Skip to content

Commit

Permalink
e2e: add a test case for the --open-ended option
Browse files Browse the repository at this point in the history
  • Loading branch information
@mitake
mitake committed Apr 4, 2017
1 parent 0a7fc7c commit a204b14
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 3 deletions.
54 changes: 53 additions & 1 deletion e2e/ctl_v3_auth_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ func TestCtlV3AuthMemberUpdate(t *testing.T) { testCtl(t, authTestMemberUpda
func TestCtlV3AuthCertCN(t *testing.T) { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) }
func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWithDelete) }
func TestCtlV3AuthInvalidMgmt(t *testing.T) { testCtl(t, authTestInvalidMgmt) }
func TestCtlV3AuthFromKeyPerm(t *testing.T) { testCtl(t, authTestFromKeyPerm) }

func authEnableTest(cx ctlCtx) {
if err := authEnable(cx); err != nil {
Expand Down Expand Up @@ -199,7 +200,7 @@ func authRoleUpdateTest(cx ctlCtx) {

// revoke the newly granted key
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", ""); err != nil {
if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", "", false); err != nil {
cx.t.Fatal(err)
}

Expand Down Expand Up @@ -613,3 +614,54 @@ func authTestInvalidMgmt(cx ctlCtx) {
cx.t.Fatal("revoking the role root from the user root must not be allowed")
}
}

func authTestFromKeyPerm(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant keys after z to test-user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}); err != nil {
cx.t.Fatal(err)
}

// try the granted open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
}
largeKey := ""
for i := 0; i < 10; i++ {
largeKey += "\xff"
if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
cx.t.Fatal(err)
}
}

// try a non granted key
if err := ctlV3PutFailPerm(cx, "x", "baz"); err != nil {
cx.t.Fatal(err)
}

// revoke the open ended permission
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
cx.t.Fatal(err)
}

// try the revoked open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3PutFailPerm(cx, key, "val"); err != nil {
cx.t.Fatal(err)
}
}
}
18 changes: 16 additions & 2 deletions e2e/ctl_v3_role_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,10 @@ func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) err
cmdArgs := append(cx.PrefixArgs(), "role", "grant-permission")
if perm.prefix {
cmdArgs = append(cmdArgs, "--prefix")
} else if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
cmdArgs = append(cmdArgs, "--from-key")
}

cmdArgs = append(cmdArgs, rolename)
cmdArgs = append(cmdArgs, grantingPermToArgs(perm)...)

Expand All @@ -117,20 +120,26 @@ func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) err
return err
}

func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string) error {
func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string, fromKey bool) error {
cmdArgs := append(cx.PrefixArgs(), "role", "revoke-permission")
cmdArgs = append(cmdArgs, rolename)
cmdArgs = append(cmdArgs, key)
expStr := ""
if len(rangeEnd) != 0 {
cmdArgs = append(cmdArgs, rangeEnd)
expStr = fmt.Sprintf("Permission of range [%s, %s) is revoked from role %s", key, rangeEnd, rolename)
} else if fromKey {
cmdArgs = append(cmdArgs, "--from-key")
expStr = fmt.Sprintf("Permission of range [%s, <open ended> is revoked from role %s", key, rolename)
} else {
expStr = fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
}

proc, err := spawnCmd(cmdArgs)
if err != nil {
return err
}

expStr := fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
_, err = proc.Expect(expStr)
return err
}
Expand Down Expand Up @@ -161,5 +170,10 @@ func grantingPermToArgs(perm grantingPerm) []string {
if len(perm.rangeEnd) == 0 {
return []string{permstr, perm.key}
}

if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
return []string{permstr, perm.key}
}

return []string{permstr, perm.key, perm.rangeEnd}
}

0 comments on commit a204b14

Please sign in to comment.