From dafb0bf66166f0da9a9ec395f613cb09899829d8 Mon Sep 17 00:00:00 2001
From: JayLiu <38887641+luky116@users.noreply.github.com>
Date: Tue, 12 Mar 2024 23:05:13 +0800
Subject: [PATCH] cherry pick

---
 tests/integration/acl_test.go               | 127 ++++++++++++++++++++
 tests/integration/options.go                |  14 +++
 tests/integration/start_master_and_slave.sh |  95 ++++++++++++++-
 3 files changed, 232 insertions(+), 4 deletions(-)
 create mode 100644 tests/integration/acl_test.go

diff --git a/tests/integration/acl_test.go b/tests/integration/acl_test.go
new file mode 100644
index 0000000000..1bf7bbdfe6
--- /dev/null
+++ b/tests/integration/acl_test.go
@@ -0,0 +1,127 @@
+package pika_integration
+
+import (
+	"context"
+	. "github.com/bsm/ginkgo/v2"
+	. "github.com/bsm/gomega"
+	"github.com/redis/go-redis/v9"
+)
+
+var _ = Describe("Acl test", func() {
+	ctx := context.TODO()
+
+	It("has requirepass & userpass & blacklist", func() {
+		client := redis.NewClient(PikaOption(ACLADDR_1))
+		authRes := client.Do(ctx, "auth", "wrong!")
+		Expect(authRes.Err()).To(MatchError("WRONGPASS invalid username-password pair or user is disabled."))
+
+		// user:limit
+		authRes = client.Do(ctx, "auth", "userpass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+		Expect(authRes.Val()).To(Equal("OK"))
+
+		limitRes := client.Do(ctx, "flushall")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command"))
+
+		limitRes = client.Do(ctx, "flushdb")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command"))
+
+		// user:default
+		authRes = client.Do(ctx, "auth", "requirepass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+		Expect(authRes.Val()).To(Equal("OK"))
+
+		adminRes := client.Do(ctx, "flushall")
+		Expect(adminRes.Err()).NotTo(HaveOccurred())
+		Expect(adminRes.Val()).To(Equal("OK"))
+
+		adminRes = client.Do(ctx, "flushdb")
+		Expect(adminRes.Err()).NotTo(HaveOccurred())
+		Expect(adminRes.Val()).To(Equal("OK"))
+
+	})
+	It("has requirepass & blacklist", func() {
+		client := redis.NewClient(PikaOption(ACLADDR_2))
+
+		// user:limit
+		authRes := client.Do(ctx, "auth", "anypass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+
+		limitRes := client.Do(ctx, "flushall")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command"))
+
+		limitRes = client.Do(ctx, "flushdb")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command"))
+
+		// user:default
+		authRes = client.Do(ctx, "auth", "requirepass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+		Expect(authRes.Val()).To(Equal("OK"))
+
+		adminRes := client.Do(ctx, "flushall")
+		Expect(adminRes.Err()).NotTo(HaveOccurred())
+		Expect(adminRes.Val()).To(Equal("OK"))
+
+		adminRes = client.Do(ctx, "flushdb")
+		Expect(adminRes.Err()).NotTo(HaveOccurred())
+		Expect(adminRes.Val()).To(Equal("OK"))
+
+	})
+	It("has other acl user", func() {
+		client := redis.NewClient(PikaOption(ACLADDR_3))
+
+		authRes := client.Do(ctx, "auth", "wrong!")
+		Expect(authRes.Err()).To(MatchError("WRONGPASS invalid username-password pair or user is disabled."))
+
+		// user:limit
+		authRes = client.Do(ctx, "auth", "userpass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+		Expect(authRes.Val()).To(Equal("OK"))
+
+		limitRes := client.Do(ctx, "flushall")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command"))
+
+		limitRes = client.Do(ctx, "flushdb")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command"))
+
+		// user:limit
+		authRes = client.Do(ctx, "auth", "limitpass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+		Expect(authRes.Val()).To(Equal("OK"))
+
+		limitRes = client.Do(ctx, "flushall")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushall' command"))
+
+		limitRes = client.Do(ctx, "flushdb")
+		Expect(limitRes.Err()).To(MatchError("NOPERM this user has no permissions to run the 'flushdb' command"))
+
+		// user:default
+		authRes = client.Do(ctx, "auth", "requirepass")
+		Expect(authRes.Err()).NotTo(HaveOccurred())
+		Expect(authRes.Val()).To(Equal("OK"))
+
+		adminRes := client.Do(ctx, "flushall")
+		Expect(adminRes.Err()).NotTo(HaveOccurred())
+		Expect(adminRes.Val()).To(Equal("OK"))
+
+		adminRes = client.Do(ctx, "flushdb")
+		Expect(adminRes.Err()).NotTo(HaveOccurred())
+		Expect(adminRes.Val()).To(Equal("OK"))
+
+		dryRun := client.ACLDryRun(ctx, "default", "get", "randomKey")
+
+		Expect(dryRun.Err()).NotTo(HaveOccurred())
+		Expect(dryRun.Val()).To(Equal("OK"))
+
+		// Call ACL LOG RESET
+		resetCmd := client.ACLLogReset(ctx)
+		Expect(resetCmd.Err()).NotTo(HaveOccurred())
+		Expect(resetCmd.Val()).To(Equal("OK"))
+
+		// Verify that the log is empty after the reset
+		logEntries, err := client.ACLLog(ctx, 10).Result()
+		Expect(err).NotTo(HaveOccurred())
+		Expect(len(logEntries)).To(Equal(0))
+	})
+
+})
diff --git a/tests/integration/options.go b/tests/integration/options.go
index dc7a0bb8ed..174a2f8890 100644
--- a/tests/integration/options.go
+++ b/tests/integration/options.go
@@ -6,6 +6,20 @@ import (
 	"github.com/redis/go-redis/v9"
 )
 
+const (
+	LOCALHOST  = "127.0.0.1"
+	SLAVEPORT  = "9231"
+	MASTERPORT = "9241"
+	SINGLEADDR = "127.0.0.1:9221"
+	SLAVEADDR  = "127.0.0.1:9231"
+	MASTERADDR = "127.0.0.1:9241"
+	RenameADDR = "127.0.0.1:9251"
+
+	ACLADDR_1 = "127.0.0.1:9261"
+	ACLADDR_2 = "127.0.0.1:9271"
+	ACLADDR_3 = "127.0.0.1:9281"
+)
+
 type TimeValue struct {
 	time.Time
 }
diff --git a/tests/integration/start_master_and_slave.sh b/tests/integration/start_master_and_slave.sh
index c2b6a01c38..527aa04eed 100755
--- a/tests/integration/start_master_and_slave.sh
+++ b/tests/integration/start_master_and_slave.sh
@@ -1,12 +1,99 @@
 #!/bin/bash
 # This script is used by .github/workflows/pika.yml, Do not modify this file unless you know what you are doing.
 # it's used to start pika master and slave, running path: build
-cp ../tests/conf/pika.conf ./pika_master.conf
-cp ../tests/conf/pika.conf ./pika_slave.conf
+cp ../../output/pika ./pika
+cp ../conf/pika.conf ./pika_single.conf
+cp ../conf/pika.conf ./pika_master.conf
+cp ../conf/pika.conf ./pika_slave.conf
+cp ../conf/pika.conf ./pika_rename.conf
+cp ../conf/pika.conf ./pika_acl_both_password.conf
+cp ../conf/pika.conf ./pika_acl_only_admin_password.conf
+cp ../conf/pika.conf ./pika_has_other_acl_user.conf
+# Create folders for storing data on the primary and secondary nodes
+mkdir master_data
 mkdir slave_data
-sed -i '' -e 's|databases : 1|databases : 2|' -e 's|#daemonize : yes|daemonize : yes|' ./pika_master.conf
-sed -i '' -e 's|databases : 1|databases : 2|' -e 's|port : 9221|port : 9231|' -e 's|log-path : ./log/|log-path : ./slave_data/log/|' -e 's|db-path : ./db/|db-path : ./slave_data/db/|' -e 's|dump-path : ./dump/|dump-path : ./slave_data/dump/|' -e 's|pidfile : ./pika.pid|pidfile : ./slave_data/pika.pid|' -e 's|db-sync-path : ./dbsync/|db-sync-path : ./slave_data/dbsync/|' -e 's|#daemonize : yes|daemonize : yes|' ./pika_slave.conf
+# Example Change the location for storing data on primary and secondary nodes in the configuration file
+sed -i ''  \
+  -e 's|databases : 1|databases : 2|'  \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_single.conf
+
+sed -i ''  \
+  -e 's|databases : 1|databases : 2|'  \
+  -e 's|port : 9221|port : 9241|'  \
+  -e 's|log-path : ./log/|log-path : ./master_data/log/|'  \
+  -e 's|db-path : ./db/|db-path : ./master_data/db/|'  \
+  -e 's|dump-path : ./dump/|dump-path : ./master_data/dump/|'  \
+  -e 's|pidfile : ./pika.pid|pidfile : ./master_data/pika.pid|'  \
+  -e 's|db-sync-path : ./dbsync/|db-sync-path : ./master_data/dbsync/|'  \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_master.conf
+
+sed -i ''  \
+  -e 's|databases : 1|databases : 2|'  \
+  -e 's|port : 9221|port : 9231|'  \
+  -e 's|log-path : ./log/|log-path : ./slave_data/log/|'  \
+  -e 's|db-path : ./db/|db-path : ./slave_data/db/|'  \
+  -e 's|dump-path : ./dump/|dump-path : ./slave_data/dump/|'  \
+  -e 's|pidfile : ./pika.pid|pidfile : ./slave_data/pika.pid|'  \
+  -e 's|db-sync-path : ./dbsync/|db-sync-path : ./slave_data/dbsync/|'  \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_slave.conf
+
+sed -i ''  \
+  -e 's|# rename-command : FLUSHALL 360flushall|rename-command : FLUSHALL 360flushall|'  \
+  -e 's|# rename-command : FLUSHDB 360flushdb|rename-command : FLUSHDB 360flushdb|'  \
+  -e 's|databases : 1|databases : 2|'  \
+  -e 's|port : 9221|port : 9251|'  \
+  -e 's|log-path : ./log/|log-path : ./rename_data/log/|'  \
+  -e 's|db-path : ./db/|db-path : ./rename_data/db/|'  \
+  -e 's|dump-path : ./dump/|dump-path : ./rename_data/dump/|'  \
+  -e 's|pidfile : ./pika.pid|pidfile : ./rename_data/pika.pid|'  \
+  -e 's|db-sync-path : ./dbsync/|db-sync-path : ./rename_data/dbsync/|'  \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_rename.conf
+
+sed -i ''  \
+  -e 's|requirepass :|requirepass : requirepass|' \
+  -e 's|masterauth :|masterauth : requirepass|' \
+  -e 's|# userpass :|userpass : userpass|' \
+  -e 's|# userblacklist :|userblacklist : flushall,flushdb|' \
+  -e 's|port : 9221|port : 9261|' \
+  -e 's|log-path : ./log/|log-path : ./acl1_data/log/|' \
+  -e 's|db-path : ./db/|db-path : ./acl1_data/db/|' \
+  -e 's|dump-path : ./dump/|dump-path : ./acl1_data/dump/|' \
+  -e 's|pidfile : ./pika.pid|pidfile : ./acl1_data/pika.pid|' \
+  -e 's|db-sync-path : ./dbsync/|db-sync-path : ./acl1_data/dbsync/|' \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_acl_both_password.conf
+
+sed -i ''  \
+  -e 's|requirepass :|requirepass : requirepass|'  \
+  -e 's|masterauth :|masterauth : requirepass|'  \
+  -e 's|# userblacklist :|userblacklist : flushall,flushdb|'  \
+  -e 's|port : 9221|port : 9271|'  \
+  -e 's|log-path : ./log/|log-path : ./acl2_data/log/|'  \
+  -e 's|db-path : ./db/|db-path : ./acl2_data/db/|'  \
+  -e 's|dump-path : ./dump/|dump-path : ./acl2_data/dump/|'  \
+  -e 's|pidfile : ./pika.pid|pidfile : ./acl2_data/pika.pid|'  \
+  -e 's|db-sync-path : ./dbsync/|db-sync-path : ./acl2_data/dbsync/|'  \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_acl_only_admin_password.conf
+sed -i ''  \
+  -e 's|requirepass :|requirepass : requirepass|'  \
+  -e 's|masterauth :|masterauth : requirepass|'  \
+  -e 's|# userpass :|userpass : userpass|'  \
+  -e 's|# userblacklist :|userblacklist : flushall,flushdb|'  \
+  -e 's|port : 9221|port : 9281|'   \
+  -e 's|log-path : ./log/|log-path : ./acl3_data/log/|'  \
+  -e 's|db-path : ./db/|db-path : ./acl3_data/db/|'  \
+  -e 's|dump-path : ./dump/|dump-path : ./acl3_data/dump/|'  \
+  -e 's|pidfile : ./pika.pid|pidfile : ./acl3_data/pika.pid|'  \
+  -e 's|db-sync-path : ./dbsync/|db-sync-path : ./acl3_data/dbsync/|'  \
+  -e 's|#daemonize : yes|daemonize : yes|' ./pika_has_other_acl_user.conf
+echo -e '\nuser : limit on >limitpass ~* +@all &*' >> ./pika_has_other_acl_user.conf
+
+# Start three nodes
+./pika -c ./pika_single.conf
 ./pika -c ./pika_master.conf
 ./pika -c ./pika_slave.conf
+./pika -c ./pika_rename.conf
+./pika -c ./pika_acl_both_password.conf
+./pika -c ./pika_acl_only_admin_password.conf
+./pika -c ./pika_has_other_acl_user.conf
 #ensure both master and slave are ready
 sleep 10
\ No newline at end of file