use of io.etcd.jetcd.KV in project jetcd by coreos.
the class WatchTokenExpireTest method testRefreshExpiredToken.
@Test
public void testRefreshExpiredToken() throws Exception {
setUpEnvironment();
Client authClient = createAuthClient();
Watch authWatchClient = authClient.getWatchClient();
KV authKVClient = authClient.getKVClient();
authKVClient.put(key, TestUtil.randomByteSequence()).get(1, TimeUnit.SECONDS);
Thread.sleep(3000);
AtomicInteger modifications = new AtomicInteger();
// watch should handle token refresh automatically
// token is already expired when we attempt to create a watch
Watch.Watcher watcher = authWatchClient.watch(key, response -> {
modifications.incrementAndGet();
});
// create single thread pool, so that tasks are executed one after another
ExecutorService executor = Executors.newFixedThreadPool(1);
List<Future<?>> futures = new ArrayList<>(2);
Client anotherClient = createAuthClient();
for (int i = 0; i < 2; ++i) {
futures.add(executor.submit(() -> {
try {
// wait 3 seconds for token to expire. during the test token will be refreshed twice
Thread.sleep(3000);
anotherClient.getKVClient().put(key, TestUtil.randomByteSequence()).get(1, TimeUnit.SECONDS);
} catch (Exception e) {
throw new RuntimeException(e);
}
}));
}
await().atMost(15, TimeUnit.SECONDS).untilAsserted(() -> assertThat(modifications.get()).isEqualTo(2));
executor.shutdownNow();
futures.forEach(f -> assertThat(f).isDone());
anotherClient.close();
watcher.close();
authWatchClient.close();
authClient.close();
}
use of io.etcd.jetcd.KV in project jetcd by coreos.
the class AuthClientTest method testAuth.
@Test
public void testAuth() throws Exception {
authDisabledAuthClient.roleAdd(rootRole).get();
authDisabledAuthClient.roleAdd(userRole).get();
final AuthRoleListResponse response = authDisabledAuthClient.roleList().get();
assertThat(response.getRoles()).containsOnly(rootRoleString, userRoleString);
authDisabledAuthClient.roleGrantPermission(rootRole, rootRoleKeyRangeBegin, rootRoleKeyRangeEnd, Permission.Type.READWRITE).get();
authDisabledAuthClient.roleGrantPermission(userRole, userRoleKeyRangeBegin, userRoleKeyRangeEnd, Permission.Type.READWRITE).get();
authDisabledAuthClient.userAdd(root, rootPass).get();
authDisabledAuthClient.userAdd(user, userPass).get();
authDisabledAuthClient.userChangePassword(user, userNewPass).get();
List<String> users = authDisabledAuthClient.userList().get().getUsers();
assertThat(users).containsOnly(rootString, userString);
authDisabledAuthClient.userGrantRole(root, rootRole).get();
authDisabledAuthClient.userGrantRole(user, rootRole).get();
authDisabledAuthClient.userGrantRole(user, userRole).get();
assertThat(authDisabledAuthClient.userGet(root).get().getRoles()).containsOnly(rootRoleString);
assertThat(authDisabledAuthClient.userGet(user).get().getRoles()).containsOnly(rootRoleString, userRoleString);
authDisabledAuthClient.authEnable().get();
final Client userClient = TestUtil.client(cluster).user(user).password(userNewPass).build();
final Client rootClient = TestUtil.client(cluster).user(root).password(rootPass).build();
userClient.getKVClient().put(rootRoleKey, rootRoleValue).get();
userClient.getKVClient().put(userRoleKey, userRoleValue).get();
userClient.getKVClient().get(rootRoleKey).get();
userClient.getKVClient().get(userRoleKey).get();
assertThatThrownBy(() -> authDisabledKVClient.put(rootRoleKey, rootRoleValue).get()).hasMessageContaining("etcdserver: user name is empty");
assertThatThrownBy(() -> authDisabledKVClient.put(userRoleKey, rootRoleValue).get()).hasMessageContaining("etcdserver: user name is empty");
assertThatThrownBy(() -> authDisabledKVClient.get(rootRoleKey).get()).hasMessageContaining("etcdserver: user name is empty");
assertThatThrownBy(() -> authDisabledKVClient.get(userRoleKey).get()).hasMessageContaining("etcdserver: user name is empty");
AuthRoleGetResponse roleGetResponse = userClient.getAuthClient().roleGet(rootRole).get();
assertThat(roleGetResponse.getPermissions().size()).isNotEqualTo(0);
roleGetResponse = userClient.getAuthClient().roleGet(userRole).get();
assertThat(roleGetResponse.getPermissions().size()).isNotEqualTo(0);
rootClient.getAuthClient().userRevokeRole(user, rootRole).get();
final KV kvClient = userClient.getKVClient();
// verify the access to root role is revoked for user.
assertThatThrownBy(() -> kvClient.get(rootRoleKey).get()).isNotNull();
// verify userRole is still valid.
assertThat(kvClient.get(userRoleKey).get().getCount()).isNotEqualTo(0);
rootClient.getAuthClient().roleRevokePermission(userRole, userRoleKeyRangeBegin, userRoleKeyRangeEnd).get();
// verify the access to foo is revoked for user.
assertThatThrownBy(() -> userClient.getKVClient().get(userRoleKey).get()).isNotNull();
rootClient.getAuthClient().authDisable().get();
authDisabledAuthClient.userDelete(root).get();
authDisabledAuthClient.userDelete(user).get();
authDisabledAuthClient.roleDelete(rootRole).get();
authDisabledAuthClient.roleDelete(userRole).get();
}
Aggregations