
leaseID := leaseResp.ID
_, err = user1c.Put(context.TODO(), "k1", "val", clientv3.WithLease(leaseID))
if err != nil {
t.Fatal(err)
}
// k2 can be accessed from both user1 and user2
_, err = user1c.Put(context.TODO(), "k2", "val", clientv3.WithLease(leaseID))
if err != nil {
t.Fatal(err)
}
_, err = user1c.TimeToLive(context.TODO(), leaseID)
if err != nil {
t.Fatal(err)
}
_, err = user2c.TimeToLive(context.TODO(), leaseID)
if err != nil {
t.Fatal(err)
}
_, err = user2c.TimeToLive(context.TODO(), leaseID, clientv3.WithAttachedKeys())
if err == nil {
t.Fatal("timetolive from user2 should be failed with permission denied")
}
rootc, cerr := clientv3.New(clientv3.Config{Endpoints: clus.Client(0).Endpoints(), Username: "root", Password: "123"})
if cerr != nil {
t.Fatal(cerr)
}
defer rootc.Close()
if _, err := rootc.RoleRevokePermission(context.TODO(), "role1", "k1", "k3"); err != nil {
t.Fatal(err)
}
_, err = user1c.TimeToLive(context.TODO(), leaseID, clientv3.WithAttachedKeys())
if err == nil {
t.Fatal("timetolive from user2 should be failed with permission denied")
}
}

49
tests/e2e/ctl_v3_auth_test.go
View File

@ -68,6 +68,7 @@ func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }
func TestCtlV3AuthSnapshotJWT(t *testing.T) { testCtl(t, authTestSnapshot, withCfg(configJWT)) } func TestCtlV3AuthSnapshotJWT(t *testing.T) { testCtl(t, authTestSnapshot, withCfg(configJWT)) }
func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) } func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) }
func TestCtlV3AuthTestCacheReload(t *testing.T) { testCtl(t, authTestCacheReload) } func TestCtlV3AuthTestCacheReload(t *testing.T) { testCtl(t, authTestCacheReload) }
func TestCtlV3AuthLeaseTimeToLive(t *testing.T) { testCtl(t, authTestLeaseTimeToLive) }
func authEnableTest(cx ctlCtx) { func authEnableTest(cx ctlCtx) {
if err := authEnable(cx); err != nil { if err := authEnable(cx); err != nil {
@ -1233,3 +1234,51 @@ func authTestCacheReload(cx ctlCtx) {
cx.t.Fatal(err) cx.t.Fatal(err)
} }
} }
func authTestLeaseTimeToLive(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
cx.user = "test-user"
cx.pass = "pass"
leaseID, err := ctlV3LeaseGrant(cx, 10)
if err != nil {
cx.t.Fatal(err)
}
err = ctlV3Put(cx, "foo", "val", leaseID)
if err != nil {
cx.t.Fatal(err)
}
err = ctlV3LeaseTimeToLive(cx, leaseID, true)
if err != nil {
cx.t.Fatal(err)
}
cx.user = "root"
cx.pass = "root"
err = ctlV3Put(cx, "bar", "val", leaseID)
if err != nil {
cx.t.Fatal(err)
}
cx.user = "test-user"
cx.pass = "pass"
// the lease is attached to bar, which test-user cannot access
err = ctlV3LeaseTimeToLive(cx, leaseID, true)
if err == nil {
cx.t.Fatal("test-user must not be able to access to the lease, because it's attached to the key bar")
}
// without --keys, access should be allowed
err = ctlV3LeaseTimeToLive(cx, leaseID, false)
if err != nil {
cx.t.Fatal(err)
}
}

8
tests/e2e/ctl_v3_lease_test.go
View File

@ -294,3 +294,11 @@ func ctlV3LeaseRevoke(cx ctlCtx, leaseID string) error {
cmdArgs := append(cx.PrefixArgs(), "lease", "revoke", leaseID) cmdArgs := append(cx.PrefixArgs(), "lease", "revoke", leaseID)
return spawnWithExpect(cmdArgs, fmt.Sprintf("lease %s revoked", leaseID)) return spawnWithExpect(cmdArgs, fmt.Sprintf("lease %s revoked", leaseID))
} }
func ctlV3LeaseTimeToLive(cx ctlCtx, leaseID string, withKeys bool) error {
cmdArgs := append(cx.PrefixArgs(), "lease", "timetolive", leaseID)
if withKeys {
cmdArgs = append(cmdArgs, "--keys")
}
return spawnWithExpect(cmdArgs, fmt.Sprintf("lease %s granted with", leaseID))
}