пре 8 година · 2a54e32819
--- a/e2e/cluster_test.go
+++ b/e2e/cluster_test.go
@@ -78,6 +78,11 @@ var (
 
				 		initialToken:          "new",
			
 
				 		clientCertAuthEnabled: true,
			
 
				 	}
			
 
				+	configJWT = etcdProcessClusterConfig{
			
 
				+		clusterSize:   1,
			
 
				+		initialToken:  "new",
			
 
				+		authTokenOpts: "jwt,pub-key=../integration/fixtures/server.crt,priv-key=../integration/fixtures/server.key.insecure,sign-method=RS256,ttl=1s",
			
 
				+	}
			
 
				 )
			
 
				 
			
 
				 func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig {
			
@@ -117,6 +122,7 @@ type etcdProcessClusterConfig struct {
 
				 	quotaBackendBytes   int64
			
 
				 	noStrictReconfig    bool
			
 
				 	initialCorruptCheck bool
			
 
				+	authTokenOpts       string
			
 
				 }
			
 
				 
			
 
				 // newEtcdProcessCluster launches a new cluster from etcd processes, returning
			
@@ -238,6 +244,11 @@ func (cfg *etcdProcessClusterConfig) etcdServerProcessConfigs() []*etcdServerPro
 
				 		}
			
 
				 
			
 
				 		args = append(args, cfg.tlsArgs()...)
			
 
				+
			
 
				+		if cfg.authTokenOpts != "" {
			
 
				+			args = append(args, "--auth-token", cfg.authTokenOpts)
			
 
				+		}
			
 
				+
			
 
				 		etcdCfgs[i] = &etcdServerProcessConfig{
			
 
				 			execPath:     cfg.execPath,
			
 
				 			args:         args,
			
--- a/e2e/ctl_v3_auth_test.go
+++ b/e2e/ctl_v3_auth_test.go
@@ -18,6 +18,7 @@ import (
 
				 	"fmt"
			
 
				 	"os"
			
 
				 	"testing"
			
 
				+	"time"
			
 
				 
			
 
				 	"github.com/coreos/etcd/clientv3"
			
 
				 )
			
@@ -58,6 +59,7 @@ func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }
 
				 func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
			
 
				 	testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth))
			
 
				 }
			
 
				+func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) }
			
 
				 
			
 
				 func authEnableTest(cx ctlCtx) {
			
 
				 	if err := authEnable(cx); err != nil {
			
@@ -1073,3 +1075,24 @@ func authTestCertCNAndUsername(cx ctlCtx) {
 
				 		cx.t.Error(err)
			
 
				 	}
			
 
				 }
			
 
				+
			
 
				+func authTestJWTExpire(cx ctlCtx) {
			
 
				+	if err := authEnable(cx); err != nil {
			
 
				+		cx.t.Fatal(err)
			
 
				+	}
			
 
				+
			
 
				+	cx.user, cx.pass = "root", "root"
			
 
				+	authSetupTestUser(cx)
			
 
				+
			
 
				+	// try a granted key
			
 
				+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
			
 
				+		cx.t.Error(err)
			
 
				+	}
			
 
				+
			
 
				+	// wait an expiration of my JWT token
			
 
				+	<-time.After(3 * time.Second)
			
 
				+
			
 
				+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
			
 
				+		cx.t.Error(err)
			
 
				+	}
			
 
				+}