|
|
@@ -0,0 +1,206 @@
|
|
|
+// Copyright 2016 CoreOS, Inc.
|
|
|
+//
|
|
|
+// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
+// you may not use this file except in compliance with the License.
|
|
|
+// You may obtain a copy of the License at
|
|
|
+//
|
|
|
+// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
+//
|
|
|
+// Unless required by applicable law or agreed to in writing, software
|
|
|
+// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
+// See the License for the specific language governing permissions and
|
|
|
+// limitations under the License.
|
|
|
+
|
|
|
+package auth
|
|
|
+
|
|
|
+import (
|
|
|
+ "os"
|
|
|
+ "testing"
|
|
|
+
|
|
|
+ pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
|
|
|
+ "github.com/coreos/etcd/mvcc/backend"
|
|
|
+)
|
|
|
+
|
|
|
+func TestUserAdd(t *testing.T) {
|
|
|
+ b, tPath := backend.NewDefaultTmpBackend()
|
|
|
+ defer func() {
|
|
|
+ b.Close()
|
|
|
+ os.Remove(tPath)
|
|
|
+ }()
|
|
|
+
|
|
|
+ as := NewAuthStore(b)
|
|
|
+ ua := &pb.AuthUserAddRequest{Name: "foo"}
|
|
|
+ _, err := as.UserAdd(ua) // add a non-existing user
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+ _, err = as.UserAdd(ua) // add an existing user
|
|
|
+ if err == nil {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserAlreadyExist, err)
|
|
|
+ }
|
|
|
+ if err != ErrUserAlreadyExist {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserAlreadyExist, err)
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+func TestAuthenticate(t *testing.T) {
|
|
|
+ b, tPath := backend.NewDefaultTmpBackend()
|
|
|
+ defer func() {
|
|
|
+ b.Close()
|
|
|
+ os.Remove(tPath)
|
|
|
+ }()
|
|
|
+
|
|
|
+ as := NewAuthStore(b)
|
|
|
+
|
|
|
+ ua := &pb.AuthUserAddRequest{Name: "foo", Password: "bar"}
|
|
|
+ _, err := as.UserAdd(ua)
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // auth a non-existing user
|
|
|
+ _, err = as.Authenticate("foo-test", "bar")
|
|
|
+ if err == nil {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrAuthFailed, err)
|
|
|
+ }
|
|
|
+ if err != ErrAuthFailed {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrAuthFailed, err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // auth an existing user with correct password
|
|
|
+ _, err = as.Authenticate("foo", "bar")
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // auth an existing user but with wrong password
|
|
|
+ _, err = as.Authenticate("foo", "")
|
|
|
+ if err == nil {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrAuthFailed, err)
|
|
|
+ }
|
|
|
+ if err != ErrAuthFailed {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrAuthFailed, err)
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+func TestUserDelete(t *testing.T) {
|
|
|
+ b, tPath := backend.NewDefaultTmpBackend()
|
|
|
+ defer func() {
|
|
|
+ b.Close()
|
|
|
+ os.Remove(tPath)
|
|
|
+ }()
|
|
|
+
|
|
|
+ as := NewAuthStore(b)
|
|
|
+
|
|
|
+ ua := &pb.AuthUserAddRequest{Name: "foo"}
|
|
|
+ _, err := as.UserAdd(ua)
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // delete an existing user
|
|
|
+ ud := &pb.AuthUserDeleteRequest{Name: "foo"}
|
|
|
+ _, err = as.UserDelete(ud)
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // delete a non-existing user
|
|
|
+ _, err = as.UserDelete(ud)
|
|
|
+ if err == nil {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
|
|
|
+ }
|
|
|
+ if err != ErrUserNotFound {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+func TestUserChangePassword(t *testing.T) {
|
|
|
+ b, tPath := backend.NewDefaultTmpBackend()
|
|
|
+ defer func() {
|
|
|
+ b.Close()
|
|
|
+ os.Remove(tPath)
|
|
|
+ }()
|
|
|
+
|
|
|
+ as := NewAuthStore(b)
|
|
|
+
|
|
|
+ _, err := as.UserAdd(&pb.AuthUserAddRequest{Name: "foo"})
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+ _, err = as.Authenticate("foo", "")
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ _, err = as.UserChangePassword(&pb.AuthUserChangePasswordRequest{Name: "foo", Password: "bar"})
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+ _, err = as.Authenticate("foo", "bar")
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // change a non-existing user
|
|
|
+ _, err = as.UserChangePassword(&pb.AuthUserChangePasswordRequest{Name: "foo-test", Password: "bar"})
|
|
|
+ if err == nil {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
|
|
|
+ }
|
|
|
+ if err != ErrUserNotFound {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+func TestRoleAdd(t *testing.T) {
|
|
|
+ b, tPath := backend.NewDefaultTmpBackend()
|
|
|
+ defer func() {
|
|
|
+ b.Close()
|
|
|
+ os.Remove(tPath)
|
|
|
+ }()
|
|
|
+
|
|
|
+ as := NewAuthStore(b)
|
|
|
+
|
|
|
+ // adds a new role
|
|
|
+ _, err := as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test"})
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+func TestUserGrant(t *testing.T) {
|
|
|
+ b, tPath := backend.NewDefaultTmpBackend()
|
|
|
+ defer func() {
|
|
|
+ b.Close()
|
|
|
+ os.Remove(tPath)
|
|
|
+ }()
|
|
|
+
|
|
|
+ as := NewAuthStore(b)
|
|
|
+
|
|
|
+ _, err := as.UserAdd(&pb.AuthUserAddRequest{Name: "foo"})
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // adds a new role
|
|
|
+ _, err = as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test"})
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // grants a role to the user
|
|
|
+ _, err = as.UserGrant(&pb.AuthUserGrantRequest{User: "foo", Role: "role-test"})
|
|
|
+ if err != nil {
|
|
|
+ t.Fatal(err)
|
|
|
+ }
|
|
|
+
|
|
|
+ // grants a role to a non-existing user
|
|
|
+ _, err = as.UserGrant(&pb.AuthUserGrantRequest{User: "foo-test", Role: "role-test"})
|
|
|
+ if err == nil {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
|
|
|
+ }
|
|
|
+ if err != ErrUserNotFound {
|
|
|
+ t.Fatalf("expected %v, got %v", ErrUserNotFound, err)
|
|
|
+ }
|
|
|
+}
|
Gyu-Ho Lee