Skip to content

Commit

Permalink
fix: use require instead of t.Fatal(err) in tests/e2e package
Browse files Browse the repository at this point in the history
Signed-off-by: Matthieu MOREL <[email protected]>
  • Loading branch information
mmorel-35 committed Nov 9, 2024
1 parent 1ee6598 commit a8474d6
Show file tree
Hide file tree
Showing 37 changed files with 355 additions and 743 deletions.
2 changes: 1 addition & 1 deletion tests/e2e/corrupt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ func TestInPlaceRecovery(t *testing.T) {
})
t.Log("old cluster started.")

//Put some data into the old cluster, so that after recovering from a blank db, the hash diverges.
// Put some data into the old cluster, so that after recovering from a blank db, the hash diverges.
t.Log("putting 10 keys...")
oldCc, err := e2e.NewEtcdctl(epcOld.Cfg.Client, epcOld.EndpointsGRPC())
require.NoError(t, err)
Expand Down
2 changes: 2 additions & 0 deletions tests/e2e/ctl_v3_auth_no_proxy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,11 @@ import (
func TestCtlV3AuthCertCN(t *testing.T) {
testCtl(t, authTestCertCN, withCfg(*e2e.NewConfigClientTLSCertAuth()))
}

func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
testCtl(t, authTestCertCNAndUsername, withCfg(*e2e.NewConfigClientTLSCertAuth()))
}

func TestCtlV3AuthCertCNAndUsernameNoPassword(t *testing.T) {
testCtl(t, authTestCertCNAndUsernameNoPassword, withCfg(*e2e.NewConfigClientTLSCertAuth()))
}
Expand Down
144 changes: 40 additions & 104 deletions tests/e2e/ctl_v3_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ func TestCtlV3AuthEndpointHealth(t *testing.T) {

// TestCtlV3AuthSnapshot TODO fill up common/maintenance_auth_test.go when Snapshot API is added in interfaces.Client
func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }

func TestCtlV3AuthSnapshotJWT(t *testing.T) {
testCtl(t, authTestSnapshot, withCfg(*e2e.NewConfigJWT()))
}
Expand Down Expand Up @@ -79,8 +80,7 @@ func authSetupTestUser(cx ctlCtx) {
}

func authTestMemberUpdate(cx ctlCtx) {
err := authEnable(cx)
require.NoError(cx.t, err)
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
Expand All @@ -103,101 +103,77 @@ func authTestMemberUpdate(cx ctlCtx) {
}

func authTestCertCN(cx ctlCtx) {
err := authEnable(cx)
require.NoError(cx.t, err)
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
err = ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""})
require.NoError(cx.t, err)
err = e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role created"})
require.NoError(cx.t, err)
err = ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is granted to user example.com", nil)
require.NoError(cx.t, err)
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}))
require.NoError(cx.t, e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role created"}))
require.NoError(cx.t, ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is granted to user example.com", nil))

// grant a new key
err = ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false})
require.NoError(cx.t, err)
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false}))

// try a granted key
cx.user, cx.pass = "", ""
if err = ctlV3Put(cx, "hoo", "bar", ""); err != nil {
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}

// try a non-granted key
cx.user, cx.pass = "", ""
err = ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")
}

func authTestFromKeyPerm(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant keys after z to test-user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}))

// try the granted open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, key, "val", ""))
}
largeKey := ""
for i := 0; i < 10; i++ {
largeKey += "\xff"
if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, largeKey, "val", ""))
}

// try a non granted key
err := ctlV3PutFailPerm(cx, "x", "baz")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "x", "baz"), "permission denied")

// revoke the open ended permission
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleRevokePermission(cx, "test-role", "z", "", true))

// try the revoked open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
err := ctlV3PutFailPerm(cx, key, "val")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, key, "val"), "permission denied")
}

// grant the entire keys
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}))

// try keys, of course it must be allowed because test-role has a permission of the entire keys
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, key, "val", ""))
}

// revoke the entire keys
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "", "", true); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleRevokePermission(cx, "test-role", "", "", true))

// try the revoked entire key permission
cx.user, cx.pass = "test-user", "pass"
Expand All @@ -209,17 +185,13 @@ func authTestFromKeyPerm(cx ctlCtx) {
}

func authTestWatch(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant a key range
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}))

tests := []struct {
puts []kv
Expand Down Expand Up @@ -286,9 +258,7 @@ func authTestWatch(cx ctlCtx) {
func authTestSnapshot(cx ctlCtx) {
maintenanceInitKeys(cx)

if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
Expand All @@ -298,20 +268,14 @@ func authTestSnapshot(cx ctlCtx) {

// ordinary user cannot save a snapshot
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3SnapshotSave(cx, fpath); err == nil {
cx.t.Fatal("ordinary user should not be able to save a snapshot")
}
require.Errorf(cx.t, ctlV3SnapshotSave(cx, fpath), "ordinary user should not be able to save a snapshot")

// root can save a snapshot
cx.user, cx.pass = "root", "root"
if err := ctlV3SnapshotSave(cx, fpath); err != nil {
cx.t.Fatalf("snapshotTest ctlV3SnapshotSave error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3SnapshotSave(cx, fpath), "snapshotTest ctlV3SnapshotSave error")

st, err := getSnapshotStatus(cx, fpath)
if err != nil {
cx.t.Fatalf("snapshotTest getSnapshotStatus error (%v)", err)
}
require.NoErrorf(cx.t, err, "snapshotTest getSnapshotStatus error")
if st.Revision != 4 {
cx.t.Fatalf("expected 4, got %d", st.Revision)
}
Expand All @@ -321,88 +285,60 @@ func authTestSnapshot(cx ctlCtx) {
}

func authTestEndpointHealth(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3EndpointHealth(cx), "endpointStatusTest ctlV3EndpointHealth error")

// health checking with an ordinary user "succeeds" since permission denial goes through consensus
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3EndpointHealth(cx), "endpointStatusTest ctlV3EndpointHealth error")

// succeed if permissions granted for ordinary user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false}))
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
}

func certCNAndUsername(cx ctlCtx, noPassword bool) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

if noPassword {
if err := ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created", []string{""}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created", []string{""}))
} else {
if err := ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}); err != nil {
cx.t.Fatal(err)
}
}
if err := e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role-cn created"}); err != nil {
cx.t.Fatal(err)
}
if err := ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn is granted to user example.com", nil); err != nil {
cx.t.Fatal(err)
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}))
}
require.NoError(cx.t, e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role-cn created"}))
require.NoError(cx.t, ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn is granted to user example.com", nil))

// grant a new key for CN based user
if err := ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false}))

// grant a new key for username based user
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}))

// try a granted key for CN based user
cx.user, cx.pass = "", ""
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}
require.NoError(cx.t, ctlV3Put(cx, "hoo", "bar", ""))

// try a granted key for username based user
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3Put(cx, "bar", "bar", ""); err != nil {
cx.t.Error(err)
}
require.NoError(cx.t, ctlV3Put(cx, "bar", "bar", ""))

// try a non-granted key for both of them
cx.user, cx.pass = "", ""
err := ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")

cx.user, cx.pass = "test-user", "pass"
err = ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")
}

func authTestCertCNAndUsername(cx ctlCtx) {
Expand Down
2 changes: 1 addition & 1 deletion tests/e2e/ctl_v3_completion_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func testShellCompletion(t *testing.T, binPath, shellName string) {
require.NoError(t, completionCmd.Run())

filename := fmt.Sprintf("etcdctl-%s.completion", shellName)
require.NoError(t, os.WriteFile(filename, stdout.Bytes(), 0644))
require.NoError(t, os.WriteFile(filename, stdout.Bytes(), 0o644))

shellCmd := exec.Command(shellName, "-c", "source "+filename)
require.NoError(t, shellCmd.Run())
Expand Down
8 changes: 4 additions & 4 deletions tests/e2e/ctl_v3_defrag_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ package e2e
import (
"testing"

"github.com/stretchr/testify/require"

"go.etcd.io/etcd/pkg/v3/expect"
"go.etcd.io/etcd/tests/v3/framework/e2e"
)
Expand All @@ -26,11 +28,9 @@ func TestCtlV3DefragOffline(t *testing.T) {
}

func maintenanceInitKeys(cx ctlCtx) {
var kvs = []kv{{"key", "val1"}, {"key", "val2"}, {"key", "val3"}}
kvs := []kv{{"key", "val1"}, {"key", "val2"}, {"key", "val3"}}
for i := range kvs {
if err := ctlV3Put(cx, kvs[i].key, kvs[i].val, ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, kvs[i].key, kvs[i].val, ""))
}
}

Expand Down
Loading

0 comments on commit a8474d6

Please sign in to comment.