Exemple #1
0
func TestUserError(t *testing.T) {
	defer testutil.AfterTest(t)

	clus := integration.NewClusterV3(t, &integration.ClusterConfig{Size: 1})
	defer clus.Terminate(t)

	authapi := clientv3.NewAuth(clus.RandClient())

	_, err := authapi.UserAdd(context.TODO(), "foo", "bar")
	if err != nil {
		t.Fatal(err)
	}

	_, err = authapi.UserAdd(context.TODO(), "foo", "bar")
	if err != rpctypes.ErrUserAlreadyExist {
		t.Fatalf("expected %v, got %v", rpctypes.ErrUserAlreadyExist, err)
	}

	_, err = authapi.UserDelete(context.TODO(), "not-exist-user")
	if err != rpctypes.ErrUserNotFound {
		t.Fatalf("expected %v, got %v", rpctypes.ErrUserNotFound, err)
	}

	_, err = authapi.UserGrant(context.TODO(), "foo", "test-role-does-not-exist")
	if err != rpctypes.ErrRoleNotFound {
		t.Fatalf("expected %v, got %v", rpctypes.ErrRoleNotFound, err)
	}
}
Exemple #2
0
func (p *ETCDConn) AuthAPI(auth *Auth3) (clientv3.Auth, error) {
	cli, err := p.API(auth)
	if err != nil {
		return nil, err
	}

	return clientv3.NewAuth(cli), nil
}
Exemple #3
0
func TestRoleError(t *testing.T) {
	defer testutil.AfterTest(t)

	clus := integration.NewClusterV3(t, &integration.ClusterConfig{Size: 1})
	defer clus.Terminate(t)

	authapi := clientv3.NewAuth(clus.RandClient())

	_, err := authapi.RoleAdd(context.TODO(), "test-role")
	if err != nil {
		t.Fatal(err)
	}

	_, err = authapi.RoleAdd(context.TODO(), "test-role")
	if err != rpctypes.ErrRoleAlreadyExist {
		t.Fatalf("expected %v, got %v", rpctypes.ErrRoleAlreadyExist, err)
	}
}
Exemple #4
0
func ExampleAuth() {
	cli, err := clientv3.New(clientv3.Config{
		Endpoints:   endpoints,
		DialTimeout: dialTimeout,
	})
	if err != nil {
		log.Fatal(err)
	}
	defer cli.Close()

	authapi := clientv3.NewAuth(cli)

	if _, err = authapi.RoleAdd(context.TODO(), "root"); err != nil {
		log.Fatal(err)
	}

	if _, err = authapi.RoleGrantPermission(
		context.TODO(),
		"root", // role name
		"foo",  // key
		"zoo",  // range end
		clientv3.PermissionType(clientv3.PermReadWrite),
	); err != nil {
		log.Fatal(err)
	}

	if _, err = authapi.UserAdd(context.TODO(), "root", "123"); err != nil {
		log.Fatal(err)
	}

	if _, err = authapi.UserGrantRole(context.TODO(), "root", "root"); err != nil {
		log.Fatal(err)
	}

	if _, err = authapi.AuthEnable(context.TODO()); err != nil {
		log.Fatal(err)
	}

	cliAuth, err := clientv3.New(clientv3.Config{
		Endpoints:   endpoints,
		DialTimeout: dialTimeout,
		Username:    "******",
		Password:    "******",
	})
	if err != nil {
		log.Fatal(err)
	}
	defer cliAuth.Close()

	kv := clientv3.NewKV(cliAuth)
	if _, err = kv.Put(context.TODO(), "foo1", "bar"); err != nil {
		log.Fatal(err)
	}

	_, err = kv.Txn(context.TODO()).
		If(clientv3.Compare(clientv3.Value("zoo1"), ">", "abc")).
		Then(clientv3.OpPut("zoo1", "XYZ")).
		Else(clientv3.OpPut("zoo1", "ABC")).
		Commit()
	fmt.Println(err)

	// now check the permission
	authapi2 := clientv3.NewAuth(cliAuth)
	resp, err := authapi2.RoleGet(context.TODO(), "root")
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("root user permission: key %q, range end %q\n", resp.Perm[0].Key, resp.Perm[0].RangeEnd)

	if _, err = authapi2.AuthDisable(context.TODO()); err != nil {
		log.Fatal(err)
	}
	// Output: etcdserver: permission denied
	// root user permission: key "foo", range end "zoo"
}