-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
232 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,127 @@ | ||
| package pika_integration | ||
|
|
||
| import ( | ||
| "context" | ||
| . "github.com/bsm/ginkgo/v2" | ||
| . "github.com/bsm/gomega" | ||
| "github.com/redis/go-redis/v9" | ||
| ) | ||
|
|
||
| var _ = Describe("Acl test", func() { | ||
| ctx := context.TODO() | ||
|
|
||
| It("has requirepass & userpass & blacklist", func() { | ||
| client := redis.NewClient(PikaOption(ACLADDR_1)) | ||
| authRes := client.Do(ctx, "auth", "wrong!") | ||
| Expect(authRes.Err()).To(MatchError("WRONGPASS invalid username-password pair or user is disabled.")) | ||
|
|
||
| // user:limit | ||
| authRes = client.Do(ctx, "auth", "userpass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(authRes.Val()).To(Equal("OK")) | ||
|
|
||
| limitRes := client.Do(ctx, "flushall") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command")) | ||
|
|
||
| limitRes = client.Do(ctx, "flushdb") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command")) | ||
|
|
||
| // user:default | ||
| authRes = client.Do(ctx, "auth", "requirepass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(authRes.Val()).To(Equal("OK")) | ||
|
|
||
| adminRes := client.Do(ctx, "flushall") | ||
| Expect(adminRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(adminRes.Val()).To(Equal("OK")) | ||
|
|
||
| adminRes = client.Do(ctx, "flushdb") | ||
| Expect(adminRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(adminRes.Val()).To(Equal("OK")) | ||
|
|
||
| }) | ||
| It("has requirepass & blacklist", func() { | ||
| client := redis.NewClient(PikaOption(ACLADDR_2)) | ||
|
|
||
| // user:limit | ||
| authRes := client.Do(ctx, "auth", "anypass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
|
|
||
| limitRes := client.Do(ctx, "flushall") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command")) | ||
|
|
||
| limitRes = client.Do(ctx, "flushdb") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command")) | ||
|
|
||
| // user:default | ||
| authRes = client.Do(ctx, "auth", "requirepass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(authRes.Val()).To(Equal("OK")) | ||
|
|
||
| adminRes := client.Do(ctx, "flushall") | ||
| Expect(adminRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(adminRes.Val()).To(Equal("OK")) | ||
|
|
||
| adminRes = client.Do(ctx, "flushdb") | ||
| Expect(adminRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(adminRes.Val()).To(Equal("OK")) | ||
|
|
||
| }) | ||
| It("has other acl user", func() { | ||
| client := redis.NewClient(PikaOption(ACLADDR_3)) | ||
|
|
||
| authRes := client.Do(ctx, "auth", "wrong!") | ||
| Expect(authRes.Err()).To(MatchError("WRONGPASS invalid username-password pair or user is disabled.")) | ||
|
|
||
| // user:limit | ||
| authRes = client.Do(ctx, "auth", "userpass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(authRes.Val()).To(Equal("OK")) | ||
|
|
||
| limitRes := client.Do(ctx, "flushall") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command")) | ||
|
|
||
| limitRes = client.Do(ctx, "flushdb") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command")) | ||
|
|
||
| // user:limit | ||
| authRes = client.Do(ctx, "auth", "limitpass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(authRes.Val()).To(Equal("OK")) | ||
|
|
||
| limitRes = client.Do(ctx, "flushall") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command")) | ||
|
|
||
| limitRes = client.Do(ctx, "flushdb") | ||
| Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command")) | ||
|
|
||
| // user:default | ||
| authRes = client.Do(ctx, "auth", "requirepass") | ||
| Expect(authRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(authRes.Val()).To(Equal("OK")) | ||
|
|
||
| adminRes := client.Do(ctx, "flushall") | ||
| Expect(adminRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(adminRes.Val()).To(Equal("OK")) | ||
|
|
||
| adminRes = client.Do(ctx, "flushdb") | ||
| Expect(adminRes.Err()).NotTo(HaveOccurred()) | ||
| Expect(adminRes.Val()).To(Equal("OK")) | ||
|
|
||
| dryRun := client.ACLDryRun(ctx, "default", "get", "randomKey") | ||
|
|
||
| Expect(dryRun.Err()).NotTo(HaveOccurred()) | ||
| Expect(dryRun.Val()).To(Equal("OK")) | ||
|
|
||
| // Call ACL LOG RESET | ||
| resetCmd := client.ACLLogReset(ctx) | ||
| Expect(resetCmd.Err()).NotTo(HaveOccurred()) | ||
| Expect(resetCmd.Val()).To(Equal("OK")) | ||
|
|
||
| // Verify that the log is empty after the reset | ||
| logEntries, err := client.ACLLog(ctx, 10).Result() | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| Expect(len(logEntries)).To(Equal(0)) | ||
| }) | ||
|
|
||
| }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,99 @@ | ||
| #!/bin/bash | ||
| # This script is used by .github/workflows/pika.yml, Do not modify this file unless you know what you are doing. | ||
| # it's used to start pika master and slave, running path: build | ||
| cp ../tests/conf/pika.conf ./pika_master.conf | ||
| cp ../tests/conf/pika.conf ./pika_slave.conf | ||
| cp ../../output/pika ./pika | ||
| cp ../conf/pika.conf ./pika_single.conf | ||
| cp ../conf/pika.conf ./pika_master.conf | ||
| cp ../conf/pika.conf ./pika_slave.conf | ||
| cp ../conf/pika.conf ./pika_rename.conf | ||
| cp ../conf/pika.conf ./pika_acl_both_password.conf | ||
| cp ../conf/pika.conf ./pika_acl_only_admin_password.conf | ||
| cp ../conf/pika.conf ./pika_has_other_acl_user.conf | ||
| # Create folders for storing data on the primary and secondary nodes | ||
| mkdir master_data | ||
| mkdir slave_data | ||
| sed -i '' -e 's|databases : 1|databases : 2|' -e 's|#daemonize : yes|daemonize : yes|' ./pika_master.conf | ||
| sed -i '' -e 's|databases : 1|databases : 2|' -e 's|port : 9221|port : 9231|' -e 's|log-path : ./log/|log-path : ./slave_data/log/|' -e 's|db-path : ./db/|db-path : ./slave_data/db/|' -e 's|dump-path : ./dump/|dump-path : ./slave_data/dump/|' -e 's|pidfile : ./pika.pid|pidfile : ./slave_data/pika.pid|' -e 's|db-sync-path : ./dbsync/|db-sync-path : ./slave_data/dbsync/|' -e 's|#daemonize : yes|daemonize : yes|' ./pika_slave.conf | ||
| # Example Change the location for storing data on primary and secondary nodes in the configuration file | ||
| sed -i '' \ | ||
| -e 's|databases : 1|databases : 2|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_single.conf | ||
|
|
||
| sed -i '' \ | ||
| -e 's|databases : 1|databases : 2|' \ | ||
| -e 's|port : 9221|port : 9241|' \ | ||
| -e 's|log-path : ./log/|log-path : ./master_data/log/|' \ | ||
| -e 's|db-path : ./db/|db-path : ./master_data/db/|' \ | ||
| -e 's|dump-path : ./dump/|dump-path : ./master_data/dump/|' \ | ||
| -e 's|pidfile : ./pika.pid|pidfile : ./master_data/pika.pid|' \ | ||
| -e 's|db-sync-path : ./dbsync/|db-sync-path : ./master_data/dbsync/|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_master.conf | ||
|
|
||
| sed -i '' \ | ||
| -e 's|databases : 1|databases : 2|' \ | ||
| -e 's|port : 9221|port : 9231|' \ | ||
| -e 's|log-path : ./log/|log-path : ./slave_data/log/|' \ | ||
| -e 's|db-path : ./db/|db-path : ./slave_data/db/|' \ | ||
| -e 's|dump-path : ./dump/|dump-path : ./slave_data/dump/|' \ | ||
| -e 's|pidfile : ./pika.pid|pidfile : ./slave_data/pika.pid|' \ | ||
| -e 's|db-sync-path : ./dbsync/|db-sync-path : ./slave_data/dbsync/|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_slave.conf | ||
|
|
||
| sed -i '' \ | ||
| -e 's|# rename-command : FLUSHALL 360flushall|rename-command : FLUSHALL 360flushall|' \ | ||
| -e 's|# rename-command : FLUSHDB 360flushdb|rename-command : FLUSHDB 360flushdb|' \ | ||
| -e 's|databases : 1|databases : 2|' \ | ||
| -e 's|port : 9221|port : 9251|' \ | ||
| -e 's|log-path : ./log/|log-path : ./rename_data/log/|' \ | ||
| -e 's|db-path : ./db/|db-path : ./rename_data/db/|' \ | ||
| -e 's|dump-path : ./dump/|dump-path : ./rename_data/dump/|' \ | ||
| -e 's|pidfile : ./pika.pid|pidfile : ./rename_data/pika.pid|' \ | ||
| -e 's|db-sync-path : ./dbsync/|db-sync-path : ./rename_data/dbsync/|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_rename.conf | ||
|
|
||
| sed -i '' \ | ||
| -e 's|requirepass :|requirepass : requirepass|' \ | ||
| -e 's|masterauth :|masterauth : requirepass|' \ | ||
| -e 's|# userpass :|userpass : userpass|' \ | ||
| -e 's|# userblacklist :|userblacklist : flushall,flushdb|' \ | ||
| -e 's|port : 9221|port : 9261|' \ | ||
| -e 's|log-path : ./log/|log-path : ./acl1_data/log/|' \ | ||
| -e 's|db-path : ./db/|db-path : ./acl1_data/db/|' \ | ||
| -e 's|dump-path : ./dump/|dump-path : ./acl1_data/dump/|' \ | ||
| -e 's|pidfile : ./pika.pid|pidfile : ./acl1_data/pika.pid|' \ | ||
| -e 's|db-sync-path : ./dbsync/|db-sync-path : ./acl1_data/dbsync/|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_acl_both_password.conf | ||
|
|
||
| sed -i '' \ | ||
| -e 's|requirepass :|requirepass : requirepass|' \ | ||
| -e 's|masterauth :|masterauth : requirepass|' \ | ||
| -e 's|# userblacklist :|userblacklist : flushall,flushdb|' \ | ||
| -e 's|port : 9221|port : 9271|' \ | ||
| -e 's|log-path : ./log/|log-path : ./acl2_data/log/|' \ | ||
| -e 's|db-path : ./db/|db-path : ./acl2_data/db/|' \ | ||
| -e 's|dump-path : ./dump/|dump-path : ./acl2_data/dump/|' \ | ||
| -e 's|pidfile : ./pika.pid|pidfile : ./acl2_data/pika.pid|' \ | ||
| -e 's|db-sync-path : ./dbsync/|db-sync-path : ./acl2_data/dbsync/|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_acl_only_admin_password.conf | ||
| sed -i '' \ | ||
| -e 's|requirepass :|requirepass : requirepass|' \ | ||
| -e 's|masterauth :|masterauth : requirepass|' \ | ||
| -e 's|# userpass :|userpass : userpass|' \ | ||
| -e 's|# userblacklist :|userblacklist : flushall,flushdb|' \ | ||
| -e 's|port : 9221|port : 9281|' \ | ||
| -e 's|log-path : ./log/|log-path : ./acl3_data/log/|' \ | ||
| -e 's|db-path : ./db/|db-path : ./acl3_data/db/|' \ | ||
| -e 's|dump-path : ./dump/|dump-path : ./acl3_data/dump/|' \ | ||
| -e 's|pidfile : ./pika.pid|pidfile : ./acl3_data/pika.pid|' \ | ||
| -e 's|db-sync-path : ./dbsync/|db-sync-path : ./acl3_data/dbsync/|' \ | ||
| -e 's|#daemonize : yes|daemonize : yes|' ./pika_has_other_acl_user.conf | ||
| echo -e '\nuser : limit on >limitpass ~* +@all &*' >> ./pika_has_other_acl_user.conf | ||
|
|
||
| # Start three nodes | ||
| ./pika -c ./pika_single.conf | ||
| ./pika -c ./pika_master.conf | ||
| ./pika -c ./pika_slave.conf | ||
| ./pika -c ./pika_rename.conf | ||
| ./pika -c ./pika_acl_both_password.conf | ||
| ./pika -c ./pika_acl_only_admin_password.conf | ||
| ./pika -c ./pika_has_other_acl_user.conf | ||
| #ensure both master and slave are ready | ||
| sleep 10 |