Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

v2http: allow empty role for GET /users

Fix https://github.com/coreos/etcd/issues/5246.
Gyu-Ho Lee 9 years ago
parent
879cfe7666
commit
3c2d0a229c
2 changed files with 84 additions and 11 deletions
Unified View Show Diff Stats
  1. 8 7
      etcdserver/api/v2http/client_auth.go
  2. 76 4
      etcdserver/api/v2http/client_auth_test.go

+ 8 - 7
etcdserver/api/v2http/client_auth.go
View File 

@@ -285,6 +285,10 @@ type userWithRoles struct {
 
 	Roles []auth.Role `json:"roles,omitempty"`
 
 	Roles []auth.Role `json:"roles,omitempty"`
 
 }
 
 }
 
 
 
+type usersCollections struct {
 
+	Users []userWithRoles `json:"users"`
 
+}
 
+
 
 func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
 
 func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
 
 	if !allowMethod(w, r.Method, "GET") {
 
 	if !allowMethod(w, r.Method, "GET") {
 
 		return
 
 		return
 
@@ -311,9 +315,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
 
 		return
 
 		return
 
 	}
 
 	}
 
 
 
-	var usersCollections struct {
 
-		Users []userWithRoles `json:"users"`
 
-	}
 
+	ucs := usersCollections{}
 
 	for _, userName := range users {
 
 	for _, userName := range users {
 
 		var user auth.User
 
 		var user auth.User
 
 		user, err = sh.sec.GetUser(userName)
 
 		user, err = sh.sec.GetUser(userName)
 
@@ -327,15 +329,14 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
 
 			var role auth.Role
 
 			var role auth.Role
 
 			role, err = sh.sec.GetRole(roleName)
 
 			role, err = sh.sec.GetRole(roleName)
 
 			if err != nil {
 
 			if err != nil {
 
-				writeError(w, r, err)
 
-				return
 
+				continue
 
 			}
 
 			}
 
 			uwr.Roles = append(uwr.Roles, role)
 
 			uwr.Roles = append(uwr.Roles, role)
 
 		}
 
 		}
 
 
 
-		usersCollections.Users = append(usersCollections.Users, uwr)
 
+		ucs.Users = append(ucs.Users, uwr)
 
 	}
 
 	}
 
-	err = json.NewEncoder(w).Encode(usersCollections)
 
+	err = json.NewEncoder(w).Encode(ucs)
 
 
 
 	if err != nil {
 
 	if err != nil {
 
 		plog.Warningf("baseUsers error encoding on %s", r.URL)
 
 		plog.Warningf("baseUsers error encoding on %s", r.URL)

+ 76 - 4
etcdserver/api/v2http/client_auth_test.go
View File 

@@ -15,10 +15,14 @@
 
 package v2http
 
 package v2http
 
 
 
 import (
 
 import (
 
+	"encoding/json"
 
 	"errors"
 
 	"errors"
 
+	"fmt"
 
 	"net/http"
 
 	"net/http"
 
 	"net/http/httptest"
 
 	"net/http/httptest"
 
+	"net/url"
 
 	"path"
 
 	"path"
 
+	"sort"
 
 	"strings"
 
 	"strings"
 
 	"testing"
 
 	"testing"
 
 
 
@@ -43,7 +47,14 @@ type mockAuthStore struct {
 
 	enabled bool
 
 	enabled bool
 
 }
 
 }
 
 
 
-func (s *mockAuthStore) AllUsers() ([]string, error) { return []string{"alice", "bob", "root"}, s.err }
 
+func (s *mockAuthStore) AllUsers() ([]string, error) {
 
+	var us []string
 
+	for u := range s.users {
 
+		us = append(us, u)
 
+	}
 
+	sort.Strings(us)
 
+	return us, s.err
 
+}
 
 func (s *mockAuthStore) GetUser(name string) (auth.User, error) {
 
 func (s *mockAuthStore) GetUser(name string) (auth.User, error) {
 
 	u, ok := s.users[name]
 
 	u, ok := s.users[name]
 
 	if !ok {
 
 	if !ok {
 
@@ -67,9 +78,15 @@ func (s *mockAuthStore) UpdateUser(user auth.User) (auth.User, error) {
 
 func (s *mockAuthStore) AllRoles() ([]string, error) {
 
 func (s *mockAuthStore) AllRoles() ([]string, error) {
 
 	return []string{"awesome", "guest", "root"}, s.err
 
 	return []string{"awesome", "guest", "root"}, s.err
 
 }
 
 }
 
-func (s *mockAuthStore) GetRole(name string) (auth.Role, error) { return *s.roles[name], s.err }
 
-func (s *mockAuthStore) CreateRole(role auth.Role) error        { return s.err }
 
-func (s *mockAuthStore) DeleteRole(name string) error           { return s.err }
 
+func (s *mockAuthStore) GetRole(name string) (auth.Role, error) {
 
+	r, ok := s.roles[name]
 
+	if ok {
 
+		return *r, s.err
 
+	}
 
+	return auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err)
 
+}
 
+func (s *mockAuthStore) CreateRole(role auth.Role) error { return s.err }
 
+func (s *mockAuthStore) DeleteRole(name string) error    { return s.err }
 
 func (s *mockAuthStore) UpdateRole(role auth.Role) (auth.Role, error) {
 
 func (s *mockAuthStore) UpdateRole(role auth.Role) (auth.Role, error) {
 
 	return *s.roles[role.Role], s.err
 
 	return *s.roles[role.Role], s.err
 
 }
 
 }
 
@@ -361,6 +378,61 @@ func TestAuthFlow(t *testing.T) {
 
 	}
 
 	}
 
 }
 
 }
 
 
 
+func TestGetUserGrantedWithNonexistingRole(t *testing.T) {
 
+	sh := &authHandler{
 
+		sec: &mockAuthStore{
 
+			users: map[string]*auth.User{
 
+				"root": {
 
+					User:  "root",
 
+					Roles: []string{"root", "foo"},
 
+				},
 
+			},
 
+			roles: map[string]*auth.Role{
 
+				"root": {
 
+					Role: "root",
 
+				},
 
+			},
 
+		},
 
+		cluster: &fakeCluster{id: 1},
 
+	}
 
+	srv := httptest.NewServer(http.HandlerFunc(sh.baseUsers))
 
+	defer srv.Close()
 
+
 
+	req, err := http.NewRequest("GET", "", nil)
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	req.URL, err = url.Parse(srv.URL)
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	req.Header.Set("Content-Type", "application/json")
 
+
 
+	cli := http.DefaultClient
 
+	resp, err := cli.Do(req)
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	defer resp.Body.Close()
 
+
 
+	var uc usersCollections
 
+	if err := json.NewDecoder(resp.Body).Decode(&uc); err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	if len(uc.Users) != 1 {
 
+		t.Fatalf("expected 1 user, got %+v", uc.Users)
 
+	}
 
+	if uc.Users[0].User != "root" {
 
+		t.Fatalf("expected 'root', got %q", uc.Users[0].User)
 
+	}
 
+	if len(uc.Users[0].Roles) != 1 {
 
+		t.Fatalf("expected 1 role, got %+v", uc.Users[0].Roles)
 
+	}
 
+	if uc.Users[0].Roles[0].Role != "root" {
 
+		t.Fatalf("expected 'root', got %q", uc.Users[0].Roles[0].Role)
 
+	}
 
+}
 
+
 
 func mustAuthRequest(method, username, password string) *http.Request {
 
 func mustAuthRequest(method, username, password string) *http.Request {
 
 	req, err := http.NewRequest(method, "path", strings.NewReader(""))
 
 	req, err := http.NewRequest(method, "path", strings.NewReader(""))
 
 	if err != nil {
 
 	if err != nil {