From 6c4dfff7e6be091d1ff1ab1cb81d1e1ba4070e4c Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Sat, 10 Jun 2017 12:04:21 -0400 Subject: [PATCH] e2e: test auth over grpc json --- e2e/v2_curl_test.go | 5 +++ e2e/v3_curl_test.go | 95 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 99 insertions(+), 1 deletion(-) diff --git a/e2e/v2_curl_test.go b/e2e/v2_curl_test.go index 289d64c0d272..a44227ec6d58 100644 --- a/e2e/v2_curl_test.go +++ b/e2e/v2_curl_test.go @@ -127,6 +127,7 @@ type cURLReq struct { value string expected string + header string } // cURLPrefixArgs builds the beginning of a curl command for a given key @@ -156,6 +157,10 @@ func cURLPrefixArgs(clus *etcdProcessCluster, method string, req cURLReq) []stri cmdArgs = append(cmdArgs, "-m", fmt.Sprintf("%d", req.timeout)) } + if req.header != "" { + cmdArgs = append(cmdArgs, "-H", req.header) + } + switch method { case "POST", "PUT": dt := req.value diff --git a/e2e/v3_curl_test.go b/e2e/v3_curl_test.go index af137c4a7447..c6e36e8f9249 100644 --- a/e2e/v3_curl_test.go +++ b/e2e/v3_curl_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -24,6 +24,12 @@ import ( "github.com/grpc-ecosystem/grpc-gateway/runtime" ) +func check(t *testing.T, err error) { + if err != nil { + t.Fatal(err) + } +} + func TestV3CurlPutGetNoTLS(t *testing.T) { testCurlPutGetGRPCGateway(t, &configNoTLS) } func TestV3CurlPutGetAutoTLS(t *testing.T) { testCurlPutGetGRPCGateway(t, &configAutoTLS) } func TestV3CurlPutGetAllTLS(t *testing.T) { testCurlPutGetGRPCGateway(t, &configTLS) } @@ -162,3 +168,90 @@ func TestV3CurlTxn(t *testing.T) { t.Fatalf("failed put with curl (%v)", err) } } + +type AuthResponse struct { + Token string +} + +func TestV3CurlAuth(t *testing.T) { + defer testutil.AfterTest(t) + epc, err := newEtcdProcessCluster(&configNoTLS) + if err != nil { + t.Fatalf("could not start etcd process cluster (%v)", err) + } + defer func() { + if cerr := epc.Close(); err != nil { + t.Fatalf("error closing etcd processes (%v)", cerr) + } + }() + + // create root user + userreq, err := json.Marshal(&pb.AuthUserAddRequest{Name: string("root"), Password: string("toor")}) + check(t, err) + + if err = cURLPost(epc, cURLReq{endpoint: "/v3alpha/auth/user/add", value: string(userreq), expected: "revision"}); err != nil { + t.Fatalf("failed add user with curl (%v)", err) + } + + // create root role + rolereq, err := json.Marshal(&pb.AuthRoleAddRequest{Name: string("root")}) + check(t, err) + + if err = cURLPost(epc, cURLReq{endpoint: "/v3alpha/auth/role/add", value: string(rolereq), expected: "revision"}); err != nil { + t.Fatalf("failed create role with curl (%v)", err) + } + + // grant root role + grantrolereq, err := json.Marshal(&pb.AuthUserGrantRoleRequest{User: string("root"), Role: string("root")}) + check(t, err) + + if err = cURLPost(epc, cURLReq{endpoint: "/v3alpha/auth/user/grant", value: string(grantrolereq), expected: "revision"}); err != nil { + t.Fatalf("failed grant role with curl (%v)", err) + } + + // enable auth + if err = cURLPost(epc, cURLReq{endpoint: "/v3alpha/auth/enable", value: string("{}"), expected: "revision"}); err != nil { + t.Fatalf("failed enable auth with curl (%v)", err) + } + + // put "bar" into "foo" + putreq, err := json.Marshal(&pb.PutRequest{Key: []byte("foo"), Value: []byte("bar")}) + check(t, err) + + // fail put no auth + if err = cURLPost(epc, cURLReq{endpoint: "/v3alpha/kv/put", value: string(putreq), expected: "error"}); err != nil { + t.Fatalf("failed no auth put with curl (%v)", err) + } + + // auth request + authreq, err := json.Marshal(&pb.AuthenticateRequest{Name: string("root"), Password: string("toor")}) + check(t, err) + + var ( + authHeader string + cmdArgs []string + lineFunc = func(txt string) bool { return true } + authRes AuthResponse + ) + cmdArgs = cURLPrefixArgs(epc, "POST", cURLReq{endpoint: "/v3alpha/auth/authenticate", value: string(authreq)}) + proc, err := spawnCmd(cmdArgs) + check(t, err) + + cURLRes, err := proc.ExpectFunc(lineFunc) + check(t, err) + + jerr := json.Unmarshal([]byte(cURLRes), &authRes) + check(t, jerr) + + res := authRes + if res.Token == "" { + t.Fatalf("failed no token in authenticate response with curl") + } + authHeader = "Authorization : " + res.Token + + // put with auth + if err = cURLPost(epc, cURLReq{endpoint: "/v3alpha/kv/put", value: string(putreq), header: authHeader, expected: "revision"}); err != nil { + t.Fatalf("failed auth put with curl (%v)", err) + } + +}