when the role is 'root', return * perm.

add ut for enhancement. format tune. revert betesting define []byte("*") as allKeys, reuse it.
etcd-io · May 17, 2021 · aa4341f · aa4341f
1 parent 9501e8e
commit aa4341f
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/server/auth/store.go b/server/auth/store.go
@@ -43,6 +43,9 @@ var (
 	authEnabled   = []byte{1}
 	authDisabled  = []byte{0}
 
+	allKeys  = []byte("*")
+	rootPerm = authpb.Permission{PermType: authpb.READWRITE, Key: allKeys, RangeEnd: []byte{0}}
+
 	revisionKey = []byte("authRevision")
 
 	authBucketName      = []byte("auth")
@@ -624,6 +627,10 @@ func (as *authStore) UserRevokeRole(r *pb.AuthUserRevokeRoleRequest) (*pb.AuthUs
 }
 
 func (as *authStore) RoleGet(r *pb.AuthRoleGetRequest) (*pb.AuthRoleGetResponse, error) {
+	if rootRole == r.Role {
+		return &pb.AuthRoleGetResponse{Header: &pb.ResponseHeader{}, Perm: []*authpb.Permission{&rootPerm}}, nil
+	}
+
 	tx := as.be.BatchTx()
 	tx.Lock()
 	defer tx.Unlock()

diff --git a/server/auth/store_test.go b/server/auth/store_test.go
@@ -300,6 +300,28 @@ func TestUserGrant(t *testing.T) {
 	}
 }
 
+func TestGetRootRole(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer tearDown(t)
+
+	perm := &authpb.Permission{
+		PermType: authpb.READWRITE,
+		Key:      allKeys,
+		RangeEnd: []byte{0},
+	}
+
+	//get root role
+	r, err := as.RoleGet(&pb.AuthRoleGetRequest{Role: "root"})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	//check the role is root
+	if !reflect.DeepEqual(perm, r.Perm[0]) {
+		t.Errorf("expected %v, got %v", perm, r.Perm[0])
+	}
+}
+
 func TestHasRole(t *testing.T) {
 	as, tearDown := setupAuthStore(t)
 	defer tearDown(t)