e2e: add a test case for protecting lease revoking with auth

etcd-io · Jun 5, 2017 · 27e9afc · 27e9afc
1 parent 7a505a0
commit 27e9afc
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go
@@ -39,6 +39,7 @@ func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWith
 func TestCtlV3AuthInvalidMgmt(t *testing.T)      { testCtl(t, authTestInvalidMgmt) }
 func TestCtlV3AuthFromKeyPerm(t *testing.T)      { testCtl(t, authTestFromKeyPerm) }
 func TestCtlV3AuthAndWatch(t *testing.T)         { testCtl(t, authTestWatch) }
+func TestCtlV3AuthAndLease(t *testing.T)         { testCtl(t, authTestLease) }
 
 func authEnableTest(cx ctlCtx) {
 	if err := authEnable(cx); err != nil {
@@ -739,3 +740,36 @@ func authTestWatch(cx ctlCtx) {
 	}
 
 }
+
+func authTestLease(cx ctlCtx) {
+	if err := authEnable(cx); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	cx.user, cx.pass = "root", "root"
+	authSetupTestUser(cx)
+
+	leaseID, err := ctlV3LeaseGrant(cx, 10)
+	if err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3LeaseGrant error (%v)", err)
+	}
+	if err := ctlV3Put(cx, "key", "val", leaseID); err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3Put error (%v)", err)
+	}
+
+	// test-user isn't granted the write permission of key, so revoking should be failed
+	cx.user, cx.pass = "test-user", "pass"
+	if err := ctlV3LeaseRevokeFailWithPerm(cx, leaseID); err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3LeaseRevok should be failed but succeed (%v)", err)
+	}
+
+	// root can revoke
+	cx.user, cx.pass = "root", "root"
+	if err := ctlV3LeaseRevoke(cx, leaseID); err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3LeaseRevok error (%v)", err)
+	}
+	if err := ctlV3Get(cx, []string{"key"}); err != nil { // expect no output
+		cx.t.Fatalf("authTestLease: ctlV3Get error (%v)", err)
+	}
+
+}
diff --git a/e2e/ctl_v3_lease_test.go b/e2e/ctl_v3_lease_test.go
@@ -126,3 +126,8 @@ func ctlV3LeaseRevoke(cx ctlCtx, leaseID string) error {
 	cmdArgs := append(cx.PrefixArgs(), "lease", "revoke", leaseID)
 	return spawnWithExpect(cmdArgs, fmt.Sprintf("lease %s revoked", leaseID))
 }
+
+func ctlV3LeaseRevokeFailWithPerm(cx ctlCtx, leaseID string) error {
+	cmdArgs := append(cx.PrefixArgs(), "lease", "revoke", leaseID)
+	return spawnWithExpect(cmdArgs, "Error:  failed to revoke lease (etcdserver: permission denied)")
+}