Merge pull request #7229 from Rushit/auth-tests

auth: Adding unit tests
2024-09-27 06:25:44 +00:00 · 2017-01-27 11:52:03 +09:00 · 2017-01-27 11:52:03 +09:00 · f127f462c6
commit f127f462c6
parent 75ae50a90f b1b78c537c
1 changed files with 245 additions and 2 deletions
--- a/auth/store_test.go
+++ b/auth/store_test.go
@ -16,12 +16,16 @@ package auth

 import (
 	"os"
+	"reflect"
 	"testing"

+	"github.com/coreos/etcd/auth/authpb"
 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
 	"github.com/coreos/etcd/mvcc/backend"
+
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/net/context"
+	"google.golang.org/grpc/metadata"
 )

 func init() { BcryptCost = bcrypt.MinCost }
@ -207,9 +211,248 @@ func TestUserGrant(t *testing.T) {
 	// grants a role to a non-existing user
 	_, err = as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo-test", Role: "role-test"})
 	if err == nil {
-		t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
+		t.Errorf("expected %v, got %v", ErrUserNotFound, err)
 	}
 	if err != ErrUserNotFound {
-		t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
+		t.Errorf("expected %v, got %v", ErrUserNotFound, err)
 	}
 }
+
+func TestGetUser(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	_, err := as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	u, err := as.UserGet(&pb.AuthUserGetRequest{Name: "foo"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if u == nil {
+		t.Fatal("expect user not nil, got nil")
+	}
+	expected := []string{"role-test"}
+	if !reflect.DeepEqual(expected, u.Roles) {
+		t.Errorf("expected %v, got %v", expected, u.Roles)
+	}
+}
+
+func TestListUsers(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	ua := &pb.AuthUserAddRequest{Name: "user1", Password: "pwd1"}
+	_, err := as.UserAdd(ua) // add a non-existing user
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ul, err := as.UserList(&pb.AuthUserListRequest{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !contains(ul.Users, "root") {
+		t.Errorf("expected %v in %v", "root", ul.Users)
+	}
+	if !contains(ul.Users, "user1") {
+		t.Errorf("expected %v in %v", "user1", ul.Users)
+	}
+}
+
+func TestRoleGrantPermission(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	_, err := as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	perm := &authpb.Permission{
+		PermType: authpb.WRITE,
+		Key:      []byte("Keys"),
+		RangeEnd: []byte("RangeEnd"),
+	}
+	_, err = as.RoleGrantPermission(&pb.AuthRoleGrantPermissionRequest{
+		Name: "role-test-1",
+		Perm: perm,
+	})
+
+	if err != nil {
+		t.Error(err)
+	}
+
+	r, err := as.RoleGet(&pb.AuthRoleGetRequest{Role: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(perm, r.Perm[0]) {
+		t.Errorf("expected %v, got %v", perm, r.Perm[0])
+	}
+}
+
+func TestRoleRevokePermission(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	_, err := as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	perm := &authpb.Permission{
+		PermType: authpb.WRITE,
+		Key:      []byte("Keys"),
+		RangeEnd: []byte("RangeEnd"),
+	}
+	_, err = as.RoleGrantPermission(&pb.AuthRoleGrantPermissionRequest{
+		Name: "role-test-1",
+		Perm: perm,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r, err := as.RoleGet(&pb.AuthRoleGetRequest{Role: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = as.RoleRevokePermission(&pb.AuthRoleRevokePermissionRequest{
+		Role:     "role-test-1",
+		Key:      "Keys",
+		RangeEnd: "RangeEnd",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r, err = as.RoleGet(&pb.AuthRoleGetRequest{Role: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(r.Perm) != 0 {
+		t.Errorf("expected %v, got %v", 0, len(r.Perm))
+	}
+}
+
+func TestUserRevokePermission(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	_, err := as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	u, err := as.UserGet(&pb.AuthUserGetRequest{Name: "foo"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := []string{"role-test", "role-test-1"}
+	if !reflect.DeepEqual(expected, u.Roles) {
+		t.Fatalf("expected %v, got %v", expected, u.Roles)
+	}
+
+	_, err = as.UserRevokeRole(&pb.AuthUserRevokeRoleRequest{Name: "foo", Role: "role-test-1"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	u, err = as.UserGet(&pb.AuthUserGetRequest{Name: "foo"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected = []string{"role-test"}
+	if !reflect.DeepEqual(expected, u.Roles) {
+		t.Errorf("expected %v, got %v", expected, u.Roles)
+	}
+}
+
+func TestRoleDelete(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	_, err := as.RoleDelete(&pb.AuthRoleDeleteRequest{Role: "role-test"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	rl, err := as.RoleList(&pb.AuthRoleListRequest{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	expected := []string{"root"}
+	if !reflect.DeepEqual(expected, rl.Roles) {
+		t.Errorf("expected %v, got %v", expected, rl.Roles)
+	}
+}
+
+func TestAuthInfoFromCtx(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	ctx := context.Background()
+	ai, err := as.AuthInfoFromCtx(ctx)
+	if err != nil && ai != nil {
+		t.Errorf("expected (nil, nil), got (%v, %v)", ai, err)
+	}
+
+	ctx = metadata.NewContext(context.Background(), metadata.New(map[string]string{"tokens": "dummy"}))
+	ai, err = as.AuthInfoFromCtx(ctx)
+	if err != nil && ai != nil {
+		t.Errorf("expected (nil, nil), got (%v, %v)", ai, err)
+	}
+
+	ctx = context.WithValue(context.WithValue(context.TODO(), "index", uint64(1)), "simpleToken", "dummy")
+	resp, err := as.Authenticate(ctx, "foo", "bar")
+	if err != nil {
+		t.Error(err)
+	}
+
+	ctx = metadata.NewContext(context.Background(), metadata.New(map[string]string{"token": "Invalid Token"}))
+	_, err = as.AuthInfoFromCtx(ctx)
+	if err != ErrInvalidAuthToken {
+		t.Errorf("expected %v, got %v", ErrInvalidAuthToken, err)
+	}
+
+	ctx = metadata.NewContext(context.Background(), metadata.New(map[string]string{"token": "Invalid.Token"}))
+	_, err = as.AuthInfoFromCtx(ctx)
+	if err != ErrInvalidAuthToken {
+		t.Errorf("expected %v, got %v", ErrInvalidAuthToken, err)
+	}
+
+	ctx = metadata.NewContext(context.Background(), metadata.New(map[string]string{"token": resp.Token}))
+	ai, err = as.AuthInfoFromCtx(ctx)
+	if err != nil {
+		t.Error(err)
+	}
+	if ai.Username != "foo" {
+		t.Errorf("expected %v, got %v", "foo", ai.Username)
+	}
+}
+
+func contains(array []string, str string) bool {
+	for _, s := range array {
+		if s == str {
+			return true
+		}
+	}
+	return false
+}