e2e: add a test case for invalid management of root user and role

etcd-io · Mar 17, 2017 · 76eb57b · 76eb57b
1 parent 45ec113
commit 76eb57b
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go
@@ -36,6 +36,7 @@ func TestCtlV3AuthMemberRemove(t *testing.T) {
 func TestCtlV3AuthMemberUpdate(t *testing.T)     { testCtl(t, authTestMemberUpdate) }
 func TestCtlV3AuthCertCN(t *testing.T)           { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) }
 func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWithDelete) }
+func TestCtlV3AuthInvalidMgmt(t *testing.T)      { testCtl(t, authTestInvalidMgmt) }
 
 func authEnableTest(cx ctlCtx) {
 	if err := authEnable(cx); err != nil {
@@ -618,3 +619,17 @@ func authTestRevokeWithDelete(cx ctlCtx) {
 		cx.t.Fatal(err)
 	}
 }
+
+func authTestInvalidMgmt(cx ctlCtx) {
+	if err := authEnable(cx); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	if err := ctlV3Role(cx, []string{"delete", "root"}, "Error:  etcdserver: invalid auth management"); err == nil {
+		cx.t.Fatal("deleting the role root must not be allowed")
+	}
+
+	if err := ctlV3User(cx, []string{"revoke-role", "root", "root"}, "Error:  etcdserver: invalid auth management", []string{}); err == nil {
+		cx.t.Fatal("revoking the role root from the user root must not be allowed")
+	}
+}