From a7da508ff6e0297284972189989c206957c5f292 Mon Sep 17 00:00:00 2001 From: Chao Chen Date: Wed, 14 Dec 2022 15:17:35 -0800 Subject: [PATCH] tests/common: migrate auth tests #1 Signed-off-by: Chao Chen --- tests/common/auth_test.go | 65 ++++++++++++++++++++++++++++++ tests/e2e/ctl_v3_auth_test.go | 76 ----------------------------------- 2 files changed, 65 insertions(+), 76 deletions(-) diff --git a/tests/common/auth_test.go b/tests/common/auth_test.go index bdd92b01783..e9de1fecdd3 100644 --- a/tests/common/auth_test.go +++ b/tests/common/auth_test.go @@ -65,3 +65,68 @@ func TestAuthDisable(t *testing.T) { } }) } + +func TestAuthGracefulDisable(t *testing.T) { + testRunner.BeforeTest(t) + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(config.ClusterConfig{ClusterSize: 1})) + defer clus.Close() + cc := testutils.MustClient(clus.Client()) + testutils.ExecuteUntil(ctx, t, func() { + require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth") + donec := make(chan struct{}) + rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword))) + + go func() { + defer close(donec) + // sleep a bit to let the watcher connects while auth is still enabled + time.Sleep(time.Second) + // now disable auth... + if err := rootAuthClient.AuthDisable(ctx); err != nil { + t.Errorf("failed to auth disable %v", err) + return + } + // ...and restart the node + clus.Members()[0].Stop() + if err := clus.Members()[0].Start(ctx); err != nil { + t.Errorf("failed to restart member %v", err) + return + } + // the watcher should still work after reconnecting + require.NoErrorf(t, rootAuthClient.Put(ctx, "key", "value", config.PutOptions{}), "failed to put key value") + }() + + wCtx, wCancel := context.WithCancel(ctx) + defer wCancel() + + watchCh := rootAuthClient.Watch(wCtx, "key", config.WatchOptions{Revision: 1}) + wantedLen := 1 + watchTimeout := 10 * time.Second + wanted := []testutils.KV{{Key: "key", Val: "value"}} + kvs, err := testutils.KeyValuesFromWatchChan(watchCh, wantedLen, watchTimeout) + require.NoErrorf(t, err, "failed to get key-values from watch channel %s", err) + require.Equal(t, wanted, kvs) + <-donec + }) +} + +func TestAuthStatus(t *testing.T) { + testRunner.BeforeTest(t) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + clus := testRunner.NewCluster(ctx, t, config.WithClusterConfig(config.ClusterConfig{ClusterSize: 1})) + defer clus.Close() + cc := testutils.MustClient(clus.Client()) + testutils.ExecuteUntil(ctx, t, func() { + resp, err := cc.AuthStatus(ctx) + require.NoError(t, err) + require.Falsef(t, resp.Enabled, "want auth not enabled but enabled") + + require.NoErrorf(t, setupAuth(cc, []authRole{}, []authUser{rootUser}), "failed to enable auth") + rootAuthClient := testutils.MustClient(clus.Client(WithAuth(rootUserName, rootPassword))) + resp, err = rootAuthClient.AuthStatus(ctx) + require.NoError(t, err) + require.Truef(t, resp.Enabled, "want enabled but got not enabled") + }) +} diff --git a/tests/e2e/ctl_v3_auth_test.go b/tests/e2e/ctl_v3_auth_test.go index 8c3d01f91ae..e2d7a4df2be 100644 --- a/tests/e2e/ctl_v3_auth_test.go +++ b/tests/e2e/ctl_v3_auth_test.go @@ -26,8 +26,6 @@ import ( "go.etcd.io/etcd/tests/v3/framework/e2e" ) -func TestCtlV3AuthGracefulDisable(t *testing.T) { testCtl(t, authGracefulDisableTest) } -func TestCtlV3AuthStatus(t *testing.T) { testCtl(t, authStatusTest) } func TestCtlV3AuthWriteKey(t *testing.T) { testCtl(t, authCredWriteKeyTest) } func TestCtlV3AuthRoleUpdate(t *testing.T) { testCtl(t, authRoleUpdateTest) } func TestCtlV3AuthUserDeleteDuringOps(t *testing.T) { testCtl(t, authUserDeleteDuringOpsTest) } @@ -93,80 +91,6 @@ func ctlV3AuthEnable(cx ctlCtx) error { return e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "Authentication Enabled") } -func authGracefulDisableTest(cx ctlCtx) { - if err := authEnable(cx); err != nil { - cx.t.Fatal(err) - } - - cx.user, cx.pass = "root", "root" - - donec := make(chan struct{}) - - go func() { - defer close(donec) - - // sleep a bit to let the watcher connects while auth is still enabled - time.Sleep(time.Second) - - // now disable auth... - if err := ctlV3AuthDisable(cx); err != nil { - cx.t.Fatalf("authGracefulDisableTest ctlV3AuthDisable error (%v)", err) - } - - // ...and restart the node - node0 := cx.epc.Procs[0] - if rerr := node0.Restart(context.TODO()); rerr != nil { - cx.t.Fatal(rerr) - } - - // the watcher should still work after reconnecting - if perr := ctlV3Put(cx, "key", "value", ""); perr != nil { - cx.t.Errorf("authGracefulDisableTest ctlV3Put error (%v)", perr) - } - }() - - err := ctlV3Watch(cx, []string{"key"}, kvExec{key: "key", val: "value"}) - - if err != nil { - if cx.dialTimeout > 0 && !isGRPCTimedout(err) { - cx.t.Errorf("authGracefulDisableTest ctlV3Watch error (%v)", err) - } - } - - <-donec -} - -func ctlV3AuthDisable(cx ctlCtx) error { - cmdArgs := append(cx.PrefixArgs(), "auth", "disable") - return e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "Authentication Disabled") -} - -func authStatusTest(cx ctlCtx) { - cmdArgs := append(cx.PrefixArgs(), "auth", "status") - if err := e2e.SpawnWithExpects(cmdArgs, cx.envMap, "Authentication Status: false", "AuthRevision:"); err != nil { - cx.t.Fatal(err) - } - - if err := authEnable(cx); err != nil { - cx.t.Fatal(err) - } - - cx.user, cx.pass = "root", "root" - cmdArgs = append(cx.PrefixArgs(), "auth", "status") - - if err := e2e.SpawnWithExpects(cmdArgs, cx.envMap, "Authentication Status: true", "AuthRevision:"); err != nil { - cx.t.Fatal(err) - } - - cmdArgs = append(cx.PrefixArgs(), "auth", "status", "--write-out", "json") - if err := e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "enabled"); err != nil { - cx.t.Fatal(err) - } - if err := e2e.SpawnWithExpectWithEnv(cmdArgs, cx.envMap, "authRevision"); err != nil { - cx.t.Fatal(err) - } -} - func authCredWriteKeyTest(cx ctlCtx) { // baseline key to check for failed puts if err := ctlV3Put(cx, "foo", "a", ""); err != nil {