From 3b743fea7d206af83dcffd511500e6566cced2cb Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Date: Mon, 5 Jun 2017 16:29:24 +0900
Subject: [PATCH] e2e: add a test case for protecting lease revoking with auth

---
 e2e/ctl_v3_auth_test.go  | 34 ++++++++++++++++++++++++++++++++++
 e2e/ctl_v3_lease_test.go |  5 +++++
 2 files changed, 39 insertions(+)

diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go
index 1028cfd63565..67ad22359cea 100644
--- a/e2e/ctl_v3_auth_test.go
+++ b/e2e/ctl_v3_auth_test.go
@@ -39,6 +39,7 @@ func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWith
 func TestCtlV3AuthInvalidMgmt(t *testing.T)      { testCtl(t, authTestInvalidMgmt) }
 func TestCtlV3AuthFromKeyPerm(t *testing.T)      { testCtl(t, authTestFromKeyPerm) }
 func TestCtlV3AuthAndWatch(t *testing.T)         { testCtl(t, authTestWatch) }
+func TestCtlV3AuthAndLease(t *testing.T)         { testCtl(t, authTestLease) }
 
 func authEnableTest(cx ctlCtx) {
 	if err := authEnable(cx); err != nil {
@@ -739,3 +740,36 @@ func authTestWatch(cx ctlCtx) {
 	}
 
 }
+
+func authTestLease(cx ctlCtx) {
+	if err := authEnable(cx); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	cx.user, cx.pass = "root", "root"
+	authSetupTestUser(cx)
+
+	leaseID, err := ctlV3LeaseGrant(cx, 10)
+	if err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3LeaseGrant error (%v)", err)
+	}
+	if err := ctlV3Put(cx, "key", "val", leaseID); err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3Put error (%v)", err)
+	}
+
+	// test-user isn't granted the write permission of key, so revoking should be failed
+	cx.user, cx.pass = "test-user", "pass"
+	if err := ctlV3LeaseRevokeFailWithPerm(cx, leaseID); err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3LeaseRevok should be failed but succeed (%v)", err)
+	}
+
+	// root can revoke
+	cx.user, cx.pass = "root", "root"
+	if err := ctlV3LeaseRevoke(cx, leaseID); err != nil {
+		cx.t.Fatalf("authTestLease: ctlV3LeaseRevok error (%v)", err)
+	}
+	if err := ctlV3Get(cx, []string{"key"}); err != nil { // expect no output
+		cx.t.Fatalf("authTestLease: ctlV3Get error (%v)", err)
+	}
+
+}
diff --git a/e2e/ctl_v3_lease_test.go b/e2e/ctl_v3_lease_test.go
index d27060a6430f..6765e4061cda 100644
--- a/e2e/ctl_v3_lease_test.go
+++ b/e2e/ctl_v3_lease_test.go
@@ -126,3 +126,8 @@ func ctlV3LeaseRevoke(cx ctlCtx, leaseID string) error {
 	cmdArgs := append(cx.PrefixArgs(), "lease", "revoke", leaseID)
 	return spawnWithExpect(cmdArgs, fmt.Sprintf("lease %s revoked", leaseID))
 }
+
+func ctlV3LeaseRevokeFailWithPerm(cx ctlCtx, leaseID string) error {
+	cmdArgs := append(cx.PrefixArgs(), "lease", "revoke", leaseID)
+	return spawnWithExpect(cmdArgs, "Error:  failed to revoke lease (etcdserver: permission denied)")
+}