Example 1 with AuthRoleListResponse
use of io.etcd.jetcd.auth.AuthRoleListResponse in project jetcd by coreos.
the class AuthClientTest method testAuth.
@Test
public void testAuth() throws Exception {
authDisabledAuthClient.roleAdd(rootRole).get();
authDisabledAuthClient.roleAdd(userRole).get();
final AuthRoleListResponse response = authDisabledAuthClient.roleList().get();
assertThat(response.getRoles()).containsOnly(rootRoleString, userRoleString);
authDisabledAuthClient.roleGrantPermission(rootRole, rootRoleKeyRangeBegin, rootRoleKeyRangeEnd, Permission.Type.READWRITE).get();
authDisabledAuthClient.roleGrantPermission(userRole, userRoleKeyRangeBegin, userRoleKeyRangeEnd, Permission.Type.READWRITE).get();
authDisabledAuthClient.userAdd(root, rootPass).get();
authDisabledAuthClient.userAdd(user, userPass).get();
authDisabledAuthClient.userChangePassword(user, userNewPass).get();
List<String> users = authDisabledAuthClient.userList().get().getUsers();
assertThat(users).containsOnly(rootString, userString);
authDisabledAuthClient.userGrantRole(root, rootRole).get();
authDisabledAuthClient.userGrantRole(user, rootRole).get();
authDisabledAuthClient.userGrantRole(user, userRole).get();
assertThat(authDisabledAuthClient.userGet(root).get().getRoles()).containsOnly(rootRoleString);
assertThat(authDisabledAuthClient.userGet(user).get().getRoles()).containsOnly(rootRoleString, userRoleString);
authDisabledAuthClient.authEnable().get();
final Client userClient = TestUtil.client(cluster).user(user).password(userNewPass).build();
final Client rootClient = TestUtil.client(cluster).user(root).password(rootPass).build();
userClient.getKVClient().put(rootRoleKey, rootRoleValue).get();
userClient.getKVClient().put(userRoleKey, userRoleValue).get();
userClient.getKVClient().get(rootRoleKey).get();
userClient.getKVClient().get(userRoleKey).get();
assertThatThrownBy(() -> authDisabledKVClient.put(rootRoleKey, rootRoleValue).get()).hasMessageContaining("etcdserver: user name is empty");
assertThatThrownBy(() -> authDisabledKVClient.put(userRoleKey, rootRoleValue).get()).hasMessageContaining("etcdserver: user name is empty");
assertThatThrownBy(() -> authDisabledKVClient.get(rootRoleKey).get()).hasMessageContaining("etcdserver: user name is empty");
assertThatThrownBy(() -> authDisabledKVClient.get(userRoleKey).get()).hasMessageContaining("etcdserver: user name is empty");
AuthRoleGetResponse roleGetResponse = userClient.getAuthClient().roleGet(rootRole).get();
assertThat(roleGetResponse.getPermissions().size()).isNotEqualTo(0);
roleGetResponse = userClient.getAuthClient().roleGet(userRole).get();
assertThat(roleGetResponse.getPermissions().size()).isNotEqualTo(0);
rootClient.getAuthClient().userRevokeRole(user, rootRole).get();
final KV kvClient = userClient.getKVClient();
// verify the access to root role is revoked for user.
assertThatThrownBy(() -> kvClient.get(rootRoleKey).get()).isNotNull();
// verify userRole is still valid.
assertThat(kvClient.get(userRoleKey).get().getCount()).isNotEqualTo(0);
rootClient.getAuthClient().roleRevokePermission(userRole, userRoleKeyRangeBegin, userRoleKeyRangeEnd).get();
// verify the access to foo is revoked for user.
assertThatThrownBy(() -> userClient.getKVClient().get(userRoleKey).get()).isNotNull();
rootClient.getAuthClient().authDisable().get();
authDisabledAuthClient.userDelete(root).get();
authDisabledAuthClient.userDelete(user).get();
authDisabledAuthClient.roleDelete(rootRole).get();
authDisabledAuthClient.roleDelete(userRole).get();
}
Also used :
AuthRoleListResponse(io.etcd.jetcd.auth.AuthRoleListResponse)
KV(io.etcd.jetcd.KV)
Client(io.etcd.jetcd.Client)
AuthRoleGetResponse(io.etcd.jetcd.auth.AuthRoleGetResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
Client (io.etcd.jetcd.Client)1
KV (io.etcd.jetcd.KV)1
AuthRoleGetResponse (io.etcd.jetcd.auth.AuthRoleGetResponse)1
AuthRoleListResponse (io.etcd.jetcd.auth.AuthRoleListResponse)1
Test (org.junit.jupiter.api.Test)1
