Skip to content

Commit

Permalink
fix: use require instead of t.Fatal(err) in tests/e2e package
Browse files Browse the repository at this point in the history
Signed-off-by: Matthieu MOREL <[email protected]>
  • Loading branch information
mmorel-35 committed Nov 9, 2024
1 parent 1ee6598 commit 9fe95ef
Show file tree
Hide file tree
Showing 30 changed files with 350 additions and 684 deletions.
143 changes: 39 additions & 104 deletions tests/e2e/ctl_v3_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,7 @@ func authSetupTestUser(cx ctlCtx) {
}

func authTestMemberUpdate(cx ctlCtx) {
err := authEnable(cx)
require.NoError(cx.t, err)
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
Expand All @@ -103,101 +102,77 @@ func authTestMemberUpdate(cx ctlCtx) {
}

func authTestCertCN(cx ctlCtx) {
err := authEnable(cx)
require.NoError(cx.t, err)
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
err = ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""})
require.NoError(cx.t, err)
err = e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role created"})
require.NoError(cx.t, err)
err = ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is granted to user example.com", nil)
require.NoError(cx.t, err)
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}))
require.NoError(cx.t, e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role created"}))
require.NoError(cx.t, ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is granted to user example.com", nil))

// grant a new key
err = ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false})
require.NoError(cx.t, err)
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false}))

// try a granted key
cx.user, cx.pass = "", ""
if err = ctlV3Put(cx, "hoo", "bar", ""); err != nil {
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}

// try a non-granted key
cx.user, cx.pass = "", ""
err = ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")
}

func authTestFromKeyPerm(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant keys after z to test-user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}))

// try the granted open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, key, "val", ""))
}
largeKey := ""
for i := 0; i < 10; i++ {
largeKey += "\xff"
if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, largeKey, "val", ""))
}

// try a non granted key
err := ctlV3PutFailPerm(cx, "x", "baz")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "x", "baz"), "permission denied")

// revoke the open ended permission
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleRevokePermission(cx, "test-role", "z", "", true))

// try the revoked open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
err := ctlV3PutFailPerm(cx, key, "val")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, key, "val"), "permission denied")
}

// grant the entire keys
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}))

// try keys, of course it must be allowed because test-role has a permission of the entire keys
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, key, "val", ""))
}

// revoke the entire keys
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "", "", true); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleRevokePermission(cx, "test-role", "", "", true))

// try the revoked entire key permission
cx.user, cx.pass = "test-user", "pass"
Expand All @@ -209,17 +184,13 @@ func authTestFromKeyPerm(cx ctlCtx) {
}

func authTestWatch(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant a key range
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}))

tests := []struct {
puts []kv
Expand Down Expand Up @@ -286,9 +257,7 @@ func authTestWatch(cx ctlCtx) {
func authTestSnapshot(cx ctlCtx) {
maintenanceInitKeys(cx)

if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
Expand All @@ -298,20 +267,14 @@ func authTestSnapshot(cx ctlCtx) {

// ordinary user cannot save a snapshot
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3SnapshotSave(cx, fpath); err == nil {
cx.t.Fatal("ordinary user should not be able to save a snapshot")
}
require.Errorf(cx.t, ctlV3SnapshotSave(cx, fpath), "ordinary user should not be able to save a snapshot")

// root can save a snapshot
cx.user, cx.pass = "root", "root"
if err := ctlV3SnapshotSave(cx, fpath); err != nil {
cx.t.Fatalf("snapshotTest ctlV3SnapshotSave error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3SnapshotSave(cx, fpath), "snapshotTest ctlV3SnapshotSave error")

st, err := getSnapshotStatus(cx, fpath)
if err != nil {
cx.t.Fatalf("snapshotTest getSnapshotStatus error (%v)", err)
}
require.NoErrorf(cx.t, err, "snapshotTest getSnapshotStatus error")
if st.Revision != 4 {
cx.t.Fatalf("expected 4, got %d", st.Revision)
}
Expand All @@ -321,88 +284,60 @@ func authTestSnapshot(cx ctlCtx) {
}

func authTestEndpointHealth(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3EndpointHealth(cx), "endpointStatusTest ctlV3EndpointHealth error")

// health checking with an ordinary user "succeeds" since permission denial goes through consensus
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3EndpointHealth(cx), "endpointStatusTest ctlV3EndpointHealth error")

// succeed if permissions granted for ordinary user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false}))
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
}

func certCNAndUsername(cx ctlCtx, noPassword bool) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

if noPassword {
if err := ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created", []string{""}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created", []string{""}))
} else {
if err := ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}); err != nil {
cx.t.Fatal(err)
}
}
if err := e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role-cn created"}); err != nil {
cx.t.Fatal(err)
}
if err := ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn is granted to user example.com", nil); err != nil {
cx.t.Fatal(err)
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}))
}
require.NoError(cx.t, e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role-cn created"}))
require.NoError(cx.t, ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn is granted to user example.com", nil))

// grant a new key for CN based user
if err := ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false}))

// grant a new key for username based user
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}))

// try a granted key for CN based user
cx.user, cx.pass = "", ""
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}
require.NoError(cx.t, ctlV3Put(cx, "hoo", "bar", ""))

// try a granted key for username based user
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3Put(cx, "bar", "bar", ""); err != nil {
cx.t.Error(err)
}
require.NoError(cx.t, ctlV3Put(cx, "bar", "bar", ""))

// try a non-granted key for both of them
cx.user, cx.pass = "", ""
err := ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")

cx.user, cx.pass = "test-user", "pass"
err = ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")
}

func authTestCertCNAndUsername(cx ctlCtx) {
Expand Down
6 changes: 3 additions & 3 deletions tests/e2e/ctl_v3_defrag_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ package e2e
import (
"testing"

"github.com/stretchr/testify/require"

"go.etcd.io/etcd/pkg/v3/expect"
"go.etcd.io/etcd/tests/v3/framework/e2e"
)
Expand All @@ -28,9 +30,7 @@ func TestCtlV3DefragOffline(t *testing.T) {
func maintenanceInitKeys(cx ctlCtx) {
var kvs = []kv{{"key", "val1"}, {"key", "val2"}, {"key", "val3"}}
for i := range kvs {
if err := ctlV3Put(cx, kvs[i].key, kvs[i].val, ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, kvs[i].key, kvs[i].val, ""))
}
}

Expand Down
24 changes: 6 additions & 18 deletions tests/e2e/ctl_v3_elect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,7 @@ func testElect(cx ctlCtx) {
name := "a"

holder, ch, err := ctlV3Elect(cx, name, "p1", false)
if err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, err)

l1 := ""
select {
Expand All @@ -51,9 +49,7 @@ func testElect(cx ctlCtx) {

// blocked process that won't win the election
blocked, ch, err := ctlV3Elect(cx, name, "p2", true)
if err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, err)
select {
case <-time.After(100 * time.Millisecond):
case <-ch:
Expand All @@ -62,9 +58,7 @@ func testElect(cx ctlCtx) {

// overlap with a blocker that will win the election
blockAcquire, ch, err := ctlV3Elect(cx, name, "p2", false)
if err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, err)
defer func(blockAcquire *expect.ExpectProcess) {
err = blockAcquire.Stop()
require.NoError(cx.t, err)
Expand All @@ -78,22 +72,16 @@ func testElect(cx ctlCtx) {
}

// kill blocked process with clean shutdown
if err = blocked.Signal(os.Interrupt); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, blocked.Signal(os.Interrupt))
err = e2e.CloseWithTimeout(blocked, time.Second)
if err != nil {
// due to being blocked, this can potentially get killed and thus exit non-zero sometimes
require.ErrorContains(cx.t, err, "unexpected exit code")
}

// kill the holder with clean shutdown
if err = holder.Signal(os.Interrupt); err != nil {
cx.t.Fatal(err)
}
if err = e2e.CloseWithTimeout(holder, time.Second); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, holder.Signal(os.Interrupt))
require.NoError(cx.t, e2e.CloseWithTimeout(holder, time.Second))

// blockAcquire should win the election
select {
Expand Down
8 changes: 2 additions & 6 deletions tests/e2e/ctl_v3_grpc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,9 +136,7 @@ func TestAuthority(t *testing.T) {
require.NoError(t, err)
for i := 0; i < 100; i++ {
err = client.Put(ctx, "foo", "bar", config.PutOptions{})
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
}

testutils.ExecuteWithTimeout(t, 5*time.Second, func() {
Expand Down Expand Up @@ -167,9 +165,7 @@ func assertAuthority(t *testing.T, expectAuthorityPattern string, clus *e2e.Etcd
line = strings.TrimSuffix(line, "\r")

u, err := url.Parse(clus.Procs[i].EndpointsGRPC()[0])
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
expectAuthority := strings.ReplaceAll(expectAuthorityPattern, "${MEMBER_PORT}", u.Port())
expectLine := fmt.Sprintf(`http2: decoded hpack field header field ":authority" = %q`, expectAuthority)
assert.Truef(t, strings.HasSuffix(line, expectLine), "Got %q expected suffix %q", line, expectLine)
Expand Down
Loading

0 comments on commit 9fe95ef

Please sign in to comment.