go.etcd.io/etcd@v3.3.27+incompatible/tests/docker-dns/certs-common-name-auth/run.sh (about) 1 #!/bin/sh 2 rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data 3 4 /etc/init.d/bind9 start 5 6 # get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost 7 cat /dev/null >/etc/hosts 8 9 goreman -f /certs-common-name-auth/Procfile start & 10 11 # TODO: remove random sleeps 12 sleep 7s 13 14 ETCDCTL_API=3 ./etcdctl \ 15 --cacert=/certs-common-name-auth/ca.crt \ 16 --cert=/certs-common-name-auth/server.crt \ 17 --key=/certs-common-name-auth/server.key.insecure \ 18 --endpoints=https://m1.etcd.local:2379 \ 19 endpoint health --cluster 20 21 ETCDCTL_API=3 ./etcdctl \ 22 --cacert=/certs-common-name-auth/ca.crt \ 23 --cert=/certs-common-name-auth/server.crt \ 24 --key=/certs-common-name-auth/server.key.insecure \ 25 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 26 put abc def 27 28 ETCDCTL_API=3 ./etcdctl \ 29 --cacert=/certs-common-name-auth/ca.crt \ 30 --cert=/certs-common-name-auth/server.crt \ 31 --key=/certs-common-name-auth/server.key.insecure \ 32 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 33 get abc 34 35 sleep 1s && printf "\n" 36 echo "Step 1. creating root role" 37 ETCDCTL_API=3 ./etcdctl \ 38 --cacert=/certs-common-name-auth/ca.crt \ 39 --cert=/certs-common-name-auth/server.crt \ 40 --key=/certs-common-name-auth/server.key.insecure \ 41 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 42 role add root 43 44 sleep 1s && printf "\n" 45 echo "Step 2. granting readwrite 'foo' permission to role 'root'" 46 ETCDCTL_API=3 ./etcdctl \ 47 --cacert=/certs-common-name-auth/ca.crt \ 48 --cert=/certs-common-name-auth/server.crt \ 49 --key=/certs-common-name-auth/server.key.insecure \ 50 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 51 role grant-permission root readwrite foo 52 53 sleep 1s && printf "\n" 54 echo "Step 3. getting role 'root'" 55 ETCDCTL_API=3 ./etcdctl \ 56 --cacert=/certs-common-name-auth/ca.crt \ 57 --cert=/certs-common-name-auth/server.crt \ 58 --key=/certs-common-name-auth/server.key.insecure \ 59 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 60 role get root 61 62 sleep 1s && printf "\n" 63 echo "Step 4. creating user 'root'" 64 ETCDCTL_API=3 ./etcdctl \ 65 --cacert=/certs-common-name-auth/ca.crt \ 66 --cert=/certs-common-name-auth/server.crt \ 67 --key=/certs-common-name-auth/server.key.insecure \ 68 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 69 --interactive=false \ 70 user add root:123 71 72 sleep 1s && printf "\n" 73 echo "Step 5. granting role 'root' to user 'root'" 74 ETCDCTL_API=3 ./etcdctl \ 75 --cacert=/certs-common-name-auth/ca.crt \ 76 --cert=/certs-common-name-auth/server.crt \ 77 --key=/certs-common-name-auth/server.key.insecure \ 78 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 79 user grant-role root root 80 81 sleep 1s && printf "\n" 82 echo "Step 6. getting user 'root'" 83 ETCDCTL_API=3 ./etcdctl \ 84 --cacert=/certs-common-name-auth/ca.crt \ 85 --cert=/certs-common-name-auth/server.crt \ 86 --key=/certs-common-name-auth/server.key.insecure \ 87 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 88 user get root 89 90 sleep 1s && printf "\n" 91 echo "Step 7. enabling auth" 92 ETCDCTL_API=3 ./etcdctl \ 93 --cacert=/certs-common-name-auth/ca.crt \ 94 --cert=/certs-common-name-auth/server.crt \ 95 --key=/certs-common-name-auth/server.key.insecure \ 96 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 97 auth enable 98 99 sleep 1s && printf "\n" 100 echo "Step 8. writing 'foo' with 'root:123'" 101 ETCDCTL_API=3 ./etcdctl \ 102 --cacert=/certs-common-name-auth/ca.crt \ 103 --cert=/certs-common-name-auth/server.crt \ 104 --key=/certs-common-name-auth/server.key.insecure \ 105 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 106 --user=root:123 \ 107 put foo bar 108 109 sleep 1s && printf "\n" 110 echo "Step 9. writing 'aaa' with 'root:123'" 111 ETCDCTL_API=3 ./etcdctl \ 112 --cacert=/certs-common-name-auth/ca.crt \ 113 --cert=/certs-common-name-auth/server.crt \ 114 --key=/certs-common-name-auth/server.key.insecure \ 115 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 116 --user=root:123 \ 117 put aaa bbb 118 119 sleep 1s && printf "\n" 120 echo "Step 10. writing 'foo' without 'root:123'" 121 ETCDCTL_API=3 ./etcdctl \ 122 --cacert=/certs-common-name-auth/ca.crt \ 123 --cert=/certs-common-name-auth/server.crt \ 124 --key=/certs-common-name-auth/server.key.insecure \ 125 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 126 put foo bar 127 128 sleep 1s && printf "\n" 129 echo "Step 11. reading 'foo' with 'root:123'" 130 ETCDCTL_API=3 ./etcdctl \ 131 --cacert=/certs-common-name-auth/ca.crt \ 132 --cert=/certs-common-name-auth/server.crt \ 133 --key=/certs-common-name-auth/server.key.insecure \ 134 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 135 --user=root:123 \ 136 get foo 137 138 sleep 1s && printf "\n" 139 echo "Step 12. reading 'aaa' with 'root:123'" 140 ETCDCTL_API=3 ./etcdctl \ 141 --cacert=/certs-common-name-auth/ca.crt \ 142 --cert=/certs-common-name-auth/server.crt \ 143 --key=/certs-common-name-auth/server.key.insecure \ 144 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 145 --user=root:123 \ 146 get aaa 147 148 sleep 1s && printf "\n" 149 echo "Step 13. creating a new user 'test-common-name:test-pass'" 150 ETCDCTL_API=3 ./etcdctl \ 151 --cacert=/certs-common-name-auth/ca.crt \ 152 --cert=/certs-common-name-auth/server.crt \ 153 --key=/certs-common-name-auth/server.key.insecure \ 154 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 155 --user=root:123 \ 156 --interactive=false \ 157 user add test-common-name:test-pass 158 159 sleep 1s && printf "\n" 160 echo "Step 14. creating a role 'test-role'" 161 ETCDCTL_API=3 ./etcdctl \ 162 --cacert=/certs-common-name-auth/ca.crt \ 163 --cert=/certs-common-name-auth/server.crt \ 164 --key=/certs-common-name-auth/server.key.insecure \ 165 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 166 --user=root:123 \ 167 role add test-role 168 169 sleep 1s && printf "\n" 170 echo "Step 15. granting readwrite 'aaa' --prefix permission to role 'test-role'" 171 ETCDCTL_API=3 ./etcdctl \ 172 --cacert=/certs-common-name-auth/ca.crt \ 173 --cert=/certs-common-name-auth/server.crt \ 174 --key=/certs-common-name-auth/server.key.insecure \ 175 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 176 --user=root:123 \ 177 role grant-permission test-role readwrite aaa --prefix 178 179 sleep 1s && printf "\n" 180 echo "Step 16. getting role 'test-role'" 181 ETCDCTL_API=3 ./etcdctl \ 182 --cacert=/certs-common-name-auth/ca.crt \ 183 --cert=/certs-common-name-auth/server.crt \ 184 --key=/certs-common-name-auth/server.key.insecure \ 185 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 186 --user=root:123 \ 187 role get test-role 188 189 sleep 1s && printf "\n" 190 echo "Step 17. granting role 'test-role' to user 'test-common-name'" 191 ETCDCTL_API=3 ./etcdctl \ 192 --cacert=/certs-common-name-auth/ca.crt \ 193 --cert=/certs-common-name-auth/server.crt \ 194 --key=/certs-common-name-auth/server.key.insecure \ 195 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 196 --user=root:123 \ 197 user grant-role test-common-name test-role 198 199 sleep 1s && printf "\n" 200 echo "Step 18. writing 'aaa' with 'test-common-name:test-pass'" 201 ETCDCTL_API=3 ./etcdctl \ 202 --cacert=/certs-common-name-auth/ca.crt \ 203 --cert=/certs-common-name-auth/server.crt \ 204 --key=/certs-common-name-auth/server.key.insecure \ 205 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 206 --user=test-common-name:test-pass \ 207 put aaa bbb 208 209 sleep 1s && printf "\n" 210 echo "Step 19. writing 'bbb' with 'test-common-name:test-pass'" 211 ETCDCTL_API=3 ./etcdctl \ 212 --cacert=/certs-common-name-auth/ca.crt \ 213 --cert=/certs-common-name-auth/server.crt \ 214 --key=/certs-common-name-auth/server.key.insecure \ 215 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 216 --user=test-common-name:test-pass \ 217 put bbb bbb 218 219 sleep 1s && printf "\n" 220 echo "Step 20. reading 'aaa' with 'test-common-name:test-pass'" 221 ETCDCTL_API=3 ./etcdctl \ 222 --cacert=/certs-common-name-auth/ca.crt \ 223 --cert=/certs-common-name-auth/server.crt \ 224 --key=/certs-common-name-auth/server.key.insecure \ 225 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 226 --user=test-common-name:test-pass \ 227 get aaa 228 229 sleep 1s && printf "\n" 230 echo "Step 21. reading 'bbb' with 'test-common-name:test-pass'" 231 ETCDCTL_API=3 ./etcdctl \ 232 --cacert=/certs-common-name-auth/ca.crt \ 233 --cert=/certs-common-name-auth/server.crt \ 234 --key=/certs-common-name-auth/server.key.insecure \ 235 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 236 --user=test-common-name:test-pass \ 237 get bbb 238 239 sleep 1s && printf "\n" 240 echo "Step 22. writing 'aaa' with CommonName 'test-common-name'" 241 ETCDCTL_API=3 ./etcdctl \ 242 --cacert=/certs-common-name-auth/ca.crt \ 243 --cert=/certs-common-name-auth/server.crt \ 244 --key=/certs-common-name-auth/server.key.insecure \ 245 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 246 put aaa ccc 247 248 sleep 1s && printf "\n" 249 echo "Step 23. reading 'aaa' with CommonName 'test-common-name'" 250 ETCDCTL_API=3 ./etcdctl \ 251 --cacert=/certs-common-name-auth/ca.crt \ 252 --cert=/certs-common-name-auth/server.crt \ 253 --key=/certs-common-name-auth/server.key.insecure \ 254 --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ 255 get aaa