ctl_v3_role_test.go 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. // Copyright 2016 The etcd Authors
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package e2e
  15. import (
  16. "fmt"
  17. "testing"
  18. )
  19. func TestCtlV3RoleAdd(t *testing.T) { testCtl(t, roleAddTest) }
  20. func TestCtlV3RoleAddNoTLS(t *testing.T) { testCtl(t, roleAddTest, withCfg(configNoTLS)) }
  21. func TestCtlV3RoleAddClientTLS(t *testing.T) { testCtl(t, roleAddTest, withCfg(configClientTLS)) }
  22. func TestCtlV3RoleAddPeerTLS(t *testing.T) { testCtl(t, roleAddTest, withCfg(configPeerTLS)) }
  23. func TestCtlV3RoleAddTimeout(t *testing.T) { testCtl(t, roleAddTest, withDialTimeout(0)) }
  24. func TestCtlV3RoleGrant(t *testing.T) { testCtl(t, roleGrantTest) }
  25. func roleAddTest(cx ctlCtx) {
  26. cmdSet := []struct {
  27. args []string
  28. expectedStr string
  29. }{
  30. // Add a role.
  31. {
  32. args: []string{"add", "root"},
  33. expectedStr: "Role root created",
  34. },
  35. // Try adding the same role.
  36. {
  37. args: []string{"add", "root"},
  38. expectedStr: "role name already exists",
  39. },
  40. }
  41. for i, cmd := range cmdSet {
  42. if err := ctlV3Role(cx, cmd.args, cmd.expectedStr); err != nil {
  43. if cx.dialTimeout > 0 && !isGRPCTimedout(err) {
  44. cx.t.Fatalf("roleAddTest #%d: ctlV3Role error (%v)", i, err)
  45. }
  46. }
  47. }
  48. }
  49. func roleGrantTest(cx ctlCtx) {
  50. cmdSet := []struct {
  51. args []string
  52. expectedStr string
  53. }{
  54. // Add a role.
  55. {
  56. args: []string{"add", "root"},
  57. expectedStr: "Role root created",
  58. },
  59. // Grant read permission to the role.
  60. {
  61. args: []string{"grant", "root", "read", "foo"},
  62. expectedStr: "Role root updated",
  63. },
  64. // Grant write permission to the role.
  65. {
  66. args: []string{"grant", "root", "write", "foo"},
  67. expectedStr: "Role root updated",
  68. },
  69. // Grant rw permission to the role.
  70. {
  71. args: []string{"grant", "root", "readwrite", "foo"},
  72. expectedStr: "Role root updated",
  73. },
  74. // Try granting invalid permission to the role.
  75. {
  76. args: []string{"grant", "root", "123", "foo"},
  77. expectedStr: "invalid permission type",
  78. },
  79. }
  80. for i, cmd := range cmdSet {
  81. if err := ctlV3Role(cx, cmd.args, cmd.expectedStr); err != nil {
  82. cx.t.Fatalf("roleGrantTest #%d: ctlV3Role error (%v)", i, err)
  83. }
  84. }
  85. }
  86. func ctlV3Role(cx ctlCtx, args []string, expStr string) error {
  87. cmdArgs := append(cx.PrefixArgs(), "role")
  88. cmdArgs = append(cmdArgs, args...)
  89. return spawnWithExpect(cmdArgs, expStr)
  90. }
  91. func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) error {
  92. cmdArgs := append(cx.PrefixArgs(), "role", "grant-permission")
  93. cmdArgs = append(cmdArgs, rolename)
  94. cmdArgs = append(cmdArgs, grantingPermToArgs(perm)...)
  95. proc, err := spawnCmd(cmdArgs)
  96. if err != nil {
  97. return err
  98. }
  99. expStr := fmt.Sprintf("Role %s updated", rolename)
  100. _, err = proc.Expect(expStr)
  101. return err
  102. }
  103. func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string) error {
  104. cmdArgs := append(cx.PrefixArgs(), "role", "revoke-permission")
  105. cmdArgs = append(cmdArgs, rolename)
  106. cmdArgs = append(cmdArgs, key)
  107. if len(rangeEnd) != 0 {
  108. cmdArgs = append(cmdArgs, rangeEnd)
  109. }
  110. proc, err := spawnCmd(cmdArgs)
  111. if err != nil {
  112. return err
  113. }
  114. expStr := fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
  115. _, err = proc.Expect(expStr)
  116. return err
  117. }
  118. type grantingPerm struct {
  119. read bool
  120. write bool
  121. key string
  122. rangeEnd string
  123. }
  124. func grantingPermToArgs(perm grantingPerm) []string {
  125. permstr := ""
  126. if perm.read {
  127. permstr += "read"
  128. }
  129. if perm.write {
  130. permstr += "write"
  131. }
  132. if len(permstr) == 0 {
  133. panic("invalid granting permission")
  134. }
  135. if len(perm.rangeEnd) == 0 {
  136. return []string{permstr, perm.key}
  137. }
  138. return []string{permstr, perm.key, perm.rangeEnd}
  139. }