github.com/lfch/etcd-io/tests/v3@v3.0.0-20221004140520-eac99acd3e9d/common/role_test.go (about) 1 // Copyright 2022 The etcd Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package common 16 17 import ( 18 "context" 19 "strings" 20 "testing" 21 "time" 22 23 "github.com/lfch/etcd-io/api/v3/v3rpc/rpctypes" 24 clientv3 "github.com/lfch/etcd-io/client/v3" 25 "github.com/lfch/etcd-io/tests/v3/framework" 26 "github.com/lfch/etcd-io/tests/v3/framework/config" 27 "github.com/lfch/etcd-io/tests/v3/framework/testutils" 28 ) 29 30 func TestRoleAdd_Simple(t *testing.T) { 31 testRunner.BeforeTest(t) 32 for _, tc := range clusterTestCases { 33 t.Run(tc.name, func(t *testing.T) { 34 ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 35 defer cancel() 36 clus := testRunner.NewCluster(ctx, t, tc.config) 37 defer clus.Close() 38 cc := framework.MustClient(clus.Client(clientv3.AuthConfig{})) 39 40 testutils.ExecuteUntil(ctx, t, func() { 41 _, err := cc.RoleAdd(ctx, "root") 42 if err != nil { 43 t.Fatalf("want no error, but got (%v)", err) 44 } 45 }) 46 }) 47 } 48 } 49 50 func TestRoleAdd_Error(t *testing.T) { 51 testRunner.BeforeTest(t) 52 ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 53 defer cancel() 54 clus := testRunner.NewCluster(ctx, t, config.ClusterConfig{ClusterSize: 1}) 55 defer clus.Close() 56 cc := framework.MustClient(clus.Client(clientv3.AuthConfig{})) 57 testutils.ExecuteUntil(ctx, t, func() { 58 _, err := cc.RoleAdd(ctx, "test-role") 59 if err != nil { 60 t.Fatalf("want no error, but got (%v)", err) 61 } 62 _, err = cc.RoleAdd(ctx, "test-role") 63 if err == nil || !strings.Contains(err.Error(), rpctypes.ErrRoleAlreadyExist.Error()) { 64 t.Fatalf("want (%v) error, but got (%v)", rpctypes.ErrRoleAlreadyExist, err) 65 } 66 _, err = cc.RoleAdd(ctx, "") 67 if err == nil || !strings.Contains(err.Error(), rpctypes.ErrRoleEmpty.Error()) { 68 t.Fatalf("want (%v) error, but got (%v)", rpctypes.ErrRoleEmpty, err) 69 } 70 }) 71 } 72 73 func TestRootRole(t *testing.T) { 74 testRunner.BeforeTest(t) 75 ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 76 defer cancel() 77 clus := testRunner.NewCluster(ctx, t, config.ClusterConfig{ClusterSize: 1}) 78 defer clus.Close() 79 cc := framework.MustClient(clus.Client(clientv3.AuthConfig{})) 80 testutils.ExecuteUntil(ctx, t, func() { 81 _, err := cc.RoleAdd(ctx, "root") 82 if err != nil { 83 t.Fatalf("want no error, but got (%v)", err) 84 } 85 resp, err := cc.RoleGet(ctx, "root") 86 if err != nil { 87 t.Fatalf("want no error, but got (%v)", err) 88 } 89 t.Logf("get role resp %+v", resp) 90 // granting to root should be refused by server and a no-op 91 _, err = cc.RoleGrantPermission(ctx, "root", "foo", "", clientv3.PermissionType(clientv3.PermReadWrite)) 92 if err != nil { 93 t.Fatalf("want no error, but got (%v)", err) 94 } 95 resp2, err := cc.RoleGet(ctx, "root") 96 if err != nil { 97 t.Fatalf("want no error, but got (%v)", err) 98 } 99 t.Logf("get role resp %+v", resp2) 100 }) 101 } 102 103 func TestRoleGrantRevokePermission(t *testing.T) { 104 testRunner.BeforeTest(t) 105 ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 106 defer cancel() 107 clus := testRunner.NewCluster(ctx, t, config.ClusterConfig{ClusterSize: 1}) 108 defer clus.Close() 109 cc := framework.MustClient(clus.Client(clientv3.AuthConfig{})) 110 testutils.ExecuteUntil(ctx, t, func() { 111 _, err := cc.RoleAdd(ctx, "role1") 112 if err != nil { 113 t.Fatalf("want no error, but got (%v)", err) 114 } 115 _, err = cc.RoleGrantPermission(ctx, "role1", "bar", "", clientv3.PermissionType(clientv3.PermRead)) 116 if err != nil { 117 t.Fatalf("want no error, but got (%v)", err) 118 } 119 _, err = cc.RoleGrantPermission(ctx, "role1", "bar", "", clientv3.PermissionType(clientv3.PermWrite)) 120 if err != nil { 121 t.Fatalf("want no error, but got (%v)", err) 122 } 123 _, err = cc.RoleGrantPermission(ctx, "role1", "bar", "foo", clientv3.PermissionType(clientv3.PermReadWrite)) 124 if err != nil { 125 t.Fatalf("want no error, but got (%v)", err) 126 } 127 _, err = cc.RoleRevokePermission(ctx, "role1", "foo", "") 128 if err == nil || !strings.Contains(err.Error(), rpctypes.ErrPermissionNotGranted.Error()) { 129 t.Fatalf("want error (%v), but got (%v)", rpctypes.ErrPermissionNotGranted, err) 130 } 131 _, err = cc.RoleRevokePermission(ctx, "role1", "bar", "foo") 132 if err != nil { 133 t.Fatalf("want no error, but got (%v)", err) 134 } 135 }) 136 } 137 138 func TestRoleDelete(t *testing.T) { 139 testRunner.BeforeTest(t) 140 ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) 141 defer cancel() 142 clus := testRunner.NewCluster(ctx, t, config.ClusterConfig{ClusterSize: 1}) 143 defer clus.Close() 144 cc := framework.MustClient(clus.Client(clientv3.AuthConfig{})) 145 testutils.ExecuteUntil(ctx, t, func() { 146 _, err := cc.RoleAdd(ctx, "role1") 147 if err != nil { 148 t.Fatalf("want no error, but got (%v)", err) 149 } 150 _, err = cc.RoleDelete(ctx, "role1") 151 if err != nil { 152 t.Fatalf("want no error, but got (%v)", err) 153 } 154 }) 155 }