v2http: allow empty role for GET '/users'

[gyuho]

Fix #5246.

[gyuho]

Previous:

./bin/etcdctl user add root:a
# auth: created user root

curl -L -X PUT  http://127.0.0.1:2379/v2/auth/users/root -d '{"user": "root", "grant": ["foo"]}'
# auth: updated user root

curl -L -u root http://127.0.0.1:2379/v2/auth/users
# {"message":"auth: Role foo does not exist."}

Now it returns "role":"":

./bin/etcdctl user add root:a
# User root created

curl -L -X PUT  http://127.0.0.1:2379/v2/auth/users/root -d '{"user": "root", "grant": ["foo"]}'
# auth: updated user root

curl -L -u root http://127.0.0.1:2379/v2/auth/users
# Enter host password for user 'root':
# {"users":[{"user":"root","roles":[{"role":"","permissions":{"kv":{"read":null,"write":null}}},{"role":"root","permissions":{"kv":{"read":["/*"],"write":["/*"]}}}]}]}

# server side
2016-05-04 13:58:53.028400 W | v2http: GetRole foo error (auth: Role foo does not exist.)

/cc @xiang90 @heyitsanthony

Please review.

Thanks.

[heyitsanthony]

should this continue instead of falling through and appending an empty role?

[gyuho]

Right, will fix. Thanks.

[gyuho]

Just fixed. PTAL. Thanks.

[xiang90]

i guess we should just remove the warning. this is nothing actually... etcd-users can assign a non-existing role to a user.

[gyuho]

Sure, will remove.

[heyitsanthony]

lgtm, deferring to @xiang90

[xiang90]

this test does not really belong here. we should add a test in client_auth_test.go. e2e test is to ensure the correctness of etcdctl/etcd interaction, not to ensure the correctness of the server itself.

[gyuho]

@xiang90 I moved the test into v2http pkg. PTAL. Thanks.

[gyuho]

@xiang90 Now test only tests the baseUser handler (mock auth store change was needed as well).

PTAL

[xiang90]

first we need to ensure the user root does exist.

[gyuho]

first we need to ensure the user root does exist.

Can you explain more? Current output is:

{"users":[{"user":"root","roles":[{"role":"root","permissions":{"kv":{"read":["/"],"write":["/"]}}}]}]}

I thought we want to return empty role just for the non-existing foo?

[gyuho]

Ok nvm. You said does exist... :) Will fix.

[xiang90]

this test does not ensure user root exist. it only fails if root exists and foo exists. it should also fail if root does not exist.

[gyuho]

All addressed. PTAL.

[xiang90]

just remove this range. get user root directly.

[xiang90]

if len(us.Users) != 1 {t.fatal(...)}

u := us.Users[0]
if u.User != "root" {t.fatal()}
...

[gyuho]

ok will fix.

[gyuho]

@xiang90 Actually, we can't check the user number because we use that mockStore for other tests, so AllUsers method returns 3 users now... https://github.com/coreos/etcd/blob/master/etcdserver/api/v2http/client_auth_test.go#L46

[xiang90]

@xiang90 Actually, we can't check the user number because we use that mockStore for other tests, so AllUsers method returns 3 users now...

Can we fix it? I do not really care about that 3 actually. I should just get the user out of the users and do what we need to do instead of ranging over every users. That makes the code more readable.

[gyuho]

@xiang90 We can have another type of mock store for this test, or remove test cases using those 3 users. Which one do we prefer?

[xiang90]

@gyuho Which one is simpler. Or just keep the 3 there but get the root user out of them.

[gyuho]

@xiang90 I fixed the AllUsers for mock store to make it work for our new test. Works now.

PTAL.

Thanks!

[xiang90]

LGTM

[gyuho]

Thanks. Merging in greens.