v2_curl_test.go 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. // Copyright 2016 The etcd Authors
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package e2e
  15. import (
  16. "fmt"
  17. "math/rand"
  18. "strings"
  19. "testing"
  20. "github.com/coreos/etcd/pkg/testutil"
  21. )
  22. func TestV2CurlNoTLS(t *testing.T) { testCurlPutGet(t, &configNoTLS) }
  23. func TestV2CurlAutoTLS(t *testing.T) { testCurlPutGet(t, &configAutoTLS) }
  24. func TestV2CurlAllTLS(t *testing.T) { testCurlPutGet(t, &configTLS) }
  25. func TestV2CurlPeerTLS(t *testing.T) { testCurlPutGet(t, &configPeerTLS) }
  26. func TestV2CurlClientTLS(t *testing.T) { testCurlPutGet(t, &configClientTLS) }
  27. func TestV2CurlProxyNoTLS(t *testing.T) { testCurlPutGet(t, &configWithProxy) }
  28. func TestV2CurlProxyTLS(t *testing.T) { testCurlPutGet(t, &configWithProxyTLS) }
  29. func TestV2CurlProxyPeerTLS(t *testing.T) { testCurlPutGet(t, &configWithProxyPeerTLS) }
  30. func TestV2CurlClientBoth(t *testing.T) { testCurlPutGet(t, &configClientBoth) }
  31. func testCurlPutGet(t *testing.T, cfg *etcdProcessClusterConfig) {
  32. defer testutil.AfterTest(t)
  33. // test doesn't use quorum gets, so ensure there are no followers to avoid
  34. // stale reads that will break the test
  35. cfg = configStandalone(*cfg)
  36. epc, err := newEtcdProcessCluster(cfg)
  37. if err != nil {
  38. t.Fatalf("could not start etcd process cluster (%v)", err)
  39. }
  40. defer func() {
  41. if err := epc.Close(); err != nil {
  42. t.Fatalf("error closing etcd processes (%v)", err)
  43. }
  44. }()
  45. var (
  46. expectPut = `{"action":"set","node":{"key":"/foo","value":"bar","`
  47. expectGet = `{"action":"get","node":{"key":"/foo","value":"bar","`
  48. )
  49. if err := cURLPut(epc, cURLReq{endpoint: "/v2/keys/foo", value: "bar", expected: expectPut}); err != nil {
  50. t.Fatalf("failed put with curl (%v)", err)
  51. }
  52. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo", expected: expectGet}); err != nil {
  53. t.Fatalf("failed get with curl (%v)", err)
  54. }
  55. if cfg.clientTLS == clientTLSAndNonTLS {
  56. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo", expected: expectGet, isTLS: true}); err != nil {
  57. t.Fatalf("failed get with curl (%v)", err)
  58. }
  59. }
  60. }
  61. func TestV2CurlIssue5182(t *testing.T) {
  62. defer testutil.AfterTest(t)
  63. epc := setupEtcdctlTest(t, &configNoTLS, false)
  64. defer func() {
  65. if err := epc.Close(); err != nil {
  66. t.Fatalf("error closing etcd processes (%v)", err)
  67. }
  68. }()
  69. expectPut := `{"action":"set","node":{"key":"/foo","value":"bar","`
  70. if err := cURLPut(epc, cURLReq{endpoint: "/v2/keys/foo", value: "bar", expected: expectPut}); err != nil {
  71. t.Fatal(err)
  72. }
  73. expectUserAdd := `{"user":"foo","roles":null}`
  74. if err := cURLPut(epc, cURLReq{endpoint: "/v2/auth/users/foo", value: `{"user":"foo", "password":"pass"}`, expected: expectUserAdd}); err != nil {
  75. t.Fatal(err)
  76. }
  77. expectRoleAdd := `{"role":"foo","permissions":{"kv":{"read":["/foo/*"],"write":null}}`
  78. if err := cURLPut(epc, cURLReq{endpoint: "/v2/auth/roles/foo", value: `{"role":"foo", "permissions": {"kv": {"read": ["/foo/*"]}}}`, expected: expectRoleAdd}); err != nil {
  79. t.Fatal(err)
  80. }
  81. expectUserUpdate := `{"user":"foo","roles":["foo"]}`
  82. if err := cURLPut(epc, cURLReq{endpoint: "/v2/auth/users/foo", value: `{"user": "foo", "grant": ["foo"]}`, expected: expectUserUpdate}); err != nil {
  83. t.Fatal(err)
  84. }
  85. if err := etcdctlUserAdd(epc, "root", "a"); err != nil {
  86. t.Fatal(err)
  87. }
  88. if err := etcdctlAuthEnable(epc); err != nil {
  89. t.Fatal(err)
  90. }
  91. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo/", username: "root", password: "a", expected: "bar"}); err != nil {
  92. t.Fatal(err)
  93. }
  94. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo/", username: "foo", password: "pass", expected: "bar"}); err != nil {
  95. t.Fatal(err)
  96. }
  97. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo/", username: "foo", password: "", expected: "bar"}); err != nil {
  98. if !strings.Contains(err.Error(), `The request requires user authentication`) {
  99. t.Fatalf("expected 'The request requires user authentication' error, got %v", err)
  100. }
  101. } else {
  102. t.Fatalf("expected 'The request requires user authentication' error")
  103. }
  104. }
  105. type cURLReq struct {
  106. username string
  107. password string
  108. isTLS bool
  109. timeout int
  110. endpoint string
  111. value string
  112. expected string
  113. ciphers string
  114. }
  115. // cURLPrefixArgs builds the beginning of a curl command for a given key
  116. // addressed to a random URL in the given cluster.
  117. func cURLPrefixArgs(clus *etcdProcessCluster, method string, req cURLReq) []string {
  118. var (
  119. cmdArgs = []string{"curl"}
  120. acurl = clus.procs[rand.Intn(clus.cfg.clusterSize)].cfg.acurl
  121. )
  122. if req.isTLS {
  123. if clus.cfg.clientTLS != clientTLSAndNonTLS {
  124. panic("should not use cURLPrefixArgsUseTLS when serving only TLS or non-TLS")
  125. }
  126. cmdArgs = append(cmdArgs, "--cacert", caPath, "--cert", certPath, "--key", privateKeyPath)
  127. acurl = clus.procs[rand.Intn(clus.cfg.clusterSize)].cfg.acurltls
  128. } else if clus.cfg.clientTLS == clientTLS {
  129. cmdArgs = append(cmdArgs, "--cacert", caPath, "--cert", certPath, "--key", privateKeyPath)
  130. }
  131. ep := acurl + req.endpoint
  132. if req.username != "" || req.password != "" {
  133. cmdArgs = append(cmdArgs, "-L", "-u", fmt.Sprintf("%s:%s", req.username, req.password), ep)
  134. } else {
  135. cmdArgs = append(cmdArgs, "-L", ep)
  136. }
  137. if req.timeout != 0 {
  138. cmdArgs = append(cmdArgs, "-m", fmt.Sprintf("%d", req.timeout))
  139. }
  140. if req.ciphers != "" {
  141. cmdArgs = append(cmdArgs, "--ciphers", req.ciphers)
  142. }
  143. switch method {
  144. case "POST", "PUT":
  145. dt := req.value
  146. if !strings.HasPrefix(dt, "{") { // for non-JSON value
  147. dt = "value=" + dt
  148. }
  149. cmdArgs = append(cmdArgs, "-X", method, "-d", dt)
  150. }
  151. return cmdArgs
  152. }
  153. func cURLPost(clus *etcdProcessCluster, req cURLReq) error {
  154. return spawnWithExpect(cURLPrefixArgs(clus, "POST", req), req.expected)
  155. }
  156. func cURLPut(clus *etcdProcessCluster, req cURLReq) error {
  157. return spawnWithExpect(cURLPrefixArgs(clus, "PUT", req), req.expected)
  158. }
  159. func cURLGet(clus *etcdProcessCluster, req cURLReq) error {
  160. return spawnWithExpect(cURLPrefixArgs(clus, "GET", req), req.expected)
  161. }