[GitHub] [apisix-dashboard] ShiningRush commented on a change in pull request #951: feat: add etcd basic auth support

Fri, 04 Dec 2020 19:37:47 -0800 


ShiningRush commented on a change in pull request #951:
URL: https://github.com/apache/apisix-dashboard/pull/951#discussion_r536496030



##########
File path: api/test/shell/cli_test.sh
##########
@@ -93,3 +93,49 @@ if [[ `grep -c "INFO" ./error.log` -eq '0' ]]; then
     echo "failed: failed to write log on right level"
     exit 1
 fi
+
+
+# etcd basic auth
+# add root user
+curl -L http://localhost:2379/v3/auth/user/add \
+  -X POST -d '{"name": "root", "password": "apisix-dashboard"}'
+
+# add root role
+curl -L http://localhost:2379/v3/auth/role/add \
+  -X POST -d '{"name": "root"}'
+
+# grant root role to root user
+curl -L http://localhost:2379/v3/auth/user/grant \
+  -X POST -d '{"user": "root", "role": "root"}'
+
+# enable auth
+curl -L http://localhost:2379/v3/auth/enable -X POST -d '{}'
+
+./manager-api &
+sleep 3
+
+# make sure it's wrong
+if [[ `grep -c "etcdserver: user name is empty" ./error.log` -eq '0' ]]; then
+    echo "failed: failed to validate etcd basic auth"
+    exit 1
+fi
+
+# modify etcd auth config
+sed -i '1,$s/# username: "root" # ignore this argument if not enable 
auth/username: "root"/g' conf/conf.yaml
+sed -i '1,$s/# password: "123456" # ignore this argument if not enable 
auth/password: "apisix-dashboard"/g' conf/conf.yaml
+
+./manager-api &
+sleep 3
+
+# validate process is right by requesting login api
+resp=$(curl http://127.0.0.1:9000/apisix/admin/user/login -X POST -d 
'{"username":"admin", "password": "admin"}')

Review comment:
       I think the discussion here is based on our goals:
   - If we only need to confirm that the process is alive, then accessing the 
`/ping` is a better choice, the `/login` has nothing to do with the 
modification this time
   - If we want to verify that the program can access ETCD actually, we should 
access an interface related to it. Because now e2e test is run with 
docker-compose, so I think not to clean dirty is fine, if you ensure consumer 
id is not same with other test cases. 
   
   I have not encountered a situation where the manager-api alive but cannot 
access the ETCD normally, so I think it is acceptable to just verify the 
process survival (although the latter would be better)




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to