Search in sources :

Example 1 with AuthRoleGetResponse

use of io.etcd.jetcd.auth.AuthRoleGetResponse in project jetcd by coreos.

the class AuthImpl method roleGet.

@Override
public CompletableFuture<AuthRoleGetResponse> roleGet(ByteSequence role) {
    checkNotNull(role, "role can't be null");
    AuthRoleGetRequest roleGetRequest = AuthRoleGetRequest.newBuilder().setRoleBytes(ByteString.copyFrom(role.getBytes())).build();
    return completable(this.stub.roleGet(roleGetRequest), AuthRoleGetResponse::new);
}
Also used : AuthRoleGetRequest(io.etcd.jetcd.api.AuthRoleGetRequest) AuthRoleGetResponse(io.etcd.jetcd.auth.AuthRoleGetResponse)

Example 2 with AuthRoleGetResponse

use of io.etcd.jetcd.auth.AuthRoleGetResponse in project jetcd by coreos.

the class AuthClientTest method testAuth.

@Test
public void testAuth() throws Exception {
    authDisabledAuthClient.roleAdd(rootRole).get();
    authDisabledAuthClient.roleAdd(userRole).get();
    final AuthRoleListResponse response = authDisabledAuthClient.roleList().get();
    assertThat(response.getRoles()).containsOnly(rootRoleString, userRoleString);
    authDisabledAuthClient.roleGrantPermission(rootRole, rootRoleKeyRangeBegin, rootRoleKeyRangeEnd, Permission.Type.READWRITE).get();
    authDisabledAuthClient.roleGrantPermission(userRole, userRoleKeyRangeBegin, userRoleKeyRangeEnd, Permission.Type.READWRITE).get();
    authDisabledAuthClient.userAdd(root, rootPass).get();
    authDisabledAuthClient.userAdd(user, userPass).get();
    authDisabledAuthClient.userChangePassword(user, userNewPass).get();
    List<String> users = authDisabledAuthClient.userList().get().getUsers();
    assertThat(users).containsOnly(rootString, userString);
    authDisabledAuthClient.userGrantRole(root, rootRole).get();
    authDisabledAuthClient.userGrantRole(user, rootRole).get();
    authDisabledAuthClient.userGrantRole(user, userRole).get();
    assertThat(authDisabledAuthClient.userGet(root).get().getRoles()).containsOnly(rootRoleString);
    assertThat(authDisabledAuthClient.userGet(user).get().getRoles()).containsOnly(rootRoleString, userRoleString);
    authDisabledAuthClient.authEnable().get();
    final Client userClient = TestUtil.client(cluster).user(user).password(userNewPass).build();
    final Client rootClient = TestUtil.client(cluster).user(root).password(rootPass).build();
    userClient.getKVClient().put(rootRoleKey, rootRoleValue).get();
    userClient.getKVClient().put(userRoleKey, userRoleValue).get();
    userClient.getKVClient().get(rootRoleKey).get();
    userClient.getKVClient().get(userRoleKey).get();
    assertThatThrownBy(() -> authDisabledKVClient.put(rootRoleKey, rootRoleValue).get()).hasMessageContaining("etcdserver: user name is empty");
    assertThatThrownBy(() -> authDisabledKVClient.put(userRoleKey, rootRoleValue).get()).hasMessageContaining("etcdserver: user name is empty");
    assertThatThrownBy(() -> authDisabledKVClient.get(rootRoleKey).get()).hasMessageContaining("etcdserver: user name is empty");
    assertThatThrownBy(() -> authDisabledKVClient.get(userRoleKey).get()).hasMessageContaining("etcdserver: user name is empty");
    AuthRoleGetResponse roleGetResponse = userClient.getAuthClient().roleGet(rootRole).get();
    assertThat(roleGetResponse.getPermissions().size()).isNotEqualTo(0);
    roleGetResponse = userClient.getAuthClient().roleGet(userRole).get();
    assertThat(roleGetResponse.getPermissions().size()).isNotEqualTo(0);
    rootClient.getAuthClient().userRevokeRole(user, rootRole).get();
    final KV kvClient = userClient.getKVClient();
    // verify the access to root role is revoked for user.
    assertThatThrownBy(() -> kvClient.get(rootRoleKey).get()).isNotNull();
    // verify userRole is still valid.
    assertThat(kvClient.get(userRoleKey).get().getCount()).isNotEqualTo(0);
    rootClient.getAuthClient().roleRevokePermission(userRole, userRoleKeyRangeBegin, userRoleKeyRangeEnd).get();
    // verify the access to foo is revoked for user.
    assertThatThrownBy(() -> userClient.getKVClient().get(userRoleKey).get()).isNotNull();
    rootClient.getAuthClient().authDisable().get();
    authDisabledAuthClient.userDelete(root).get();
    authDisabledAuthClient.userDelete(user).get();
    authDisabledAuthClient.roleDelete(rootRole).get();
    authDisabledAuthClient.roleDelete(userRole).get();
}
Also used : AuthRoleListResponse(io.etcd.jetcd.auth.AuthRoleListResponse) KV(io.etcd.jetcd.KV) Client(io.etcd.jetcd.Client) AuthRoleGetResponse(io.etcd.jetcd.auth.AuthRoleGetResponse) Test(org.junit.jupiter.api.Test)

Aggregations

AuthRoleGetResponse (io.etcd.jetcd.auth.AuthRoleGetResponse)2 Client (io.etcd.jetcd.Client)1 KV (io.etcd.jetcd.KV)1 AuthRoleGetRequest (io.etcd.jetcd.api.AuthRoleGetRequest)1 AuthRoleListResponse (io.etcd.jetcd.auth.AuthRoleListResponse)1 Test (org.junit.jupiter.api.Test)1