#!/bin/sh rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data /etc/init.d/bind9 start # get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost cat /dev/null >/etc/hosts goreman -f /certs-common-name-auth/Procfile start & # TODO: remove random sleeps sleep 7s ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379 \ endpoint health --cluster ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ put abc def ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ get abc sleep 1s && printf "\n" echo "Step 1. creating root role" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ role add root sleep 1s && printf "\n" echo "Step 2. granting readwrite 'foo' permission to role 'root'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ role grant-permission root readwrite foo sleep 1s && printf "\n" echo "Step 3. getting role 'root'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ role get root sleep 1s && printf "\n" echo "Step 4. creating user 'root'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --interactive=false \ user add root:123 sleep 1s && printf "\n" echo "Step 5. granting role 'root' to user 'root'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ user grant-role root root sleep 1s && printf "\n" echo "Step 6. getting user 'root'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ user get root sleep 1s && printf "\n" echo "Step 7. enabling auth" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ auth enable sleep 1s && printf "\n" echo "Step 8. writing 'foo' with 'root:123'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ put foo bar sleep 1s && printf "\n" echo "Step 9. writing 'aaa' with 'root:123'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ put aaa bbb sleep 1s && printf "\n" echo "Step 10. writing 'foo' without 'root:123'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ put foo bar sleep 1s && printf "\n" echo "Step 11. reading 'foo' with 'root:123'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ get foo sleep 1s && printf "\n" echo "Step 12. reading 'aaa' with 'root:123'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ get aaa sleep 1s && printf "\n" echo "Step 13. creating a new user 'test-common-name:test-pass'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ --interactive=false \ user add test-common-name:test-pass sleep 1s && printf "\n" echo "Step 14. creating a role 'test-role'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ role add test-role sleep 1s && printf "\n" echo "Step 15. granting readwrite 'aaa' --prefix permission to role 'test-role'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ role grant-permission test-role readwrite aaa --prefix sleep 1s && printf "\n" echo "Step 16. getting role 'test-role'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ role get test-role sleep 1s && printf "\n" echo "Step 17. granting role 'test-role' to user 'test-common-name'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=root:123 \ user grant-role test-common-name test-role sleep 1s && printf "\n" echo "Step 18. writing 'aaa' with 'test-common-name:test-pass'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=test-common-name:test-pass \ put aaa bbb sleep 1s && printf "\n" echo "Step 19. writing 'bbb' with 'test-common-name:test-pass'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=test-common-name:test-pass \ put bbb bbb sleep 1s && printf "\n" echo "Step 20. reading 'aaa' with 'test-common-name:test-pass'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=test-common-name:test-pass \ get aaa sleep 1s && printf "\n" echo "Step 21. reading 'bbb' with 'test-common-name:test-pass'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ --user=test-common-name:test-pass \ get bbb sleep 1s && printf "\n" echo "Step 22. writing 'aaa' with CommonName 'test-common-name'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ put aaa ccc sleep 1s && printf "\n" echo "Step 23. reading 'aaa' with CommonName 'test-common-name'" ETCDCTL_API=3 ./etcdctl \ --cacert=/certs-common-name-auth/ca.crt \ --cert=/certs-common-name-auth/server.crt \ --key=/certs-common-name-auth/server.key.insecure \ --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ get aaa