diff --git a/e2e/ctl_v3_defrag_test.go b/e2e/ctl_v3_defrag_test.go index ccaa845f2be8..f041b4e05aaf 100644 --- a/e2e/ctl_v3_defrag_test.go +++ b/e2e/ctl_v3_defrag_test.go @@ -16,15 +16,20 @@ package e2e import "testing" -func TestCtlV3Defrag(t *testing.T) { testCtl(t, defragTest) } +func TestCtlV3Defrag(t *testing.T) { testCtl(t, defragTest) } +func TestCtlV3DefragWithAuth(t *testing.T) { testCtl(t, defragTestWithAuth) } -func defragTest(cx ctlCtx) { +func initKeys(cx ctlCtx) { var kvs = []kv{{"key", "val1"}, {"key", "val2"}, {"key", "val3"}} for i := range kvs { if err := ctlV3Put(cx, kvs[i].key, kvs[i].val, ""); err != nil { cx.t.Fatal(err) } } +} + +func defragTest(cx ctlCtx) { + initKeys(cx) if err := ctlV3Compact(cx, 4, cx.compactPhysical); err != nil { cx.t.Fatal(err) @@ -35,6 +40,29 @@ func defragTest(cx ctlCtx) { } } +func defragTestWithAuth(cx ctlCtx) { + initKeys(cx) + + if err := authEnable(cx); err != nil { + cx.t.Fatal(err) + } + + cx.user, cx.pass = "root", "root" + authSetupTestUser(cx) + + // ordinal user cannot defrag + cx.user, cx.pass = "test-user", "pass" + if err := ctlV3Defrag(cx); err == nil { + cx.t.Fatal("ordinal user should not be able to issue a defrag request") + } + + // root can defrag + cx.user, cx.pass = "root", "root" + if err := ctlV3Defrag(cx); err != nil { + cx.t.Fatal(err) + } +} + func ctlV3Defrag(cx ctlCtx) error { cmdArgs := append(cx.PrefixArgs(), "defrag") lines := make([]string, cx.epc.cfg.clusterSize) diff --git a/e2e/ctl_v3_snapshot_test.go b/e2e/ctl_v3_snapshot_test.go index 0402feff593f..b3878969c6c9 100644 --- a/e2e/ctl_v3_snapshot_test.go +++ b/e2e/ctl_v3_snapshot_test.go @@ -242,3 +242,47 @@ func TestIssue6361(t *testing.T) { t.Fatal(err) } } + +func TestCtlV3SnapshotWithAuth(t *testing.T) { testCtl(t, snapshotTestWithAuth) } + +func snapshotTestWithAuth(cx ctlCtx) { + var kvs = []kv{{"key", "val1"}, {"key", "val2"}, {"key", "val3"}} + for i := range kvs { + if err := ctlV3Put(cx, kvs[i].key, kvs[i].val, ""); err != nil { + cx.t.Fatal(err) + } + } + + if err := authEnable(cx); err != nil { + cx.t.Fatal(err) + } + + cx.user, cx.pass = "root", "root" + authSetupTestUser(cx) + + fpath := "test.snapshot" + defer os.RemoveAll(fpath) + + // ordinal user cannot save a snapshot + cx.user, cx.pass = "test-user", "pass" + if err := ctlV3SnapshotSave(cx, fpath); err == nil { + cx.t.Fatal("ordinal user should not be able to save a snapshot") + } + + // root can save a snapshot + cx.user, cx.pass = "root", "root" + if err := ctlV3SnapshotSave(cx, fpath); err != nil { + cx.t.Fatalf("snapshotTest ctlV3SnapshotSave error (%v)", err) + } + + st, err := getSnapshotStatus(cx, fpath) + if err != nil { + cx.t.Fatalf("snapshotTest getSnapshotStatus error (%v)", err) + } + if st.Revision != 4 { + cx.t.Fatalf("expected 4, got %d", st.Revision) + } + if st.TotalKey < 3 { + cx.t.Fatalf("expected at least 3, got %d", st.TotalKey) + } +}