1// Copyright 2016 The etcd Authors 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package integration 16 17import ( 18 "context" 19 "testing" 20 21 "github.com/coreos/etcd/clientv3" 22 "github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes" 23 "github.com/coreos/etcd/integration" 24 "github.com/coreos/etcd/pkg/testutil" 25) 26 27func TestUserError(t *testing.T) { 28 defer testutil.AfterTest(t) 29 30 clus := integration.NewClusterV3(t, &integration.ClusterConfig{Size: 1}) 31 defer clus.Terminate(t) 32 33 authapi := clus.RandClient() 34 35 _, err := authapi.UserAdd(context.TODO(), "foo", "bar") 36 if err != nil { 37 t.Fatal(err) 38 } 39 40 _, err = authapi.UserAdd(context.TODO(), "foo", "bar") 41 if err != rpctypes.ErrUserAlreadyExist { 42 t.Fatalf("expected %v, got %v", rpctypes.ErrUserAlreadyExist, err) 43 } 44 45 _, err = authapi.UserDelete(context.TODO(), "not-exist-user") 46 if err != rpctypes.ErrUserNotFound { 47 t.Fatalf("expected %v, got %v", rpctypes.ErrUserNotFound, err) 48 } 49 50 _, err = authapi.UserGrantRole(context.TODO(), "foo", "test-role-does-not-exist") 51 if err != rpctypes.ErrRoleNotFound { 52 t.Fatalf("expected %v, got %v", rpctypes.ErrRoleNotFound, err) 53 } 54} 55 56func TestUserErrorAuth(t *testing.T) { 57 defer testutil.AfterTest(t) 58 59 clus := integration.NewClusterV3(t, &integration.ClusterConfig{Size: 1}) 60 defer clus.Terminate(t) 61 62 authapi := clus.RandClient() 63 authSetupRoot(t, authapi.Auth) 64 65 // unauthenticated client 66 if _, err := authapi.UserAdd(context.TODO(), "foo", "bar"); err != rpctypes.ErrUserEmpty { 67 t.Fatalf("expected %v, got %v", rpctypes.ErrUserEmpty, err) 68 } 69 70 // wrong id or password 71 cfg := clientv3.Config{Endpoints: authapi.Endpoints()} 72 cfg.Username, cfg.Password = "wrong-id", "123" 73 if _, err := clientv3.New(cfg); err != rpctypes.ErrAuthFailed { 74 t.Fatalf("expected %v, got %v", rpctypes.ErrAuthFailed, err) 75 } 76 cfg.Username, cfg.Password = "root", "wrong-pass" 77 if _, err := clientv3.New(cfg); err != rpctypes.ErrAuthFailed { 78 t.Fatalf("expected %v, got %v", rpctypes.ErrAuthFailed, err) 79 } 80 81 cfg.Username, cfg.Password = "root", "123" 82 authed, err := clientv3.New(cfg) 83 if err != nil { 84 t.Fatal(err) 85 } 86 defer authed.Close() 87 88 if _, err := authed.UserList(context.TODO()); err != nil { 89 t.Fatal(err) 90 } 91} 92 93func authSetupRoot(t *testing.T, auth clientv3.Auth) { 94 if _, err := auth.UserAdd(context.TODO(), "root", "123"); err != nil { 95 t.Fatal(err) 96 } 97 if _, err := auth.RoleAdd(context.TODO(), "root"); err != nil { 98 t.Fatal(err) 99 } 100 if _, err := auth.UserGrantRole(context.TODO(), "root", "root"); err != nil { 101 t.Fatal(err) 102 } 103 if _, err := auth.AuthEnable(context.TODO()); err != nil { 104 t.Fatal(err) 105 } 106} 107