Merge pull request #19 from SergeyTsaplin/fix-auth-for-with-scope-calls

gaopeiliang · web-flow · commit 4709a2a412cc · 2020-09-30T23:23:17.000+08:00
Fix password auth for `with_scope` calls
diff --git a/aioetcd3/base.py b/aioetcd3/base.py
@@ -49,12 +49,7 @@ def _update_cluster_info(self, header):
     def get_cluster_info(self):
         return self.last_response_info
 
-    async def grpc_call(self, stub_func, request, timeout=_default_timeout, skip_auth=False):
-        if timeout is _default_timeout:
-            timeout = self.timeout
-
-        # If the username and password are set, trying to call the auth.authenticate
-        # method to get the auth token. If the token already received - just use it.
+    async def _authenticate_if_needed(self, skip_auth=False):
         if self.username is not None and self.password is not None and not skip_auth:
             if self._metadata is None:  # We need to call self._authenticate for the first rpc call only
                 try:
@@ -64,6 +59,14 @@ async def grpc_call(self, stub_func, request, timeout=_default_timeout, skip_aut
                         raise AuthError(exc._state.details, exc._state.debug_error_string)
                     raise exc
 
+    async def grpc_call(self, stub_func, request, timeout=_default_timeout, skip_auth=False):
+        if timeout is _default_timeout:
+            timeout = self.timeout
+
+        # If the username and password are set, trying to call the auth.authenticate
+        # method to get the auth token. If the token already received - just use it.
+        await self._authenticate_if_needed(skip_auth=skip_auth)
+
         try:
             response = await stub_func(
                 request, timeout=timeout, credentials=self._call_credentials, metadata=self._metadata
diff --git a/aioetcd3/lease.py b/aioetcd3/lease.py
@@ -87,8 +87,13 @@ async def generate_request(request):
             for re in [request]:
                 yield re
 
+        await self._authenticate_if_needed()
         new_lease = None
-        async with self._lease_stub.LeaseKeepAlive.with_scope(generate_request(lease_request)) as result:
+        async with self._lease_stub.LeaseKeepAlive.with_scope(
+            generate_request(lease_request),
+            credentials=self._call_credentials,
+            metadata=self._metadata
+        ) as result:
             async for r in result:
                 self._update_cluster_info(r.header)
                 new_lease = RLease(r.TTL, r.ID, self)
diff --git a/aioetcd3/watch.py b/aioetcd3/watch.py
@@ -205,8 +205,12 @@ async def input_iterator(input_queue):
                 if n is None:
                     break
                 yield n
+
         async def watch_call(input_queue, watch_stub, output_pipe):
-            async with watch_stub.Watch.with_scope(input_iterator(input_queue)) as response_iter:
+            await self._authenticate_if_needed()
+            async with watch_stub.Watch.with_scope(
+                    input_iterator(input_queue), credentials=self._call_credentials, metadata=self._metadata
+            ) as response_iter:
                 async for r in response_iter:
                     await output_pipe.put(r)
         last_received_revision = None
diff --git a/setup.py b/setup.py
@@ -2,7 +2,7 @@
 
 from setuptools import setup, find_packages
 
-version = "1.12"
+version = "1.13"
 
 try:
     import pypandoc
diff --git a/test/test_auth.py b/test/test_auth.py
@@ -6,6 +6,8 @@
 from aioetcd3.help import range_all, PER_RW
 from aioetcd3.exceptions import AuthError, Unauthenticated, PermissionDenied
 
+from .utils import switch_auth_off, switch_auth_on
+
 
 def asynctest(f):
     @functools.wraps(f)
@@ -153,22 +155,12 @@ async def setUp(self):
         self.endpoints = "127.0.0.1:2379"
         self.unauthenticated_client = client(endpoint=self.endpoints)
         await self.cleanUp()
-        await self.prepare_users_and_roles()
+        await switch_auth_on(self.unauthenticated_client)
         self.client_client = client(
             endpoint=self.endpoints, username="client", password="client"
         )
         self.root_client = client(endpoint=self.endpoints, username="root", password="root")
 
-    async def prepare_users_and_roles(self):
-        await self.unauthenticated_client.user_add(username="root", password="root")
-        await self.unauthenticated_client.role_add(name='root')
-        await self.unauthenticated_client.user_grant_role(username='root', role='root')
-
-        await self.unauthenticated_client.user_add(username='client', password='client')
-        await self.unauthenticated_client.role_add(name='client')
-        await self.unauthenticated_client.user_grant_role(username='client', role='client')
-        await self.unauthenticated_client.auth_enable()
-
     async def create_kv_for_test(self):
         await self.root_client.put('/foo', '/foo')
         value, meta = await self.root_client.get('/foo')
@@ -208,30 +200,12 @@ async def test_wrong_token(self):
         with self.assertRaises(Unauthenticated) as exc:
             await new_client.get("/foo")
 
-    async def delete_all_users(self):
-        # It's necessary to use unauthenticated client here, because root user
-        # cannot be deleted when the auth is enabled
-        users = await self.unauthenticated_client.user_list()
-
-        for u in users:
-            await self.unauthenticated_client.user_delete(username=u)
-
-    async def delete_all_roles(self):
-        # It's necessary to use unauthenticated client here, because root user
-        # cannot be deleted when the auth is enabled
-        roles = await self.unauthenticated_client.role_list()
-
-        for r in roles:
-            await self.unauthenticated_client.role_delete(name=r)
-
     async def cleanUp(self):
         await self.unauthenticated_client.delete(range_all())
-        await self.delete_all_users()
-        await self.delete_all_roles()
 
     @asynctest
     async def tearDown(self):
-        await self.root_client.auth_disable()
+        await switch_auth_off(self.root_client, self.unauthenticated_client)
         await self.cleanUp()
 
 
@@ -244,23 +218,13 @@ async def setUp(self):
             ca_file="test/cfssl/ca.pem",
         )
         await self.cleanUp()
-        await self.prepare_users_and_roles()
+        await switch_auth_on(self.unauthenticated_client)
         self.root_client = ssl_client(endpoint=self.endpoints, ca_file="test/cfssl/ca.pem",
                                       username="root", password="root")
 
         self.client_client = ssl_client(endpoint=self.endpoints, ca_file="test/cfssl/ca.pem",
                                         username="client", password="client")
 
-    async def prepare_users_and_roles(self):
-        await self.unauthenticated_client.user_add(username="root", password="root")
-        await self.unauthenticated_client.role_add(name='root')
-        await self.unauthenticated_client.user_grant_role(username='root', role='root')
-
-        await self.unauthenticated_client.user_add(username='client', password='client')
-        await self.unauthenticated_client.role_add(name='client')
-        await self.unauthenticated_client.user_grant_role(username='client', role='client')
-        await self.unauthenticated_client.auth_enable()
-
     async def create_kv_for_test(self):
         await self.root_client.put('/foo', '/foo')
         value, meta = await self.root_client.get('/foo')
@@ -306,28 +270,10 @@ async def test_wrong_token(self):
         with self.assertRaises(Unauthenticated) as exc:
             await new_client.get("/foo")
 
-    async def delete_all_users(self):
-        # It's necessary to use unauthenticated client here, because root user
-        # cannot be deleted when the auth is enabled
-        users = await self.unauthenticated_client.user_list()
-
-        for u in users:
-            await self.unauthenticated_client.user_delete(username=u)
-
-    async def delete_all_roles(self):
-        # It's necessary to use unauthenticated client here, because root user
-        # cannot be deleted when the auth is enabled
-        roles = await self.unauthenticated_client.role_list()
-
-        for r in roles:
-            await self.unauthenticated_client.role_delete(name=r)
-
     async def cleanUp(self):
         await self.unauthenticated_client.delete(range_all())
-        await self.delete_all_users()
-        await self.delete_all_roles()
 
     @asynctest
     async def tearDown(self):
-        await self.root_client.auth_disable()
+        await switch_auth_off(self.root_client, self.unauthenticated_client)
         await self.cleanUp()
diff --git a/test/test_lease.py b/test/test_lease.py
@@ -3,7 +3,9 @@
 import functools
 
 from aioetcd3.client import client
-from aioetcd3.help import range_all
+from aioetcd3.help import range_all, range_prefix, PER_RW
+
+from .utils import switch_auth_on, switch_auth_off
 
 
 def asynctest(f):
@@ -17,13 +19,12 @@ def _f(self):
 class LeaseTest(unittest.TestCase):
     @asynctest
     async def setUp(self):
-        endpoints = "127.0.0.1:2379"
-        self.client = client(endpoint=endpoints)
+        self.endpoints = "127.0.0.1:2379"
+        self.client = client(endpoint=self.endpoints)
 
         await self.cleanUp()
 
-    @asynctest
-    async def test_lease_1(self):
+    async def _lease_1(self):
         lease = await self.client.grant_lease(ttl=5)
         self.assertEqual(lease.ttl, 5)
 
@@ -42,7 +43,10 @@ async def test_lease_1(self):
         self.assertEqual(len(keys), 0)
 
     @asynctest
-    async def test_lease_2(self):
+    async def test_lease_1(self):
+        await self._lease_1()
+
+    async def _lease_2(self):
         lease = await self.client.grant_lease(ttl=5)
         self.assertEqual(lease.ttl, 5)
 
@@ -68,9 +72,11 @@ async def test_lease_2(self):
         self.assertIsNone(lease)
         self.assertEqual(len(keys), 0)
 
-
     @asynctest
-    async def test_lease_3(self):
+    async def test_lease_2(self):
+        await self._lease_2()
+
+    async def _lease_3(self):
         lease = await self.client.grant_lease(ttl=5)
         self.assertEqual(lease.ttl, 5)
 
@@ -85,6 +91,39 @@ async def test_lease_3(self):
         self.assertIsNone(value)
         self.assertIsNone(meta)
 
+    @asynctest
+    async def test_lease_3(self):
+        await self._lease_3()
+
+    async def _run_test_with_auth(self, test):
+        default_client = self.client
+        await switch_auth_on(default_client)
+        root_client = client(endpoint=self.endpoints, username="root", password="root")
+        await root_client.role_grant_permission(name='client', key_range=range_prefix('/testlease'), permission=PER_RW)
+        self.client = client(endpoint=self.endpoints, username="client", password="client")
+        try:
+            await test()
+        finally:
+            await switch_auth_off(
+                root_client,
+                default_client
+            )
+            await root_client.close()
+            await self.client.close()
+            self.client = default_client
+
+    @asynctest
+    async def test_lease_1_with_auth(self):
+        await self._run_test_with_auth(self._lease_1)
+
+    @asynctest
+    async def test_lease_2_with_auth(self):
+        await self._run_test_with_auth(self._lease_2)
+
+    @asynctest
+    async def test_lease_3_with_auth(self):
+        await self._run_test_with_auth(self._lease_3)
+
     @asynctest
     async def tearDown(self):
         await self.cleanUp()
diff --git a/test/test_watch.py b/test/test_watch.py
diff --git a/test/utils.py b/test/utils.py
