Skip to content

Commit

Permalink
test: add tests for auth client in xline-client
Browse files Browse the repository at this point in the history
Signed-off-by: bsbds <69835502+bsbds@users.noreply.github.com>
  • Loading branch information
bsbds authored and Phoenix500526 committed Jul 11, 2023
1 parent 8cfb479 commit 5068a2b
Showing 1 changed file with 193 additions and 0 deletions.
193 changes: 193 additions & 0 deletions xline-client/tests/auth.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
//! The following tests are originally from `etcd-client`
use common::get_cluster_client;
use xline_client::{
error::Result,
types::auth::{
AuthRoleAddRequest, AuthRoleDeleteRequest, AuthRoleGetRequest,
AuthRoleGrantPermissionRequest, AuthRoleRevokePermissionRequest, AuthUserAddRequest,
AuthUserChangePasswordRequest, AuthUserDeleteRequest, AuthUserGetRequest,
AuthUserGrantRoleRequest, AuthUserRevokeRoleRequest, Permission,
},
};
use xlineapi::Type;

mod common;

#[tokio::test]
async fn role_operations() -> Result<()> {
let (_cluster, client) = get_cluster_client().await?;
let client = client.auth_client();
let role1 = "role1";
let role2 = "role2";

client.role_add(AuthRoleAddRequest::new(role1)).await?;
client.role_add(AuthRoleAddRequest::new(role2)).await?;

client.role_get(AuthRoleGetRequest::new(role1)).await?;
client.role_get(AuthRoleGetRequest::new(role2)).await?;

let role_list_resp = client.role_list().await?;
assert_eq!(
role_list_resp.roles,
vec![role1.to_owned(), role2.to_owned()]
);

client
.role_delete(AuthRoleDeleteRequest::new(role1))
.await?;
client
.role_delete(AuthRoleDeleteRequest::new(role2))
.await?;

client
.role_get(AuthRoleGetRequest::new(role1))
.await
.unwrap_err();
client
.role_get(AuthRoleGetRequest::new(role2))
.await
.unwrap_err();

Ok(())
}

#[tokio::test]
async fn permission_operations() -> Result<()> {
let (_cluster, client) = get_cluster_client().await?;
let client = client.auth_client();

let role1 = "role1";
let perm1 = Permission::new(Type::Read, "123");
let perm2 = Permission::new(Type::Write, "abc").with_from_key();
let perm3 = Permission::new(Type::Readwrite, "hi").with_range_end("hjj");
let perm4 = Permission::new(Type::Write, "pp").with_prefix();
let perm5 = Permission::new(Type::Read, vec![0]).with_from_key();

client.role_add(AuthRoleAddRequest::new(role1)).await?;

client
.role_grant_permission(AuthRoleGrantPermissionRequest::new(role1, perm1.clone()))
.await?;
client
.role_grant_permission(AuthRoleGrantPermissionRequest::new(role1, perm2.clone()))
.await?;
client
.role_grant_permission(AuthRoleGrantPermissionRequest::new(role1, perm3.clone()))
.await?;
client
.role_grant_permission(AuthRoleGrantPermissionRequest::new(role1, perm4.clone()))
.await?;
client
.role_grant_permission(AuthRoleGrantPermissionRequest::new(role1, perm5.clone()))
.await?;

{
let resp = client.role_get(AuthRoleGetRequest::new(role1)).await?;
let permissions = resp.perm;
assert!(permissions.contains(&perm1.into()));
assert!(permissions.contains(&perm2.into()));
assert!(permissions.contains(&perm3.into()));
assert!(permissions.contains(&perm4.into()));
assert!(permissions.contains(&perm5.into()));
}

// revoke all permission
client
.role_revoke_permission(AuthRoleRevokePermissionRequest::new(role1, "123"))
.await?;
client
.role_revoke_permission(AuthRoleRevokePermissionRequest::new(role1, "abc").with_from_key())
.await?;
client
.role_revoke_permission(
AuthRoleRevokePermissionRequest::new(role1, "hi").with_range_end("hjj"),
)
.await?;
client
.role_revoke_permission(AuthRoleRevokePermissionRequest::new(role1, "pp").with_prefix())
.await?;
client
.role_revoke_permission(
AuthRoleRevokePermissionRequest::new(role1, vec![0]).with_from_key(),
)
.await?;

let role_get_resp = client.role_get(AuthRoleGetRequest::new(role1)).await?;
assert!(role_get_resp.perm.is_empty());

client
.role_delete(AuthRoleDeleteRequest::new(role1))
.await?;

Ok(())
}

#[tokio::test]
async fn user_operations() -> Result<()> {
let (_cluster, client) = get_cluster_client().await?;
let client = client.auth_client();

let name1 = "usr1";
let password1 = "pwd1";
let password2 = "pwd2";

client
.user_add(AuthUserAddRequest::new(name1).with_pwd(password1))
.await?;
client.user_get(AuthUserGetRequest::new(name1)).await?;

let user_list_resp = client.user_list().await?;
assert!(user_list_resp.users.contains(&name1.to_string()));

client
.user_change_password(AuthUserChangePasswordRequest::new(name1, password2))
.await?;

client
.user_delete(AuthUserDeleteRequest::new(name1))
.await?;
client
.user_get(AuthUserGetRequest::new(name1))
.await
.unwrap_err();

Ok(())
}

#[tokio::test]
async fn user_roles() -> Result<()> {
let (_cluster, client) = get_cluster_client().await?;
let client = client.auth_client();

let name1 = "usr1";
let role1 = "role1";
let role2 = "role2";

client
.user_add(AuthUserAddRequest::new(name1).with_no_pwd())
.await?;
client.role_add(AuthRoleAddRequest::new(role1)).await?;
client.role_add(AuthRoleAddRequest::new(role2)).await?;

client
.user_grant_role(AuthUserGrantRoleRequest::new(name1, role1))
.await?;
client
.user_grant_role(AuthUserGrantRoleRequest::new(name1, role2))
.await?;

let user_get_resp = client.user_get(AuthUserGetRequest::new(name1)).await?;
assert_eq!(
user_get_resp.roles,
vec![role1.to_owned(), role2.to_owned()]
);

client
.user_revoke_role(AuthUserRevokeRoleRequest::new(name1, role1))
.await?;
client
.user_revoke_role(AuthUserRevokeRoleRequest::new(name1, role2))
.await?;

Ok(())
}

0 comments on commit 5068a2b

Please sign in to comment.