Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use require instead of t.Fatal(err) in tests/e2e package #18821

Merged
merged 1 commit into from
Dec 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
143 changes: 39 additions & 104 deletions tests/e2e/ctl_v3_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,7 @@ func authSetupTestUser(cx ctlCtx) {
}

func authTestMemberUpdate(cx ctlCtx) {
err := authEnable(cx)
require.NoError(cx.t, err)
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
Expand All @@ -104,101 +103,77 @@ func authTestMemberUpdate(cx ctlCtx) {
}

func authTestCertCN(cx ctlCtx) {
err := authEnable(cx)
require.NoError(cx.t, err)
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
err = ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""})
require.NoError(cx.t, err)
err = e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role created"})
require.NoError(cx.t, err)
err = ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is granted to user example.com", nil)
require.NoError(cx.t, err)
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}))
require.NoError(cx.t, e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role created"}))
require.NoError(cx.t, ctlV3User(cx, []string{"grant-role", "example.com", "test-role"}, "Role test-role is granted to user example.com", nil))

// grant a new key
err = ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false})
require.NoError(cx.t, err)
mmorel-35 marked this conversation as resolved.
Show resolved Hide resolved
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "hoo", "", false}))

// try a granted key
cx.user, cx.pass = "", ""
if err = ctlV3Put(cx, "hoo", "bar", ""); err != nil {
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}

// try a non-granted key
cx.user, cx.pass = "", ""
err = ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")
}

func authTestFromKeyPerm(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant keys after z to test-user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}))

// try the granted open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, key, "val", ""))
}
largeKey := ""
for i := 0; i < 10; i++ {
largeKey += "\xff"
if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, largeKey, "val", ""))
}

// try a non granted key
err := ctlV3PutFailPerm(cx, "x", "baz")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "x", "baz"), "permission denied")

// revoke the open ended permission
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleRevokePermission(cx, "test-role", "z", "", true))

// try the revoked open ended permission
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
err := ctlV3PutFailPerm(cx, key, "val")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, key, "val"), "permission denied")
}

// grant the entire keys
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "", "\x00", false}))

// try keys, of course it must be allowed because test-role has a permission of the entire keys
cx.user, cx.pass = "test-user", "pass"
for i := 0; i < 10; i++ {
key := fmt.Sprintf("z%d", i)
if err := ctlV3Put(cx, key, "val", ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, key, "val", ""))
}

// revoke the entire keys
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleRevokePermission(cx, "test-role", "", "", true); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleRevokePermission(cx, "test-role", "", "", true))

// try the revoked entire key permission
cx.user, cx.pass = "test-user", "pass"
Expand All @@ -210,17 +185,13 @@ func authTestFromKeyPerm(cx ctlCtx) {
}

func authTestWatch(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

// grant a key range
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "key", "key4", false}))

tests := []struct {
puts []kv
Expand Down Expand Up @@ -287,9 +258,7 @@ func authTestWatch(cx ctlCtx) {
func authTestSnapshot(cx ctlCtx) {
maintenanceInitKeys(cx)

if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
Expand All @@ -299,20 +268,14 @@ func authTestSnapshot(cx ctlCtx) {

// ordinary user cannot save a snapshot
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3SnapshotSave(cx, fpath); err == nil {
cx.t.Fatal("ordinary user should not be able to save a snapshot")
}
require.Errorf(cx.t, ctlV3SnapshotSave(cx, fpath), "ordinary user should not be able to save a snapshot")

// root can save a snapshot
cx.user, cx.pass = "root", "root"
if err := ctlV3SnapshotSave(cx, fpath); err != nil {
cx.t.Fatalf("snapshotTest ctlV3SnapshotSave error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3SnapshotSave(cx, fpath), "snapshotTest ctlV3SnapshotSave error")

st, err := getSnapshotStatus(cx, fpath)
if err != nil {
cx.t.Fatalf("snapshotTest getSnapshotStatus error (%v)", err)
}
require.NoErrorf(cx.t, err, "snapshotTest getSnapshotStatus error")
if st.Revision != 4 {
cx.t.Fatalf("expected 4, got %d", st.Revision)
}
Expand All @@ -322,88 +285,60 @@ func authTestSnapshot(cx ctlCtx) {
}

func authTestEndpointHealth(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3EndpointHealth(cx), "endpointStatusTest ctlV3EndpointHealth error")

// health checking with an ordinary user "succeeds" since permission denial goes through consensus
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
require.NoErrorf(cx.t, ctlV3EndpointHealth(cx), "endpointStatusTest ctlV3EndpointHealth error")

// succeed if permissions granted for ordinary user
cx.user, cx.pass = "root", "root"
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "health", "", false}))
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3EndpointHealth(cx); err != nil {
cx.t.Fatalf("endpointStatusTest ctlV3EndpointHealth error (%v)", err)
}
}

func certCNAndUsername(cx ctlCtx, noPassword bool) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, authEnable(cx))

cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)

if noPassword {
if err := ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created", []string{""}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--no-password"}, "User example.com created", []string{""}))
} else {
if err := ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}); err != nil {
cx.t.Fatal(err)
}
}
if err := e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role-cn created"}); err != nil {
cx.t.Fatal(err)
}
if err := ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn is granted to user example.com", nil); err != nil {
cx.t.Fatal(err)
require.NoError(cx.t, ctlV3User(cx, []string{"add", "example.com", "--interactive=false"}, "User example.com created", []string{""}))
}
require.NoError(cx.t, e2e.SpawnWithExpectWithEnv(append(cx.PrefixArgs(), "role", "add", "test-role-cn"), cx.envMap, expect.ExpectedResponse{Value: "Role test-role-cn created"}))
require.NoError(cx.t, ctlV3User(cx, []string{"grant-role", "example.com", "test-role-cn"}, "Role test-role-cn is granted to user example.com", nil))

// grant a new key for CN based user
if err := ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role-cn", grantingPerm{true, true, "hoo", "", false}))

// grant a new key for username based user
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "bar", "", false}))

// try a granted key for CN based user
cx.user, cx.pass = "", ""
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}
require.NoError(cx.t, ctlV3Put(cx, "hoo", "bar", ""))

// try a granted key for username based user
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3Put(cx, "bar", "bar", ""); err != nil {
cx.t.Error(err)
}
require.NoError(cx.t, ctlV3Put(cx, "bar", "bar", ""))

// try a non-granted key for both of them
cx.user, cx.pass = "", ""
err := ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")

cx.user, cx.pass = "test-user", "pass"
err = ctlV3PutFailPerm(cx, "baz", "bar")
require.ErrorContains(cx.t, err, "permission denied")
require.ErrorContains(cx.t, ctlV3PutFailPerm(cx, "baz", "bar"), "permission denied")
}

func authTestCertCNAndUsername(cx ctlCtx) {
Expand Down
6 changes: 3 additions & 3 deletions tests/e2e/ctl_v3_defrag_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ package e2e
import (
"testing"

"github.com/stretchr/testify/require"

"go.etcd.io/etcd/pkg/v3/expect"
"go.etcd.io/etcd/tests/v3/framework/e2e"
)
Expand All @@ -28,9 +30,7 @@ func TestCtlV3DefragOffline(t *testing.T) {
func maintenanceInitKeys(cx ctlCtx) {
kvs := []kv{{"key", "val1"}, {"key", "val2"}, {"key", "val3"}}
for i := range kvs {
if err := ctlV3Put(cx, kvs[i].key, kvs[i].val, ""); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, ctlV3Put(cx, kvs[i].key, kvs[i].val, ""))
}
}

Expand Down
24 changes: 6 additions & 18 deletions tests/e2e/ctl_v3_elect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,7 @@ func testElect(cx ctlCtx) {
name := "a"

holder, ch, err := ctlV3Elect(cx, name, "p1", false)
if err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, err)

l1 := ""
select {
Expand All @@ -51,9 +49,7 @@ func testElect(cx ctlCtx) {

// blocked process that won't win the election
blocked, ch, err := ctlV3Elect(cx, name, "p2", true)
if err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, err)
select {
case <-time.After(100 * time.Millisecond):
case <-ch:
Expand All @@ -62,9 +58,7 @@ func testElect(cx ctlCtx) {

// overlap with a blocker that will win the election
blockAcquire, ch, err := ctlV3Elect(cx, name, "p2", false)
if err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, err)
defer func(blockAcquire *expect.ExpectProcess) {
err = blockAcquire.Stop()
require.NoError(cx.t, err)
Expand All @@ -78,22 +72,16 @@ func testElect(cx ctlCtx) {
}

// kill blocked process with clean shutdown
if err = blocked.Signal(os.Interrupt); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, blocked.Signal(os.Interrupt))
err = e2e.CloseWithTimeout(blocked, time.Second)
if err != nil {
// due to being blocked, this can potentially get killed and thus exit non-zero sometimes
require.ErrorContains(cx.t, err, "unexpected exit code")
}

// kill the holder with clean shutdown
if err = holder.Signal(os.Interrupt); err != nil {
cx.t.Fatal(err)
}
if err = e2e.CloseWithTimeout(holder, time.Second); err != nil {
cx.t.Fatal(err)
}
require.NoError(cx.t, holder.Signal(os.Interrupt))
require.NoError(cx.t, e2e.CloseWithTimeout(holder, time.Second))

// blockAcquire should win the election
select {
Expand Down
9 changes: 2 additions & 7 deletions tests/e2e/ctl_v3_grpc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,7 @@ func TestAuthority(t *testing.T) {
client, err := e2e.NewEtcdctl(cfg.Client, endpoints)
require.NoError(t, err)
for i := 0; i < 100; i++ {
err = client.Put(ctx, "foo", "bar", config.PutOptions{})
if err != nil {
t.Fatal(err)
}
require.NoError(t, client.Put(ctx, "foo", "bar", config.PutOptions{}))
}

testutils.ExecuteWithTimeout(t, 5*time.Second, func() {
Expand Down Expand Up @@ -167,9 +164,7 @@ func assertAuthority(t *testing.T, expectAuthorityPattern string, clus *e2e.Etcd
line = strings.TrimSuffix(line, "\r")

u, err := url.Parse(clus.Procs[i].EndpointsGRPC()[0])
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
expectAuthority := strings.ReplaceAll(expectAuthorityPattern, "${MEMBER_PORT}", u.Port())
expectLine := fmt.Sprintf(`http2: decoded hpack field header field ":authority" = %q`, expectAuthority)
assert.Truef(t, strings.HasSuffix(line, expectLine), "Got %q expected suffix %q", line, expectLine)
Expand Down
Loading