Skip to content

Commit

Permalink
test: add test case to cover the CommonName based authentication
Browse files Browse the repository at this point in the history
Refer to #14764

Signed-off-by: Benjamin Wang <[email protected]>
  • Loading branch information
ahrtr committed Nov 17, 2022
1 parent 9849fa7 commit 4097c24
Show file tree
Hide file tree
Showing 2 changed files with 130 additions and 1 deletion.
108 changes: 107 additions & 1 deletion tests/e2e/ctl_v3_auth_no_proxy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,18 @@
// See the License for the specific language governing permissions and
// limitations under the License.

// These tests depends on certificate-based authentication that is NOT supported
// These tests depend on certificate-based authentication that is NOT supported
// by gRPC proxy.
//go:build !cluster_proxy
// +build !cluster_proxy

package e2e

import (
"fmt"
"sync"
"testing"
"time"
)

func TestCtlV3AuthCertCN(t *testing.T) {
Expand All @@ -32,3 +35,106 @@ func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
func TestCtlV3AuthCertCNAndUsernameNoPassword(t *testing.T) {
testCtl(t, authTestCertCNAndUsernameNoPassword, withCfg(*newConfigClientTLSCertAuth()))
}

func TestCtlV3AuthCertCNWithWithConcurrentOperation(t *testing.T) {
BeforeTest(t)

// apply the certificate which has `root` CommonName,
// and reset the setting when the test case finishes.
// TODO(ahrtr): enhance the e2e test framework to support
// certificates with CommonName.
t.Log("Apply certificate with root CommonName")
resetCert := applyTLSWithRootCommonName()
defer resetCert()

t.Log("Create an etcd cluster")
cx := getDefaultCtlCtx(t)
cx.cfg = etcdProcessClusterConfig{
clusterSize: 1,
clientTLS: clientTLS,
clientCertAuthEnabled: true,
initialToken: "new",
}

epc, err := newEtcdProcessCluster(t, &cx.cfg)
if err != nil {
t.Fatalf("Failed to start etcd cluster: %v", err)
}
cx.epc = epc
cx.dataDir = epc.procs[0].Config().dataDirPath

defer func() {
if err := epc.Close(); err != nil {
t.Fatalf("could not close test cluster (%v)", err)
}
}()

t.Log("Enable auth")
authEnableTest(cx)

// Create two goroutines, one goroutine keeps creating & deleting users,
// and the other goroutine keeps writing & deleting K/V entries.
var wg sync.WaitGroup
wg.Add(2)
errs := make(chan error, 2)
donec := make(chan struct{})

// Create the first goroutine to create & delete users
t.Log("Create the first goroutine to create & delete users")
go func() {
defer wg.Done()
for i := 0; i < 100; i++ {
user := fmt.Sprintf("testuser-%d", i)
pass := fmt.Sprintf("testpass-%d", i)

if err := ctlV3User(cx, []string{"add", user, "--interactive=false"}, fmt.Sprintf("User %s created", user), []string{pass}); err != nil {
errs <- fmt.Errorf("failed to create user %q: %w", user, err)
break
}

err := ctlV3User(cx, []string{"delete", user}, fmt.Sprintf("User %s deleted", user), []string{})
if err != nil {
errs <- fmt.Errorf("failed to delete user %q: %w", user, err)
break
}
}
t.Log("The first goroutine finished")
}()

// Create the second goroutine to write & delete K/V entries
t.Log("Create the second goroutine to write & delete K/V entries")
go func() {
defer wg.Done()
for i := 0; i < 100; i++ {
key := fmt.Sprintf("key-%d", i)
value := fmt.Sprintf("value-%d", i)

if err := ctlV3Put(cx, key, value, ""); err != nil {
errs <- fmt.Errorf("failed to put key %q: %w", key, err)
break
}

if err := ctlV3Del(cx, []string{key}, 1); err != nil {
errs <- fmt.Errorf("failed to delete key %q: %w", key, err)
break
}
}
t.Log("The second goroutine finished")
}()

t.Log("Waiting for the two goroutines to complete")
go func() {
wg.Wait()
close(donec)
}()

t.Log("Waiting for test result")
select {
case err := <-errs:
t.Fatalf("Unexpected error: %v", err)
case <-donec:
t.Log("All done!")
case <-time.After(60 * time.Second):
t.Fatal("Test case timeout after 60 seconds")
}
}
23 changes: 23 additions & 0 deletions tests/e2e/ctl_v3_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"fmt"
"net/url"
"os"
"path/filepath"
"syscall"
"testing"
"time"
Expand Down Expand Up @@ -100,6 +101,28 @@ func authEnable(cx ctlCtx) error {
return nil
}

func applyTLSWithRootCommonName() func() {
var (
oldCertPath = certPath
oldPrivateKeyPath = privateKeyPath
oldCaPath = caPath

newCertPath = filepath.Join(fixturesDir, "CommonName-root.crt")
newPrivateKeyPath = filepath.Join(fixturesDir, "CommonName-root.key")
newCaPath = filepath.Join(fixturesDir, "CommonName-root.crt")
)

certPath = newCertPath
privateKeyPath = newPrivateKeyPath
caPath = newCaPath

return func() {
certPath = oldCertPath
privateKeyPath = oldPrivateKeyPath
caPath = oldCaPath
}
}

func ctlV3AuthEnable(cx ctlCtx) error {
cmdArgs := append(cx.PrefixArgs(), "auth", "enable")
return spawnWithExpectWithEnv(cmdArgs, cx.envMap, "Authentication Enabled")
Expand Down

0 comments on commit 4097c24

Please sign in to comment.