123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 |
- // Copyright 2016 The etcd Authors
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- // http://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
- package e2e
- import (
- "fmt"
- "testing"
- )
- func TestCtlV3RoleAdd(t *testing.T) { testCtl(t, roleAddTest) }
- func TestCtlV3RoleAddNoTLS(t *testing.T) { testCtl(t, roleAddTest, withCfg(configNoTLS)) }
- func TestCtlV3RoleAddClientTLS(t *testing.T) { testCtl(t, roleAddTest, withCfg(configClientTLS)) }
- func TestCtlV3RoleAddPeerTLS(t *testing.T) { testCtl(t, roleAddTest, withCfg(configPeerTLS)) }
- func TestCtlV3RoleAddTimeout(t *testing.T) { testCtl(t, roleAddTest, withDialTimeout(0)) }
- func TestCtlV3RoleGrant(t *testing.T) { testCtl(t, roleGrantTest) }
- func roleAddTest(cx ctlCtx) {
- cmdSet := []struct {
- args []string
- expectedStr string
- }{
- // Add a role.
- {
- args: []string{"add", "root"},
- expectedStr: "Role root created",
- },
- // Try adding the same role.
- {
- args: []string{"add", "root"},
- expectedStr: "role name already exists",
- },
- }
- for i, cmd := range cmdSet {
- if err := ctlV3Role(cx, cmd.args, cmd.expectedStr); err != nil {
- if cx.dialTimeout > 0 && !isGRPCTimedout(err) {
- cx.t.Fatalf("roleAddTest #%d: ctlV3Role error (%v)", i, err)
- }
- }
- }
- }
- func roleGrantTest(cx ctlCtx) {
- cmdSet := []struct {
- args []string
- expectedStr string
- }{
- // Add a role.
- {
- args: []string{"add", "root"},
- expectedStr: "Role root created",
- },
- // Grant read permission to the role.
- {
- args: []string{"grant", "root", "read", "foo"},
- expectedStr: "Role root updated",
- },
- // Grant write permission to the role.
- {
- args: []string{"grant", "root", "write", "foo"},
- expectedStr: "Role root updated",
- },
- // Grant rw permission to the role.
- {
- args: []string{"grant", "root", "readwrite", "foo"},
- expectedStr: "Role root updated",
- },
- // Try granting invalid permission to the role.
- {
- args: []string{"grant", "root", "123", "foo"},
- expectedStr: "invalid permission type",
- },
- }
- for i, cmd := range cmdSet {
- if err := ctlV3Role(cx, cmd.args, cmd.expectedStr); err != nil {
- cx.t.Fatalf("roleGrantTest #%d: ctlV3Role error (%v)", i, err)
- }
- }
- }
- func ctlV3Role(cx ctlCtx, args []string, expStr string) error {
- cmdArgs := append(cx.PrefixArgs(), "role")
- cmdArgs = append(cmdArgs, args...)
- return spawnWithExpect(cmdArgs, expStr)
- }
- func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) error {
- cmdArgs := append(cx.PrefixArgs(), "role", "grant-permission")
- if perm.prefix {
- cmdArgs = append(cmdArgs, "--prefix")
- } else if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
- cmdArgs = append(cmdArgs, "--from-key")
- }
- cmdArgs = append(cmdArgs, rolename)
- cmdArgs = append(cmdArgs, grantingPermToArgs(perm)...)
- proc, err := spawnCmd(cmdArgs)
- if err != nil {
- return err
- }
- expStr := fmt.Sprintf("Role %s updated", rolename)
- _, err = proc.Expect(expStr)
- return err
- }
- func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string, fromKey bool) error {
- cmdArgs := append(cx.PrefixArgs(), "role", "revoke-permission")
- cmdArgs = append(cmdArgs, rolename)
- cmdArgs = append(cmdArgs, key)
- var expStr string
- if len(rangeEnd) != 0 {
- cmdArgs = append(cmdArgs, rangeEnd)
- expStr = fmt.Sprintf("Permission of range [%s, %s) is revoked from role %s", key, rangeEnd, rolename)
- } else if fromKey {
- cmdArgs = append(cmdArgs, "--from-key")
- expStr = fmt.Sprintf("Permission of range [%s, <open ended> is revoked from role %s", key, rolename)
- } else {
- expStr = fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
- }
- proc, err := spawnCmd(cmdArgs)
- if err != nil {
- return err
- }
- _, err = proc.Expect(expStr)
- return err
- }
- type grantingPerm struct {
- read bool
- write bool
- key string
- rangeEnd string
- prefix bool
- }
- func grantingPermToArgs(perm grantingPerm) []string {
- permstr := ""
- if perm.read {
- permstr += "read"
- }
- if perm.write {
- permstr += "write"
- }
- if len(permstr) == 0 {
- panic("invalid granting permission")
- }
- if len(perm.rangeEnd) == 0 {
- return []string{permstr, perm.key}
- }
- if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
- return []string{permstr, perm.key}
- }
- return []string{permstr, perm.key, perm.rangeEnd}
- }
|