Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

e2e: add a test case for the --open-ended option

Hitoshi Mitake 8 years ago
parent
0a7fc7cd34
commit
a204b14503
2 changed files with 69 additions and 3 deletions
Unified View Show Diff Stats
  1. 53 1
      e2e/ctl_v3_auth_test.go
  2. 16 2
      e2e/ctl_v3_role_test.go

+ 53 - 1
e2e/ctl_v3_auth_test.go
View File 

@@ -37,6 +37,7 @@ func TestCtlV3AuthMemberUpdate(t *testing.T)     { testCtl(t, authTestMemberUpda
 
 func TestCtlV3AuthCertCN(t *testing.T)           { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) }
 
 func TestCtlV3AuthCertCN(t *testing.T)           { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) }
 
 func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWithDelete) }
 
 func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWithDelete) }
 
 func TestCtlV3AuthInvalidMgmt(t *testing.T)      { testCtl(t, authTestInvalidMgmt) }
 
 func TestCtlV3AuthInvalidMgmt(t *testing.T)      { testCtl(t, authTestInvalidMgmt) }
 
+func TestCtlV3AuthFromKeyPerm(t *testing.T)      { testCtl(t, authTestFromKeyPerm) }
 
 
 
 func authEnableTest(cx ctlCtx) {
 
 func authEnableTest(cx ctlCtx) {
 
 	if err := authEnable(cx); err != nil {
 
 	if err := authEnable(cx); err != nil {
 
@@ -199,7 +200,7 @@ func authRoleUpdateTest(cx ctlCtx) {
 
 
 
 	// revoke the newly granted key
 
 	// revoke the newly granted key
 
 	cx.user, cx.pass = "root", "root"
 
 	cx.user, cx.pass = "root", "root"
 
-	if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", ""); err != nil {
 
+	if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", "", false); err != nil {
 
 		cx.t.Fatal(err)
 
 		cx.t.Fatal(err)
 
 	}
 
 	}
 
 
 
@@ -613,3 +614,54 @@ func authTestInvalidMgmt(cx ctlCtx) {
 
 		cx.t.Fatal("revoking the role root from the user root must not be allowed")
 
 		cx.t.Fatal("revoking the role root from the user root must not be allowed")
 
 	}
 
 	}
 
 }
 
 }
 
+
 
+func authTestFromKeyPerm(cx ctlCtx) {
 
+	if err := authEnable(cx); err != nil {
 
+		cx.t.Fatal(err)
 
+	}
 
+
 
+	cx.user, cx.pass = "root", "root"
 
+	authSetupTestUser(cx)
 
+
 
+	// grant keys after z to test-user
 
+	cx.user, cx.pass = "root", "root"
 
+	if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}); err != nil {
 
+		cx.t.Fatal(err)
 
+	}
 
+
 
+	// try the granted open ended permission
 
+	cx.user, cx.pass = "test-user", "pass"
 
+	for i := 0; i < 10; i++ {
 
+		key := fmt.Sprintf("z%d", i)
 
+		if err := ctlV3Put(cx, key, "val", ""); err != nil {
 
+			cx.t.Fatal(err)
 
+		}
 
+	}
 
+	largeKey := ""
 
+	for i := 0; i < 10; i++ {
 
+		largeKey += "\xff"
 
+		if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
 
+			cx.t.Fatal(err)
 
+		}
 
+	}
 
+
 
+	// try a non granted key
 
+	if err := ctlV3PutFailPerm(cx, "x", "baz"); err != nil {
 
+		cx.t.Fatal(err)
 
+	}
 
+
 
+	// revoke the open ended permission
 
+	cx.user, cx.pass = "root", "root"
 
+	if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
 
+		cx.t.Fatal(err)
 
+	}
 
+
 
+	// try the revoked open ended permission
 
+	cx.user, cx.pass = "test-user", "pass"
 
+	for i := 0; i < 10; i++ {
 
+		key := fmt.Sprintf("z%d", i)
 
+		if err := ctlV3PutFailPerm(cx, key, "val"); err != nil {
 
+			cx.t.Fatal(err)
 
+		}
 
+	}
 
+}

+ 16 - 2
e2e/ctl_v3_role_test.go
View File 

@@ -103,7 +103,10 @@ func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) err
 
 	cmdArgs := append(cx.PrefixArgs(), "role", "grant-permission")
 
 	cmdArgs := append(cx.PrefixArgs(), "role", "grant-permission")
 
 	if perm.prefix {
 
 	if perm.prefix {
 
 		cmdArgs = append(cmdArgs, "--prefix")
 
 		cmdArgs = append(cmdArgs, "--prefix")
 
+	} else if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
 
+		cmdArgs = append(cmdArgs, "--from-key")
 
 	}
 
 	}
 
+
 
 	cmdArgs = append(cmdArgs, rolename)
 
 	cmdArgs = append(cmdArgs, rolename)
 
 	cmdArgs = append(cmdArgs, grantingPermToArgs(perm)...)
 
 	cmdArgs = append(cmdArgs, grantingPermToArgs(perm)...)
 
 
 
@@ -117,12 +120,19 @@ func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) err
 
 	return err
 
 	return err
 
 }
 
 }
 
 
 
-func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string) error {
 
+func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string, fromKey bool) error {
 
 	cmdArgs := append(cx.PrefixArgs(), "role", "revoke-permission")
 
 	cmdArgs := append(cx.PrefixArgs(), "role", "revoke-permission")
 
 	cmdArgs = append(cmdArgs, rolename)
 
 	cmdArgs = append(cmdArgs, rolename)
 
 	cmdArgs = append(cmdArgs, key)
 
 	cmdArgs = append(cmdArgs, key)
 
+	expStr := ""
 
 	if len(rangeEnd) != 0 {
 
 	if len(rangeEnd) != 0 {
 
 		cmdArgs = append(cmdArgs, rangeEnd)
 
 		cmdArgs = append(cmdArgs, rangeEnd)
 
+		expStr = fmt.Sprintf("Permission of range [%s, %s) is revoked from role %s", key, rangeEnd, rolename)
 
+	} else if fromKey {
 
+		cmdArgs = append(cmdArgs, "--from-key")
 
+		expStr = fmt.Sprintf("Permission of range [%s, <open ended> is revoked from role %s", key, rolename)
 
+	} else {
 
+		expStr = fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
 
 	}
 
 	}
 
 
 
 	proc, err := spawnCmd(cmdArgs)
 
 	proc, err := spawnCmd(cmdArgs)
 
@@ -130,7 +140,6 @@ func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string)
 
 		return err
 
 		return err
 
 	}
 
 	}
 
 
 
-	expStr := fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
 
 	_, err = proc.Expect(expStr)
 
 	_, err = proc.Expect(expStr)
 
 	return err
 
 	return err
 
 }
 
 }
 
@@ -161,5 +170,10 @@ func grantingPermToArgs(perm grantingPerm) []string {
 
 	if len(perm.rangeEnd) == 0 {
 
 	if len(perm.rangeEnd) == 0 {
 
 		return []string{permstr, perm.key}
 
 		return []string{permstr, perm.key}
 
 	}
 
 	}
 
+
 
+	if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
 
+		return []string{permstr, perm.key}
 
+	}
 
+
 
 	return []string{permstr, perm.key, perm.rangeEnd}
 
 	return []string{permstr, perm.key, perm.rangeEnd}
 
 }
 
 }