Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

e2e: add a test case of JWT token expiration

Hitoshi Mitake 8 years ago
parent
8fd01f56d6
commit
2a54e32819
2 changed files with 34 additions and 0 deletions
Unified View Show Diff Stats
  1. 11 0
      e2e/cluster_test.go
  2. 23 0
      e2e/ctl_v3_auth_test.go

+ 11 - 0
e2e/cluster_test.go
View File 

@@ -78,6 +78,11 @@ var (
 
 		initialToken:          "new",
 
 		initialToken:          "new",
 
 		clientCertAuthEnabled: true,
 
 		clientCertAuthEnabled: true,
 
 	}
 
 	}
 
+	configJWT = etcdProcessClusterConfig{
 
+		clusterSize:   1,
 
+		initialToken:  "new",
 
+		authTokenOpts: "jwt,pub-key=../integration/fixtures/server.crt,priv-key=../integration/fixtures/server.key.insecure,sign-method=RS256,ttl=1s",
 
+	}
 
 )
 
 )
 
 
 
 func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig {
 
 func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig {
 
@@ -117,6 +122,7 @@ type etcdProcessClusterConfig struct {
 
 	quotaBackendBytes   int64
 
 	quotaBackendBytes   int64
 
 	noStrictReconfig    bool
 
 	noStrictReconfig    bool
 
 	initialCorruptCheck bool
 
 	initialCorruptCheck bool
 
+	authTokenOpts       string
 
 }
 
 }
 
 
 
 // newEtcdProcessCluster launches a new cluster from etcd processes, returning
 
 // newEtcdProcessCluster launches a new cluster from etcd processes, returning
 
@@ -238,6 +244,11 @@ func (cfg *etcdProcessClusterConfig) etcdServerProcessConfigs() []*etcdServerPro
 
 		}
 
 		}
 
 
 
 		args = append(args, cfg.tlsArgs()...)
 
 		args = append(args, cfg.tlsArgs()...)
 
+
 
+		if cfg.authTokenOpts != "" {
 
+			args = append(args, "--auth-token", cfg.authTokenOpts)
 
+		}
 
+
 
 		etcdCfgs[i] = &etcdServerProcessConfig{
 
 		etcdCfgs[i] = &etcdServerProcessConfig{
 
 			execPath:     cfg.execPath,
 
 			execPath:     cfg.execPath,
 
 			args:         args,
 
 			args:         args,

+ 23 - 0
e2e/ctl_v3_auth_test.go
View File 

@@ -18,6 +18,7 @@ import (
 
 	"fmt"
 
 	"fmt"
 
 	"os"
 
 	"os"
 
 	"testing"
 
 	"testing"
 
+	"time"
 
 
 
 	"github.com/coreos/etcd/clientv3"
 
 	"github.com/coreos/etcd/clientv3"
 
 )
 
 )
 
@@ -58,6 +59,7 @@ func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }
 
 func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
 
 func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
 
 	testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth))
 
 	testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth))
 
 }
 
 }
 
+func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) }
 
 
 
 func authEnableTest(cx ctlCtx) {
 
 func authEnableTest(cx ctlCtx) {
 
 	if err := authEnable(cx); err != nil {
 
 	if err := authEnable(cx); err != nil {
 
@@ -1073,3 +1075,24 @@ func authTestCertCNAndUsername(cx ctlCtx) {
 
 		cx.t.Error(err)
 
 		cx.t.Error(err)
 
 	}
 
 	}
 
 }
 
 }
 
+
 
+func authTestJWTExpire(cx ctlCtx) {
 
+	if err := authEnable(cx); err != nil {
 
+		cx.t.Fatal(err)
 
+	}
 
+
 
+	cx.user, cx.pass = "root", "root"
 
+	authSetupTestUser(cx)
 
+
 
+	// try a granted key
 
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
 
+		cx.t.Error(err)
 
+	}
 
+
 
+	// wait an expiration of my JWT token
 
+	<-time.After(3 * time.Second)
 
+
 
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
 
+		cx.t.Error(err)
 
+	}
 
+}