From 62acc83be6f9c844340a1c7758b162efe0fbb701 Mon Sep 17 00:00:00 2001 From: Benjamin Wang Date: Wed, 16 Nov 2022 14:59:18 +0800 Subject: [PATCH] test: add test case to cover the CommonName based authentication Refer to https://github.com/etcd-io/etcd/issues/14764 Signed-off-by: Benjamin Wang --- tests/e2e/ctl_v3_auth_cluster_test.go | 105 ++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/tests/e2e/ctl_v3_auth_cluster_test.go b/tests/e2e/ctl_v3_auth_cluster_test.go index 002c4f3fa0c5..a0d1f6e8cf00 100644 --- a/tests/e2e/ctl_v3_auth_cluster_test.go +++ b/tests/e2e/ctl_v3_auth_cluster_test.go @@ -17,6 +17,8 @@ package e2e import ( "context" "fmt" + "path/filepath" + "sync" "testing" "time" @@ -97,6 +99,109 @@ func TestAuthCluster(t *testing.T) { } +func TestAuthWithTLSCommonName(t *testing.T) { + e2e.BeforeTest(t) + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // apply the certificate which has `root` CommonName, + // and reset the setting when the test case finishes. + t.Log("Apply certificate with root CommonName") + resetCert := applyTLSWithRootCommonName() + defer resetCert() + + t.Log("Create etcd cluster") + epc, err := e2e.NewEtcdProcessCluster(ctx, t, nil, + e2e.WithClusterSize(1), + e2e.WithClientTLS(e2e.ClientTLS), + e2e.WithClientCertAuthEnabled(true), + ) + if err != nil { + t.Fatalf("could not start etcd process cluster (%v)", err) + } + defer func() { + if err := epc.Close(); err != nil { + t.Fatalf("could not close test cluster (%v)", err) + } + }() + + epcClient := epc.Client() + t.Log("Create users") + createUsers(ctx, t, epcClient) + + t.Log("Enable auth") + if err := epcClient.AuthEnable(ctx); err != nil { + t.Fatalf("could not enable Auth: (%v)", err) + } + + // Create two goroutines, one goroutine keeps creating & deleting users, + // and the other goroutine keeps writing & deleting K/V entries. + var wg sync.WaitGroup + wg.Add(2) + + // Create the first goroutine to create & delete users + t.Log("Create the first goroutine to create & delete users") + go func() { + defer wg.Done() + for i := 0; i < 100; i++ { + user := fmt.Sprintf("testuser-%d", i) + pass := fmt.Sprintf("testpass-%d", i) + if _, err := epcClient.UserAdd(ctx, user, pass, config.UserAddOptions{}); err != nil { + t.Fatalf("Failed to create user %q, error: %v", user, err) + } + + if _, err := epcClient.UserDelete(ctx, user); err != nil { + t.Fatalf("Failed to delete user %q, error: %v", user, err) + } + } + t.Log("The first goroutine finished") + }() + + // Create the second goroutine to write & delete K/V entries + t.Log("Create the second goroutine to write & delete K/V entries") + go func() { + defer wg.Done() + for i := 0; i < 100; i++ { + key := fmt.Sprintf("key-%d", i) + value := fmt.Sprintf("value-%d", i) + + if err := epcClient.Put(ctx, key, value, config.PutOptions{}); err != nil { + t.Fatalf("Failed to put key %q, error: %v", key, err) + } + + if _, err := epcClient.Delete(ctx, key, config.DeleteOptions{}); err != nil { + t.Fatalf("Failed to delete key %q, error: %v", key, err) + } + } + t.Log("The second goroutine finished") + }() + + t.Log("Waiting for the two goroutines to complete") + wg.Wait() +} + +func applyTLSWithRootCommonName() func() { + var ( + oldCertPath = e2e.CertPath + oldPrivateKeyPath = e2e.PrivateKeyPath + oldCaPath = e2e.CaPath + + newCertPath = filepath.Join(e2e.FixturesDir, "CommonName-root.crt") + newPrivateKeyPath = filepath.Join(e2e.FixturesDir, "CommonName-root.key") + newCaPath = filepath.Join(e2e.FixturesDir, "CommonName-root.crt") + ) + + e2e.CertPath = newCertPath + e2e.PrivateKeyPath = newPrivateKeyPath + e2e.CaPath = newCaPath + + return func() { + e2e.CertPath = oldCertPath + e2e.PrivateKeyPath = oldPrivateKeyPath + e2e.CaPath = oldCaPath + } +} + func createUsers(ctx context.Context, t *testing.T, client *e2e.EtcdctlV3) { if _, err := client.UserAdd(ctx, "root", "rootPassword", config.UserAddOptions{}); err != nil { t.Fatalf("could not add root user (%v)", err)