Lines Matching refs:cx
77 func authEnableTest(cx ctlCtx) {
78 if err := authEnable(cx); err != nil {
79 cx.t.Fatal(err)
83 func authEnable(cx ctlCtx) error {
85 …if err := ctlV3User(cx, []string{"add", "root", "--interactive=false"}, "User root created", []str…
88 …if err := ctlV3User(cx, []string{"grant-role", "root", "root"}, "Role root is granted to user root…
91 if err := ctlV3AuthEnable(cx); err != nil {
97 func ctlV3AuthEnable(cx ctlCtx) error {
98 cmdArgs := append(cx.PrefixArgs(), "auth", "enable")
102 func authDisableTest(cx ctlCtx) {
104 if err := ctlV3Put(cx, "hoo", "a", ""); err != nil {
105 cx.t.Fatal(err)
108 if err := authEnable(cx); err != nil {
109 cx.t.Fatal(err)
112 cx.user, cx.pass = "root", "root"
113 authSetupTestUser(cx)
116 cx.user, cx.pass = "test-user", "pass"
117 if err := ctlV3PutFailPerm(cx, "hoo", "bar"); err != nil {
118 cx.t.Fatal(err)
121 cx.user, cx.pass = "root", "root"
122 if err := ctlV3AuthDisable(cx); err != nil {
123 cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err)
127 cx.user, cx.pass = "test-user", "pass"
128 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
129 cx.t.Fatal(err)
133 cx.user, cx.pass = "", ""
134 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
135 cx.t.Fatal(err)
138 if err := ctlV3Get(cx, []string{"hoo"}, []kv{{"hoo", "bar"}}...); err != nil {
139 cx.t.Fatal(err)
143 func ctlV3AuthDisable(cx ctlCtx) error {
144 cmdArgs := append(cx.PrefixArgs(), "auth", "disable")
148 func authStatusTest(cx ctlCtx) {
149 cmdArgs := append(cx.PrefixArgs(), "auth", "status")
151 cx.t.Fatal(err)
154 if err := authEnable(cx); err != nil {
155 cx.t.Fatal(err)
158 cx.user, cx.pass = "root", "root"
159 cmdArgs = append(cx.PrefixArgs(), "auth", "status")
162 cx.t.Fatal(err)
165 cmdArgs = append(cx.PrefixArgs(), "auth", "status", "--write-out", "json")
167 cx.t.Fatal(err)
170 cx.t.Fatal(err)
174 func authCredWriteKeyTest(cx ctlCtx) {
176 if err := ctlV3Put(cx, "foo", "a", ""); err != nil {
177 cx.t.Fatal(err)
180 if err := authEnable(cx); err != nil {
181 cx.t.Fatal(err)
184 cx.user, cx.pass = "root", "root"
185 authSetupTestUser(cx)
188 if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
189 cx.t.Fatal(err)
191 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
192 cx.t.Fatal(err)
196 cx.user, cx.pass = "a", "b"
197 if err := ctlV3PutFailAuth(cx, "foo", "bar"); err != nil {
198 cx.t.Fatal(err)
201 cx.user, cx.pass = "test-user", "pass"
202 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
203 cx.t.Fatal(err)
207 cx.user, cx.pass = "test-user", "pass"
208 if err := ctlV3Put(cx, "foo", "bar2", ""); err != nil {
209 cx.t.Fatal(err)
212 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar2"}}...); err != nil {
213 cx.t.Fatal(err)
217 cx.user, cx.pass = "test-user", "badpass"
218 if err := ctlV3PutFailAuth(cx, "foo", "baz"); err != nil {
219 cx.t.Fatal(err)
222 cx.user, cx.pass = "test-user", "pass"
223 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar2"}}...); err != nil {
224 cx.t.Fatal(err)
228 func authRoleUpdateTest(cx ctlCtx) {
229 if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
230 cx.t.Fatal(err)
233 if err := authEnable(cx); err != nil {
234 cx.t.Fatal(err)
237 cx.user, cx.pass = "root", "root"
238 authSetupTestUser(cx)
241 cx.user, cx.pass = "test-user", "pass"
242 if err := ctlV3PutFailPerm(cx, "hoo", "bar"); err != nil {
243 cx.t.Fatal(err)
247 cx.user, cx.pass = "root", "root"
248 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false}); e…
249 cx.t.Fatal(err)
253 cx.user, cx.pass = "test-user", "pass"
254 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
255 cx.t.Fatal(err)
258 if err := ctlV3Get(cx, []string{"hoo"}, []kv{{"hoo", "bar"}}...); err != nil {
259 cx.t.Fatal(err)
263 cx.user, cx.pass = "root", "root"
264 if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", "", false); err != nil {
265 cx.t.Fatal(err)
269 cx.user, cx.pass = "test-user", "pass"
270 if err := ctlV3PutFailPerm(cx, "hoo", "bar"); err != nil {
271 cx.t.Fatal(err)
275 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
276 cx.t.Fatal(err)
280 func authUserDeleteDuringOpsTest(cx ctlCtx) {
281 if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
282 cx.t.Fatal(err)
285 if err := authEnable(cx); err != nil {
286 cx.t.Fatal(err)
289 cx.user, cx.pass = "root", "root"
290 authSetupTestUser(cx)
293 cx.user, cx.pass = "test-user", "pass"
294 if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
295 cx.t.Fatal(err)
298 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
299 cx.t.Fatal(err)
303 cx.user, cx.pass = "root", "root"
304 err := ctlV3User(cx, []string{"delete", "test-user"}, "User test-user deleted", []string{})
306 cx.t.Fatal(err)
310 cx.user, cx.pass = "test-user", "pass"
311 if err := ctlV3PutFailAuth(cx, "foo", "baz"); err != nil {
312 cx.t.Fatal(err)
316 func authRoleRevokeDuringOpsTest(cx ctlCtx) {
317 if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
318 cx.t.Fatal(err)
321 if err := authEnable(cx); err != nil {
322 cx.t.Fatal(err)
325 cx.user, cx.pass = "root", "root"
326 authSetupTestUser(cx)
329 cx.user, cx.pass = "test-user", "pass"
330 if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
331 cx.t.Fatal(err)
334 if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
335 cx.t.Fatal(err)
339 cx.user, cx.pass = "root", "root"
340 if err := ctlV3Role(cx, []string{"add", "test-role2"}, "Role test-role2 created"); err != nil {
341 cx.t.Fatal(err)
344 …if err := ctlV3RoleGrantPermission(cx, "test-role2", grantingPerm{true, true, "hoo", "", false}); …
345 cx.t.Fatal(err)
348 …if err := ctlV3User(cx, []string{"grant-role", "test-user", "test-role2"}, "Role test-role2 is gra…
349 cx.t.Fatal(err)
353 cx.user, cx.pass = "test-user", "pass"
354 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
355 cx.t.Fatal(err)
358 if err := ctlV3Get(cx, []string{"hoo"}, []kv{{"hoo", "bar"}}...); err != nil {
359 cx.t.Fatal(err)
363 cx.user, cx.pass = "root", "root"
364 …err := ctlV3User(cx, []string{"revoke-role", "test-user", "test-role"}, "Role test-role is revoked…
366 cx.t.Fatal(err)
370 cx.user, cx.pass = "test-user", "pass"
371 if err := ctlV3PutFailPerm(cx, "foo", "baz"); err != nil {
372 cx.t.Fatal(err)
376 cx.user, cx.pass = "test-user", "pass"
377 if err := ctlV3Put(cx, "hoo", "bar2", ""); err != nil {
378 cx.t.Fatal(err)
381 if err := ctlV3Get(cx, []string{"hoo"}, []kv{{"hoo", "bar2"}}...); err != nil {
382 cx.t.Fatal(err)
386 func ctlV3PutFailAuth(cx ctlCtx, key, val string) error {
387 return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "authentication failed")
390 func ctlV3PutFailPerm(cx ctlCtx, key, val string) error {
391 return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "permission denied")
394 func authSetupTestUser(cx ctlCtx) {
395 …if err := ctlV3User(cx, []string{"add", "test-user", "--interactive=false"}, "User test-user creat…
396 cx.t.Fatal(err)
398 …if err := spawnWithExpect(append(cx.PrefixArgs(), "role", "add", "test-role"), "Role test-role cre…
399 cx.t.Fatal(err)
401 …if err := ctlV3User(cx, []string{"grant-role", "test-user", "test-role"}, "Role test-role is grant…
402 cx.t.Fatal(err)
404 cmd := append(cx.PrefixArgs(), "role", "grant-permission", "test-role", "readwrite", "foo")
406 cx.t.Fatal(err)
410 func authTestTxn(cx ctlCtx) {
417 if err := ctlV3Put(cx, key, "v", ""); err != nil {
418 cx.t.Fatal(err)
423 if err := ctlV3Put(cx, key, "v", ""); err != nil {
424 cx.t.Fatal(err)
428 if err := authEnable(cx); err != nil {
429 cx.t.Fatal(err)
432 cx.user, cx.pass = "root", "root"
433 authSetupTestUser(cx)
436 cx.user, cx.pass = "root", "root"
438 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, key, "", false}); err…
439 cx.t.Fatal(err)
444 cx.interactive = true
445 cx.user, cx.pass = "test-user", "pass"
453 if err := ctlV3Txn(cx, rqs); err != nil {
454 cx.t.Fatal(err)
464 if err := ctlV3Txn(cx, rqs); err != nil {
465 cx.t.Fatal(err)
475 if err := ctlV3Txn(cx, rqs); err != nil {
476 cx.t.Fatal(err)
486 if err := ctlV3Txn(cx, rqs); err != nil {
487 cx.t.Fatal(err)
491 func authTestPrefixPerm(cx ctlCtx) {
492 if err := authEnable(cx); err != nil {
493 cx.t.Fatal(err)
496 cx.user, cx.pass = "root", "root"
497 authSetupTestUser(cx)
501 cx.user, cx.pass = "root", "root"
502 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, prefix, "", true}); e…
503 cx.t.Fatal(err)
507 cx.user, cx.pass = "test-user", "pass"
510 if err := ctlV3Put(cx, key, "val", ""); err != nil {
511 cx.t.Fatal(err)
515 if err := ctlV3PutFailPerm(cx, clientv3.GetPrefixRangeEnd(prefix), "baz"); err != nil {
516 cx.t.Fatal(err)
520 cx.user, cx.pass = "root", "root"
521 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "", true}); err !…
522 cx.t.Fatal(err)
526 cx.user, cx.pass = "test-user", "pass"
529 if err := ctlV3Put(cx, key, "val", ""); err != nil {
530 cx.t.Fatal(err)
535 func authTestMemberAdd(cx ctlCtx) {
536 if err := authEnable(cx); err != nil {
537 cx.t.Fatal(err)
540 cx.user, cx.pass = "root", "root"
541 authSetupTestUser(cx)
545 cx.user, cx.pass = "test-user", "pass"
546 if err := ctlV3MemberAdd(cx, peerURL, false); err == nil {
547 cx.t.Fatalf("ordinary user must not be allowed to add a member")
551 cx.user, cx.pass = "root", "root"
552 if err := ctlV3MemberAdd(cx, peerURL, false); err != nil {
553 cx.t.Fatal(err)
557 func authTestMemberRemove(cx ctlCtx) {
558 if err := authEnable(cx); err != nil {
559 cx.t.Fatal(err)
562 cx.user, cx.pass = "root", "root"
563 authSetupTestUser(cx)
565 ep, memIDToRemove, clusterID := cx.memberToRemove()
568 cx.user, cx.pass = "test-user", "pass"
569 if err := ctlV3MemberRemove(cx, ep, memIDToRemove, clusterID); err == nil {
570 cx.t.Fatalf("ordinary user must not be allowed to remove a member")
574 cx.user, cx.pass = "root", "root"
575 if err := ctlV3MemberRemove(cx, ep, memIDToRemove, clusterID); err != nil {
576 cx.t.Fatal(err)
580 func authTestMemberUpdate(cx ctlCtx) {
581 if err := authEnable(cx); err != nil {
582 cx.t.Fatal(err)
585 cx.user, cx.pass = "root", "root"
586 authSetupTestUser(cx)
588 mr, err := getMemberList(cx)
590 cx.t.Fatal(err)
594 cx.user, cx.pass = "test-user", "pass"
597 if err = ctlV3MemberUpdate(cx, memberID, peerURL); err == nil {
598 cx.t.Fatalf("ordinary user must not be allowed to update a member")
602 cx.user, cx.pass = "root", "root"
603 if err = ctlV3MemberUpdate(cx, memberID, peerURL); err != nil {
604 cx.t.Fatal(err)
608 func authTestCertCN(cx ctlCtx) {
609 if err := authEnable(cx); err != nil {
610 cx.t.Fatal(err)
613 cx.user, cx.pass = "root", "root"
614 …if err := ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com c…
615 cx.t.Fatal(err)
617 …if err := spawnWithExpect(append(cx.PrefixArgs(), "role", "add", "test-role"), "Role test-role cre…
618 cx.t.Fatal(err)
620 …if err := ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is gra…
621 cx.t.Fatal(err)
625 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false}); e…
626 cx.t.Fatal(err)
630 cx.user, cx.pass = "", ""
631 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
632 cx.t.Error(err)
636 cx.user, cx.pass = "", ""
637 if err := ctlV3PutFailPerm(cx, "baz", "bar"); err != nil {
638 cx.t.Error(err)
642 func authTestRevokeWithDelete(cx ctlCtx) {
643 if err := authEnable(cx); err != nil {
644 cx.t.Fatal(err)
647 cx.user, cx.pass = "root", "root"
648 authSetupTestUser(cx)
651 cx.user, cx.pass = "root", "root"
652 if err := ctlV3Role(cx, []string{"add", "test-role2"}, "Role test-role2 created"); err != nil {
653 cx.t.Fatal(err)
657 …if err := ctlV3User(cx, []string{"grant-role", "test-user", "test-role2"}, "Role test-role2 is gra…
658 cx.t.Fatal(err)
662 …if err := ctlV3User(cx, []string{"get", "test-user"}, "Roles: test-role test-role2", nil); err != …
663 cx.t.Fatal(err)
667 if err := ctlV3Role(cx, []string{"delete", "test-role2"}, "Role test-role2 deleted"); err != nil {
668 cx.t.Fatal(err)
672 if err := ctlV3User(cx, []string{"get", "test-user"}, "Roles: test-role", nil); err != nil {
673 cx.t.Fatal(err)
677 func authTestInvalidMgmt(cx ctlCtx) {
678 if err := authEnable(cx); err != nil {
679 cx.t.Fatal(err)
682 …if err := ctlV3Role(cx, []string{"delete", "root"}, "Error: etcdserver: invalid auth management");…
683 cx.t.Fatal("deleting the role root must not be allowed")
686 …if err := ctlV3User(cx, []string{"revoke-role", "root", "root"}, "Error: etcdserver: invalid auth …
687 cx.t.Fatal("revoking the role root from the user root must not be allowed")
691 func authTestFromKeyPerm(cx ctlCtx) {
692 if err := authEnable(cx); err != nil {
693 cx.t.Fatal(err)
696 cx.user, cx.pass = "root", "root"
697 authSetupTestUser(cx)
700 cx.user, cx.pass = "root", "root"
701 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false});…
702 cx.t.Fatal(err)
706 cx.user, cx.pass = "test-user", "pass"
709 if err := ctlV3Put(cx, key, "val", ""); err != nil {
710 cx.t.Fatal(err)
716 if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
717 cx.t.Fatal(err)
722 if err := ctlV3PutFailPerm(cx, "x", "baz"); err != nil {
723 cx.t.Fatal(err)
727 cx.user, cx.pass = "root", "root"
728 if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
729 cx.t.Fatal(err)
733 cx.user, cx.pass = "test-user", "pass"
736 if err := ctlV3PutFailPerm(cx, key, "val"); err != nil {
737 cx.t.Fatal(err)
742 cx.user, cx.pass = "root", "root"
743 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}); …
744 cx.t.Fatal(err)
748 cx.user, cx.pass = "test-user", "pass"
751 if err := ctlV3Put(cx, key, "val", ""); err != nil {
752 cx.t.Fatal(err)
757 cx.user, cx.pass = "root", "root"
758 if err := ctlV3RoleRevokePermission(cx, "test-role", "", "", true); err != nil {
759 cx.t.Fatal(err)
763 cx.user, cx.pass = "test-user", "pass"
766 if err := ctlV3PutFailPerm(cx, key, "val"); err != nil {
767 cx.t.Fatal(err)
772 func authLeaseTestKeepAlive(cx ctlCtx) {
773 if err := authEnable(cx); err != nil {
774 cx.t.Fatal(err)
777 cx.user, cx.pass = "root", "root"
778 authSetupTestUser(cx)
780 leaseID, err := ctlV3LeaseGrant(cx, 10)
782 cx.t.Fatalf("leaseTestKeepAlive: ctlV3LeaseGrant error (%v)", err)
784 if err := ctlV3Put(cx, "key", "val", leaseID); err != nil {
785 cx.t.Fatalf("leaseTestKeepAlive: ctlV3Put error (%v)", err)
787 if err := ctlV3LeaseKeepAlive(cx, leaseID); err != nil {
788 cx.t.Fatalf("leaseTestKeepAlive: ctlV3LeaseKeepAlive error (%v)", err)
790 if err := ctlV3Get(cx, []string{"key"}, kv{"key", "val"}); err != nil {
791 cx.t.Fatalf("leaseTestKeepAlive: ctlV3Get error (%v)", err)
795 func authLeaseTestTimeToLiveExpired(cx ctlCtx) {
796 if err := authEnable(cx); err != nil {
797 cx.t.Fatal(err)
800 cx.user, cx.pass = "root", "root"
801 authSetupTestUser(cx)
804 if err := leaseTestTimeToLiveExpire(cx, ttl); err != nil {
805 cx.t.Fatalf("leaseTestTimeToLiveExpire: error (%v)", err)
809 func authLeaseTestLeaseGrantLeases(cx ctlCtx) {
810 cx.user, cx.pass = "root", "root"
811 authSetupTestUser(cx)
813 if err := leaseTestGrantLeasesList(cx); err != nil {
814 cx.t.Fatalf("authLeaseTestLeaseGrantLeases: error (%v)", err)
818 func authLeaseTestLeaseRevoke(cx ctlCtx) {
819 cx.user, cx.pass = "root", "root"
820 authSetupTestUser(cx)
823 leaseID, err := ctlV3LeaseGrant(cx, 10)
825 cx.t.Fatalf("ctlV3LeaseGrant error (%v)", err)
827 if err := ctlV3Put(cx, "key", "val", leaseID); err != nil {
828 cx.t.Fatalf("ctlV3Put error (%v)", err)
830 if err := ctlV3LeaseRevoke(cx, leaseID); err != nil {
831 cx.t.Fatalf("ctlV3LeaseRevoke error (%v)", err)
833 …if err := ctlV3GetWithErr(cx, []string{"key"}, []string{"retrying of unary invoker failed"}); err …
834 cx.t.Fatalf("ctlV3GetWithErr error (%v)", err)
838 func authTestWatch(cx ctlCtx) {
839 if err := authEnable(cx); err != nil {
840 cx.t.Fatal(err)
843 cx.user, cx.pass = "root", "root"
844 authSetupTestUser(cx)
847 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}…
848 cx.t.Fatal(err)
885 cx.user, cx.pass = "test-user", "pass"
891 if err := ctlV3Put(cx, puts[j].key, puts[j].val, ""); err != nil {
892 cx.t.Errorf("watchTest #%d-%d: ctlV3Put error (%v)", i, j, err)
899 err = ctlV3Watch(cx, tt.args, tt.wkv...)
901 err = ctlV3WatchFailPerm(cx, tt.args)
905 if cx.dialTimeout > 0 && !isGRPCTimedout(err) {
906 cx.t.Errorf("watchTest #%d: ctlV3Watch error (%v)", i, err)
915 func authTestRoleGet(cx ctlCtx) {
916 if err := authEnable(cx); err != nil {
917 cx.t.Fatal(err)
919 cx.user, cx.pass = "root", "root"
920 authSetupTestUser(cx)
927 …if err := spawnWithExpects(append(cx.PrefixArgs(), "role", "get", "test-role"), expected...); err …
928 cx.t.Fatal(err)
932 cx.user, cx.pass = "test-user", "pass"
933 …if err := spawnWithExpects(append(cx.PrefixArgs(), "role", "get", "test-role"), expected...); err …
934 cx.t.Fatal(err)
941 …if err := spawnWithExpects(append(cx.PrefixArgs(), "role", "get", "root"), expected...); err != ni…
942 cx.t.Fatal(err)
946 func authTestUserGet(cx ctlCtx) {
947 if err := authEnable(cx); err != nil {
948 cx.t.Fatal(err)
950 cx.user, cx.pass = "root", "root"
951 authSetupTestUser(cx)
958 …if err := spawnWithExpects(append(cx.PrefixArgs(), "user", "get", "test-user"), expected...); err …
959 cx.t.Fatal(err)
963 cx.user, cx.pass = "test-user", "pass"
964 …if err := spawnWithExpects(append(cx.PrefixArgs(), "user", "get", "test-user"), expected...); err …
965 cx.t.Fatal(err)
972 …if err := spawnWithExpects(append(cx.PrefixArgs(), "user", "get", "root"), expected...); err != ni…
973 cx.t.Fatal(err)
977 func authTestRoleList(cx ctlCtx) {
978 if err := authEnable(cx); err != nil {
979 cx.t.Fatal(err)
981 cx.user, cx.pass = "root", "root"
982 authSetupTestUser(cx)
983 if err := spawnWithExpect(append(cx.PrefixArgs(), "role", "list"), "test-role"); err != nil {
984 cx.t.Fatal(err)
988 func authTestDefrag(cx ctlCtx) {
989 maintenanceInitKeys(cx)
991 if err := authEnable(cx); err != nil {
992 cx.t.Fatal(err)
995 cx.user, cx.pass = "root", "root"
996 authSetupTestUser(cx)
999 cx.user, cx.pass = "test-user", "pass"
1000 if err := ctlV3Defrag(cx); err == nil {
1001 cx.t.Fatal("ordinary user should not be able to issue a defrag request")
1005 cx.user, cx.pass = "root", "root"
1006 if err := ctlV3Defrag(cx); err != nil {
1007 cx.t.Fatal(err)
1011 func authTestSnapshot(cx ctlCtx) {
1012 maintenanceInitKeys(cx)
1014 if err := authEnable(cx); err != nil {
1015 cx.t.Fatal(err)
1018 cx.user, cx.pass = "root", "root"
1019 authSetupTestUser(cx)
1025 cx.user, cx.pass = "test-user", "pass"
1026 if err := ctlV3SnapshotSave(cx, fpath); err == nil {
1027 cx.t.Fatal("ordinary user should not be able to save a snapshot")
1031 cx.user, cx.pass = "root", "root"
1032 if err := ctlV3SnapshotSave(cx, fpath); err != nil {
1033 cx.t.Fatalf("snapshotTest ctlV3SnapshotSave error (%v)", err)
1036 st, err := getSnapshotStatus(cx, fpath)
1038 cx.t.Fatalf("snapshotTest getSnapshotStatus error (%v)", err)
1041 cx.t.Fatalf("expected 4, got %d", st.Revision)
1044 cx.t.Fatalf("expected at least 3, got %d", st.TotalKey)
1048 func authTestEndpointHealth(cx ctlCtx) {
1049 if err := authEnable(cx); err != nil {
1050 cx.t.Fatal(err)
1053 cx.user, cx.pass = "root", "root"
1054 authSetupTestUser(cx)
1056 if err := ctlV3EndpointHealth(cx); err != nil {
1057 cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
1061 cx.user, cx.pass = "test-user", "pass"
1062 if err := ctlV3EndpointHealth(cx); err != nil {
1063 cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
1067 cx.user, cx.pass = "root", "root"
1068 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false})…
1069 cx.t.Fatal(err)
1071 cx.user, cx.pass = "test-user", "pass"
1072 if err := ctlV3EndpointHealth(cx); err != nil {
1073 cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
1077 func certCNAndUsername(cx ctlCtx, noPassword bool) {
1078 if err := authEnable(cx); err != nil {
1079 cx.t.Fatal(err)
1082 cx.user, cx.pass = "root", "root"
1083 authSetupTestUser(cx)
1086 …if err := ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created…
1087 cx.t.Fatal(err)
1090 …if err := ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com c…
1091 cx.t.Fatal(err)
1094 …if err := spawnWithExpect(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), "Role test-role-…
1095 cx.t.Fatal(err)
1097 …if err := ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn …
1098 cx.t.Fatal(err)
1102 …if err := ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false})…
1103 cx.t.Fatal(err)
1107 …if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}); e…
1108 cx.t.Fatal(err)
1112 cx.user, cx.pass = "", ""
1113 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
1114 cx.t.Error(err)
1118 cx.user, cx.pass = "test-user", "pass"
1119 if err := ctlV3Put(cx, "bar", "bar", ""); err != nil {
1120 cx.t.Error(err)
1124 cx.user, cx.pass = "", ""
1125 if err := ctlV3PutFailPerm(cx, "baz", "bar"); err != nil {
1126 cx.t.Error(err)
1129 cx.user, cx.pass = "test-user", "pass"
1130 if err := ctlV3PutFailPerm(cx, "baz", "bar"); err != nil {
1131 cx.t.Error(err)
1135 func authTestCertCNAndUsername(cx ctlCtx) {
1136 certCNAndUsername(cx, false)
1139 func authTestCertCNAndUsernameNoPassword(cx ctlCtx) {
1140 certCNAndUsername(cx, true)
1143 func authTestJWTExpire(cx ctlCtx) {
1144 if err := authEnable(cx); err != nil {
1145 cx.t.Fatal(err)
1148 cx.user, cx.pass = "root", "root"
1149 authSetupTestUser(cx)
1152 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
1153 cx.t.Error(err)
1159 if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
1160 cx.t.Error(err)
1164 func authTestRevisionConsistency(cx ctlCtx) {
1165 if err := authEnable(cx); err != nil {
1166 cx.t.Fatal(err)
1168 cx.user, cx.pass = "root", "root"
1171 …if err := ctlV3User(cx, []string{"add", "test-user", "--interactive=false"}, "User test-user creat…
1172 cx.t.Fatal(err)
1175 …if err := ctlV3User(cx, []string{"delete", "test-user"}, "User test-user deleted", []string{}); er…
1176 cx.t.Fatal(err)
1180 node0 := cx.epc.procs[0]
1182 …ntv3.New(clientv3.Config{Endpoints: []string{endpoint}, Username: cx.user, Password: cx.pass, Dial…
1184 cx.t.Fatal(err)
1190 cx.t.Fatal(err)
1197 cx.t.Fatal(err)
1203 cx.t.Fatal(err)
1209 …cx.t.Fatalf("auth revison shouldn't change when restarting etcd, expected: %d, got: %d", oldAuthRe…