Skip to content

Commit ee6e39a

Browse files
piotrppintsized
piotrp
authored and
pintsized
committed
Add tests for ACL authentication
1 parent fe8caaf commit ee6e39a

File tree

5 files changed

+65
-7
lines changed

5 files changed

+65
-7
lines changed

Makefile

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,9 @@ REDIS_PREFIX = $(TMP_DIR)/redis-
1717
TEST_REDIS_PORT ?= 6380
1818
TEST_REDIS_PORT_SL1 ?= 6381
1919
TEST_REDIS_PORT_SL2 ?= 6382
20+
TEST_REDIS_PORT_AUTH ?= 6383
2021
TEST_REDIS_PORTS ?= $(TEST_REDIS_PORT) $(TEST_REDIS_PORT_SL1) $(TEST_REDIS_PORT_SL2)
22+
TEST_REDIS_PORTS_ALL ?= $(TEST_REDIS_PORTS) $(TEST_REDIS_PORT_AUTH)
2123
TEST_REDIS_DATABASE ?= 1
2224
TEST_REDIS_SOCKET ?= $(REDIS_PREFIX)$(TEST_REDIS_PORT)$(REDIS_SOCK)
2325

@@ -28,7 +30,9 @@ REDIS_CLI := redis-cli -p $(TEST_REDIS_PORT) -n $(TEST
2830
TEST_SENTINEL_PORT1 ?= 6390
2931
TEST_SENTINEL_PORT2 ?= 6391
3032
TEST_SENTINEL_PORT3 ?= 6392
33+
TEST_SENTINEL_PORT_AUTH ?= 6393
3134
TEST_SENTINEL_PORTS ?= $(TEST_SENTINEL_PORT1) $(TEST_SENTINEL_PORT2) $(TEST_SENTINEL_PORT3)
35+
TEST_SENTINEL_PORTS_ALL ?= $(TEST_SENTINEL_PORTS) $(TEST_SENTINEL_PORT_AUTH)
3236
TEST_SENTINEL_MASTER_NAME ?= mymaster
3337
TEST_SENTINEL_PROMOTION_TIME ?= 20
3438

@@ -37,6 +41,7 @@ TEST_REDIS_VARS = PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$(PATH) \
3741
TEST_NGINX_REDIS_PORT=$(TEST_REDIS_PORT) \
3842
TEST_NGINX_REDIS_PORT_SL1=$(TEST_REDIS_PORT_SL1) \
3943
TEST_NGINX_REDIS_PORT_SL2=$(TEST_REDIS_PORT_SL2) \
44+
TEST_NGINX_REDIS_PORT_AUTH=$(TEST_REDIS_PORT_AUTH) \
4045
TEST_NGINX_REDIS_SOCKET=unix:$(TEST_REDIS_SOCKET) \
4146
TEST_NGINX_REDIS_DATABASE=$(TEST_REDIS_DATABASE) \
4247
TEST_NGINX_NO_SHUFFLE=1
@@ -49,6 +54,7 @@ TEST_NGINX_REDIS_PORT_SL2=$(TEST_NGINX_REDIS_PORT_SL2) \
4954
TEST_NGINX_SENTINEL_PORT1=$(TEST_NGINX_SENTINEL_PORT1) \
5055
TEST_NGINX_SENTINEL_PORT2=$(TEST_NGINX_SENTINEL_PORT2) \
5156
TEST_NGINX_SENTINEL_PORT3=$(TEST_NGINX_SENTINEL_PORT3) \
57+
TEST_NGINX_SENTINEL_PORT_AUTH=$(TEST_NGINX_SENTINEL_AUTH) \
5258
TEST_NGINX_SENTINEL_MASTER_NAME=$(TEST_NGINX_SENTINEL_MASTER_NAME) \
5359
TEST_NGINX_REDIS_DATABASE=$(TEST_NGINX_REDIS_DATABASE) \
5460
TEST_NGINX_NO_SHUFFLE=1
@@ -60,10 +66,14 @@ sentinel down-after-milliseconds $(TEST_SENTINEL_MASTER_NAME) 2000
6066
sentinel failover-timeout $(TEST_SENTINEL_MASTER_NAME) 10000
6167
sentinel parallel-syncs $(TEST_SENTINEL_MASTER_NAME) 5
6268
endef
69+
define TEST_SENTINEL_AUTH_CONFIG
70+
sentinel monitor $(TEST_SENTINEL_MASTER_NAME) 127.0.0.1 $(TEST_REDIS_PORT_AUTH) 1
71+
endef
6372

64-
export TEST_SENTINEL_CONFIG
73+
export TEST_SENTINEL_CONFIG TEST_SENTINEL_AUTH_CONFIG
6574

6675
SENTINEL_CONFIG_FILE = /tmp/sentinel-test-config
76+
SENTINEL_AUTH_CONFIG_FILE = /tmp/sentinel-auth-test-config
6777

6878

6979
PREFIX ?= /usr/local
@@ -103,14 +113,24 @@ start_redis_instances: check_ports create_sentinel_config
103113
prefix=$(REDIS_PREFIX)$(port) && \
104114
) true
105115

116+
$(MAKE) start_redis_instance \
117+
args="--user redisuser on '>redisuserpass' '~*' '&*' '+@all'" \
118+
port=$(TEST_REDIS_PORT_AUTH) \
119+
prefix=$(REDIS_PREFIX)$(TEST_REDIS_PORT_AUTH)
120+
106121
@$(foreach port,$(TEST_SENTINEL_PORTS), \
107122
$(MAKE) start_redis_instance \
108123
port=$(port) args="$(SENTINEL_CONFIG_FILE) --sentinel" \
109124
prefix=$(REDIS_PREFIX)$(port) && \
110125
) true
111126

127+
$(MAKE) start_redis_instance \
128+
args="$(SENTINEL_AUTH_CONFIG_FILE) --sentinel --user sentineluser on '>sentineluserpass' '~*' '&*' '+@all'" \
129+
port=$(TEST_SENTINEL_PORT_AUTH) \
130+
prefix=$(REDIS_PREFIX)$(TEST_SENTINEL_PORT_AUTH)
131+
112132
stop_redis_instances: delete_sentinel_config
113-
-@$(foreach port,$(TEST_REDIS_PORTS) $(TEST_SENTINEL_PORTS), \
133+
-@$(foreach port,$(TEST_REDIS_PORTS_ALL) $(TEST_SENTINEL_PORTS_ALL), \
114134
$(MAKE) stop_redis_instance cleanup_redis_instance port=$(port) \
115135
prefix=$(REDIS_PREFIX)$(port) && \
116136
) true 2>&1 > /dev/null
@@ -145,14 +165,18 @@ flush_db:
145165
create_sentinel_config:
146166
-@echo "Creating $(SENTINEL_CONFIG_FILE)"
147167
@echo "$$TEST_SENTINEL_CONFIG" > $(SENTINEL_CONFIG_FILE)
168+
-@echo "Creating $(SENTINEL_AUTH_CONFIG_FILE)"
169+
@echo "$$TEST_SENTINEL_AUTH_CONFIG" > $(SENTINEL_AUTH_CONFIG_FILE)
148170

149171
delete_sentinel_config:
150172
-@echo "Removing $(SENTINEL_CONFIG_FILE)"
151173
@rm -f $(SENTINEL_CONFIG_FILE)
174+
-@echo "Removing $(SENTINEL_AUTH_CONFIG_FILE)"
175+
@rm -f $(SENTINEL_AUTH_CONFIG_FILE)
152176

153177
check_ports:
154-
-@echo "Checking ports $(REDIS_PORTS)"
155-
@$(foreach port,$(REDIS_PORTS),! lsof -i :$(port) &&) true 2>&1 > /dev/null
178+
-@echo "Checking ports $(TEST_REDIS_PORTS_ALL) $(TEST_SENTINEL_PORTS_ALL)"
179+
@$(foreach port,$(TEST_REDIS_PORTS_ALL) $(TEST_SENTINEL_PORTS_ALL),! lsof -i :$(port) &&) true 2>&1 > /dev/null
156180

157181
test_redis: flush_db
158182
util/lua-releng

t/config.t

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ init_by_lua_block {
1515
}
1616
};
1717

18-
$ENV{TEST_NGINX_REDIS_PORT} ||= 6379;
18+
$ENV{TEST_NGINX_REDIS_PORT} ||= 6380;
1919

2020
no_long_string();
2121
run_tests();

t/connector.t

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@ init_by_lua_block {
1212
};
1313

1414
$ENV{TEST_NGINX_RESOLVER} = '8.8.8.8';
15-
$ENV{TEST_NGINX_REDIS_PORT} ||= 6379;
15+
$ENV{TEST_NGINX_REDIS_PORT} ||= 6380;
16+
$ENV{TEST_NGINX_REDIS_PORT_AUTH} ||= 6393;
1617
$ENV{TEST_NGINX_REDIS_SOCKET} ||= 'unix://tmp/redis/redis.sock';
1718

1819
no_long_string();
@@ -401,6 +402,12 @@ location /t {
401402
assert(redis and not err, "connect should return positively")
402403
assert(redis:set("cat", "dog") and redis:get("cat") == "dog")
403404

405+
local redis, err = rc2:connect({
406+
url = "redis://redisuser:redisuserpass@127.0.0.1:$TEST_NGINX_REDIS_PORT_AUTH/"
407+
})
408+
assert(redis and not err, "connect should return positively")
409+
local username = assert(redis:acl("whoami"))
410+
assert(username == "redisuser", "should connect as 'redisuser' but got " .. tostring(username))
404411
}
405412
}
406413
--- request

t/proxy.t

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ init_by_lua_block {
1212
};
1313

1414
$ENV{TEST_NGINX_RESOLVER} = '8.8.8.8';
15-
$ENV{TEST_NGINX_REDIS_PORT} ||= 6379;
15+
$ENV{TEST_NGINX_REDIS_PORT} ||= 6380;
1616

1717
no_long_string();
1818
run_tests();

t/sentinel.t

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ $ENV{TEST_NGINX_REDIS_PORT_SL2} ||= 6382;
1818
$ENV{TEST_NGINX_SENTINEL_PORT1} ||= 6390;
1919
$ENV{TEST_NGINX_SENTINEL_PORT2} ||= 6391;
2020
$ENV{TEST_NGINX_SENTINEL_PORT3} ||= 6392;
21+
$ENV{TEST_NGINX_SENTINEL_PORT_AUTH} ||= 6393;
2122

2223
no_long_string();
2324
run_tests();
@@ -245,3 +246,29 @@ location /t {
245246
GET /t
246247
--- no_error_log
247248
[error]
249+
250+
=== TEST 6: connect with acl
251+
--- http_config eval: $::HttpConfig
252+
--- config
253+
location /t {
254+
content_by_lua_block {
255+
local rc = require("resty.redis.connector").new()
256+
local redis, err = rc:connect({
257+
username = "redisuser",
258+
password = "redisuserpass",
259+
sentinels = {
260+
{ host = "127.0.0.1", port = $TEST_NGINX_SENTINEL_PORT_AUTH }
261+
},
262+
master_name = "mymaster",
263+
sentinel_username = "sentineluser",
264+
sentinel_username = "sentineluserpass",
265+
})
266+
assert(redis and not err, "redis should connect without error")
267+
local username = assert(redis:acl("whoami"))
268+
assert(username == "redisuser", "should connect as 'redisuser' but got " .. tostring(username))
269+
}
270+
}
271+
--- request
272+
GET /t
273+
--- no_error_log
274+
[error]

0 commit comments

Comments
 (0)