Skip to content

Commit

Permalink
Auth: improve auth coverage
Browse files Browse the repository at this point in the history
adds tests for uncovered auth funcs

Issue etcd-io#9734
  • Loading branch information
essamhassan committed Oct 1, 2018
1 parent 60fd69a commit ffbdb45
Show file tree
Hide file tree
Showing 2 changed files with 126 additions and 0 deletions.
41 changes: 41 additions & 0 deletions auth/range_perm_cache_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,44 @@ func TestRangePermission(t *testing.T) {
}
}
}

func TestKeyPermission(t *testing.T) {
tests := []struct {
perms []adt.Interval
key []byte
want bool
}{
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("c")), adt.NewBytesAffineInterval([]byte("x"), []byte("z"))},
[]byte("f"),
false,
},
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("f")), adt.NewBytesAffineInterval([]byte("c"), []byte("d")), adt.NewBytesAffineInterval([]byte("f"), []byte("z"))},
[]byte("b"),
true,
},
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("d")), adt.NewBytesAffineInterval([]byte("a"), []byte("b")), adt.NewBytesAffineInterval([]byte("c"), []byte("f"))},
[]byte("d"),
true,
},
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("d")), adt.NewBytesAffineInterval([]byte("a"), []byte("b")), adt.NewBytesAffineInterval([]byte("c"), []byte("f"))},
[]byte("f"),
false,
},
}

for i, tt := range tests {
readPerms := &adt.IntervalTree{}
for _, p := range tt.perms {
readPerms.Insert(p, struct{}{})
}

result := checkKeyPoint(zap.NewExample(), &unifiedRangePermissions{readPerms: readPerms}, tt.key, authpb.READ)
if result != tt.want {
t.Errorf("#%d: result=%t, want=%t", i, result, tt.want)
}
}
}
85 changes: 85 additions & 0 deletions auth/store_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,18 @@ func TestUserAdd(t *testing.T) {
}
}

func TestRecover(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)

as.enabled = false
as.Recover(as.be)

if !as.IsAuthEnabled() {
t.Fatalf("expected auth enabled got disabled")
}
}

func TestCheckPassword(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
Expand Down Expand Up @@ -279,6 +291,73 @@ func TestUserGrant(t *testing.T) {
}
}

func TestHasRole(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)

// grants a role to the user
_, err := as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test"})
if err != nil {
t.Fatal(err)
}

// checks role reflects correctly
hr := as.HasRole("foo", "role-test")
if !hr {
t.Fatal("expected role granted, got false")
}

// checks non existent role
hr = as.HasRole("foo", "non-existent-role")
if hr {
t.Fatal("expected role not found, got true")
}

// checks non existent user
hr = as.HasRole("nouser", "role-test")
if hr {
t.Fatal("expected user not found got true")
}
}

func TestIsOpPermitted(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)

// add new role
_, err := as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test-1"})
if err != nil {
t.Fatal(err)
}

perm := &authpb.Permission{
PermType: authpb.WRITE,
Key: []byte("Keys"),
RangeEnd: []byte("RangeEnd"),
}

_, err = as.RoleGrantPermission(&pb.AuthRoleGrantPermissionRequest{
Name: "role-test-1",
Perm: perm,
})
if err != nil {
t.Fatal(err)
}

// grants a role to the user
_, err = as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test-1"})
if err != nil {
t.Fatal(err)
}

// check permission reflected to user

err = as.isOpPermitted("foo", as.Revision(), perm.Key, perm.RangeEnd, perm.PermType)
if err != nil {
t.Fatal(err)
}
}

func TestGetUser(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
Expand All @@ -299,6 +378,12 @@ func TestGetUser(t *testing.T) {
if !reflect.DeepEqual(expected, u.Roles) {
t.Errorf("expected %v, got %v", expected, u.Roles)
}

// check non existent user
_, err = as.UserGet(&pb.AuthUserGetRequest{Name: "nouser"})
if err == nil {
t.Errorf("expected %v, got %v", ErrUserNotFound, err)
}
}

func TestListUsers(t *testing.T) {
Expand Down

0 comments on commit ffbdb45

Please sign in to comment.