v2_curl_test.go 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. // Copyright 2016 The etcd Authors
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package e2e
  15. import (
  16. "fmt"
  17. "math/rand"
  18. "os"
  19. "strings"
  20. "testing"
  21. "go.etcd.io/etcd/pkg/testutil"
  22. )
  23. func TestV2CurlNoTLS(t *testing.T) { testCurlPutGet(t, &configNoTLS) }
  24. func TestV2CurlAutoTLS(t *testing.T) { testCurlPutGet(t, &configAutoTLS) }
  25. func TestV2CurlAllTLS(t *testing.T) { testCurlPutGet(t, &configTLS) }
  26. func TestV2CurlPeerTLS(t *testing.T) { testCurlPutGet(t, &configPeerTLS) }
  27. func TestV2CurlClientTLS(t *testing.T) { testCurlPutGet(t, &configClientTLS) }
  28. func TestV2CurlClientBoth(t *testing.T) { testCurlPutGet(t, &configClientBoth) }
  29. func testCurlPutGet(t *testing.T, cfg *etcdProcessClusterConfig) {
  30. defer testutil.AfterTest(t)
  31. // test doesn't use quorum gets, so ensure there are no followers to avoid
  32. // stale reads that will break the test
  33. cfg = configStandalone(*cfg)
  34. cfg.enableV2 = true
  35. epc, err := newEtcdProcessCluster(cfg)
  36. if err != nil {
  37. t.Fatalf("could not start etcd process cluster (%v)", err)
  38. }
  39. defer func() {
  40. if err := epc.Close(); err != nil {
  41. t.Fatalf("error closing etcd processes (%v)", err)
  42. }
  43. }()
  44. var (
  45. expectPut = `{"action":"set","node":{"key":"/foo","value":"bar","`
  46. expectGet = `{"action":"get","node":{"key":"/foo","value":"bar","`
  47. )
  48. if err := cURLPut(epc, cURLReq{endpoint: "/v2/keys/foo", value: "bar", expected: expectPut}); err != nil {
  49. t.Fatalf("failed put with curl (%v)", err)
  50. }
  51. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo", expected: expectGet}); err != nil {
  52. t.Fatalf("failed get with curl (%v)", err)
  53. }
  54. if cfg.clientTLS == clientTLSAndNonTLS {
  55. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo", expected: expectGet, isTLS: true}); err != nil {
  56. t.Fatalf("failed get with curl (%v)", err)
  57. }
  58. }
  59. }
  60. func TestV2CurlIssue5182(t *testing.T) {
  61. os.Setenv("ETCDCTL_API", "2")
  62. defer os.Unsetenv("ETCDCTL_API")
  63. defer testutil.AfterTest(t)
  64. copied := configNoTLS
  65. copied.enableV2 = true
  66. epc := setupEtcdctlTest(t, &copied, false)
  67. defer func() {
  68. if err := epc.Close(); err != nil {
  69. t.Fatalf("error closing etcd processes (%v)", err)
  70. }
  71. }()
  72. expectPut := `{"action":"set","node":{"key":"/foo","value":"bar","`
  73. if err := cURLPut(epc, cURLReq{endpoint: "/v2/keys/foo", value: "bar", expected: expectPut}); err != nil {
  74. t.Fatal(err)
  75. }
  76. expectUserAdd := `{"user":"foo","roles":null}`
  77. if err := cURLPut(epc, cURLReq{endpoint: "/v2/auth/users/foo", value: `{"user":"foo", "password":"pass"}`, expected: expectUserAdd}); err != nil {
  78. t.Fatal(err)
  79. }
  80. expectRoleAdd := `{"role":"foo","permissions":{"kv":{"read":["/foo/*"],"write":null}}`
  81. if err := cURLPut(epc, cURLReq{endpoint: "/v2/auth/roles/foo", value: `{"role":"foo", "permissions": {"kv": {"read": ["/foo/*"]}}}`, expected: expectRoleAdd}); err != nil {
  82. t.Fatal(err)
  83. }
  84. expectUserUpdate := `{"user":"foo","roles":["foo"]}`
  85. if err := cURLPut(epc, cURLReq{endpoint: "/v2/auth/users/foo", value: `{"user": "foo", "grant": ["foo"]}`, expected: expectUserUpdate}); err != nil {
  86. t.Fatal(err)
  87. }
  88. if err := etcdctlUserAdd(epc, "root", "a"); err != nil {
  89. t.Fatal(err)
  90. }
  91. if err := etcdctlAuthEnable(epc); err != nil {
  92. t.Fatal(err)
  93. }
  94. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo/", username: "root", password: "a", expected: "bar"}); err != nil {
  95. t.Fatal(err)
  96. }
  97. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo/", username: "foo", password: "pass", expected: "bar"}); err != nil {
  98. t.Fatal(err)
  99. }
  100. if err := cURLGet(epc, cURLReq{endpoint: "/v2/keys/foo/", username: "foo", password: "", expected: "bar"}); err != nil {
  101. if !strings.Contains(err.Error(), `The request requires user authentication`) {
  102. t.Fatalf("expected 'The request requires user authentication' error, got %v", err)
  103. }
  104. } else {
  105. t.Fatalf("expected 'The request requires user authentication' error")
  106. }
  107. }
  108. type cURLReq struct {
  109. username string
  110. password string
  111. isTLS bool
  112. timeout int
  113. endpoint string
  114. value string
  115. expected string
  116. header string
  117. metricsURLScheme string
  118. ciphers string
  119. }
  120. // cURLPrefixArgs builds the beginning of a curl command for a given key
  121. // addressed to a random URL in the given cluster.
  122. func cURLPrefixArgs(clus *etcdProcessCluster, method string, req cURLReq) []string {
  123. var (
  124. cmdArgs = []string{"curl"}
  125. acurl = clus.procs[rand.Intn(clus.cfg.clusterSize)].Config().acurl
  126. )
  127. if req.metricsURLScheme != "https" {
  128. if req.isTLS {
  129. if clus.cfg.clientTLS != clientTLSAndNonTLS {
  130. panic("should not use cURLPrefixArgsUseTLS when serving only TLS or non-TLS")
  131. }
  132. cmdArgs = append(cmdArgs, "--cacert", caPath, "--cert", certPath, "--key", privateKeyPath)
  133. acurl = toTLS(clus.procs[rand.Intn(clus.cfg.clusterSize)].Config().acurl)
  134. } else if clus.cfg.clientTLS == clientTLS {
  135. if !clus.cfg.noCN {
  136. cmdArgs = append(cmdArgs, "--cacert", caPath, "--cert", certPath, "--key", privateKeyPath)
  137. } else {
  138. cmdArgs = append(cmdArgs, "--cacert", caPath, "--cert", certPath3, "--key", privateKeyPath3)
  139. }
  140. }
  141. }
  142. if req.metricsURLScheme != "" {
  143. acurl = clus.procs[rand.Intn(clus.cfg.clusterSize)].EndpointsMetrics()[0]
  144. }
  145. ep := acurl + req.endpoint
  146. if req.username != "" || req.password != "" {
  147. cmdArgs = append(cmdArgs, "-L", "-u", fmt.Sprintf("%s:%s", req.username, req.password), ep)
  148. } else {
  149. cmdArgs = append(cmdArgs, "-L", ep)
  150. }
  151. if req.timeout != 0 {
  152. cmdArgs = append(cmdArgs, "-m", fmt.Sprintf("%d", req.timeout))
  153. }
  154. if req.header != "" {
  155. cmdArgs = append(cmdArgs, "-H", req.header)
  156. }
  157. if req.ciphers != "" {
  158. cmdArgs = append(cmdArgs, "--ciphers", req.ciphers)
  159. }
  160. switch method {
  161. case "POST", "PUT":
  162. dt := req.value
  163. if !strings.HasPrefix(dt, "{") { // for non-JSON value
  164. dt = "value=" + dt
  165. }
  166. cmdArgs = append(cmdArgs, "-X", method, "-d", dt)
  167. }
  168. return cmdArgs
  169. }
  170. func cURLPost(clus *etcdProcessCluster, req cURLReq) error {
  171. return spawnWithExpect(cURLPrefixArgs(clus, "POST", req), req.expected)
  172. }
  173. func cURLPut(clus *etcdProcessCluster, req cURLReq) error {
  174. return spawnWithExpect(cURLPrefixArgs(clus, "PUT", req), req.expected)
  175. }
  176. func cURLGet(clus *etcdProcessCluster, req cURLReq) error {
  177. return spawnWithExpect(cURLPrefixArgs(clus, "GET", req), req.expected)
  178. }