e2e: add a test case of JWT token expiration

etcd-io · Feb 27, 2018 · 2a54e32 · 2a54e32
1 parent 8fd01f5
commit 2a54e32
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/e2e/cluster_test.go b/e2e/cluster_test.go
@@ -78,6 +78,11 @@ var (
 		initialToken:          "new",
 		clientCertAuthEnabled: true,
 	}
+	configJWT = etcdProcessClusterConfig{
+		clusterSize:   1,
+		initialToken:  "new",
+		authTokenOpts: "jwt,pub-key=../integration/fixtures/server.crt,priv-key=../integration/fixtures/server.key.insecure,sign-method=RS256,ttl=1s",
+	}
 )
 
 func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig {
@@ -117,6 +122,7 @@ type etcdProcessClusterConfig struct {
 	quotaBackendBytes   int64
 	noStrictReconfig    bool
 	initialCorruptCheck bool
+	authTokenOpts       string
 }
 
 // newEtcdProcessCluster launches a new cluster from etcd processes, returning
@@ -238,6 +244,11 @@ func (cfg *etcdProcessClusterConfig) etcdServerProcessConfigs() []*etcdServerPro
 		}
 
 		args = append(args, cfg.tlsArgs()...)
+
+		if cfg.authTokenOpts != "" {
+			args = append(args, "--auth-token", cfg.authTokenOpts)
+		}
+
 		etcdCfgs[i] = &etcdServerProcessConfig{
 			execPath:     cfg.execPath,
 			args:         args,

diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go
@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"os"
 	"testing"
+	"time"
 
 	"github.com/coreos/etcd/clientv3"
 )
@@ -58,6 +59,7 @@ func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }
 func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
 	testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth))
 }
+func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) }
 
 func authEnableTest(cx ctlCtx) {
 	if err := authEnable(cx); err != nil {
@@ -1073,3 +1075,24 @@ func authTestCertCNAndUsername(cx ctlCtx) {
 		cx.t.Error(err)
 	}
 }
+
+func authTestJWTExpire(cx ctlCtx) {
+	if err := authEnable(cx); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	cx.user, cx.pass = "root", "root"
+	authSetupTestUser(cx)
+
+	// try a granted key
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
+		cx.t.Error(err)
+	}
+
+	// wait an expiration of my JWT token
+	<-time.After(3 * time.Second)
+
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
+		cx.t.Error(err)
+	}
+}