2022-04-11 11:49:34 +00:00
|
|
|
package proxy
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2023-10-17 13:00:11 +00:00
|
|
|
"strings"
|
2022-04-11 11:49:34 +00:00
|
|
|
"testing"
|
|
|
|
|
2023-10-17 13:00:11 +00:00
|
|
|
"github.com/cockroachdb/errors"
|
2022-04-11 11:49:34 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2023-03-23 08:47:57 +00:00
|
|
|
"google.golang.org/grpc/metadata"
|
2023-04-06 11:14:32 +00:00
|
|
|
|
2023-07-14 02:12:31 +00:00
|
|
|
"github.com/milvus-io/milvus/internal/mocks"
|
2023-04-06 11:14:32 +00:00
|
|
|
"github.com/milvus-io/milvus/pkg/util"
|
|
|
|
"github.com/milvus-io/milvus/pkg/util/crypto"
|
|
|
|
"github.com/milvus-io/milvus/pkg/util/paramtable"
|
2022-04-11 11:49:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// validAuth validates the authentication
|
|
|
|
func TestValidAuth(t *testing.T) {
|
2023-03-23 08:47:57 +00:00
|
|
|
validAuth := func(ctx context.Context, authorization []string) bool {
|
2023-10-17 13:00:11 +00:00
|
|
|
if len(authorization) < 1 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
token := authorization[0]
|
|
|
|
rawToken, _ := crypto.Base64Decode(token)
|
|
|
|
username, password := parseMD(rawToken)
|
2023-03-23 08:47:57 +00:00
|
|
|
if username == "" || password == "" {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return passwordVerify(ctx, username, password, globalMetaCache)
|
|
|
|
}
|
|
|
|
|
2022-04-11 11:49:34 +00:00
|
|
|
ctx := context.Background()
|
|
|
|
// no metadata
|
|
|
|
res := validAuth(ctx, nil)
|
|
|
|
assert.False(t, res)
|
|
|
|
// illegal metadata
|
|
|
|
res = validAuth(ctx, []string{"xxx"})
|
|
|
|
assert.False(t, res)
|
|
|
|
// normal metadata
|
2022-05-19 02:13:56 +00:00
|
|
|
rootCoord := &MockRootCoordClientInterface{}
|
2023-09-26 01:57:25 +00:00
|
|
|
queryCoord := &mocks.MockQueryCoordClient{}
|
2022-06-02 04:16:03 +00:00
|
|
|
mgr := newShardClientMgr()
|
2022-08-04 03:04:34 +00:00
|
|
|
err := InitMetaCache(ctx, rootCoord, queryCoord, mgr)
|
2023-06-08 07:36:36 +00:00
|
|
|
assert.NoError(t, err)
|
2022-04-11 11:49:34 +00:00
|
|
|
res = validAuth(ctx, []string{crypto.Base64Encode("mockUser:mockPass")})
|
|
|
|
assert.True(t, res)
|
2023-05-08 02:28:39 +00:00
|
|
|
|
|
|
|
res = validAuth(ctx, []string{crypto.Base64Encode("mock")})
|
|
|
|
assert.False(t, res)
|
2022-04-11 11:49:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestValidSourceID(t *testing.T) {
|
|
|
|
ctx := context.Background()
|
|
|
|
// no metadata
|
|
|
|
res := validSourceID(ctx, nil)
|
|
|
|
assert.False(t, res)
|
|
|
|
// illegal metadata
|
|
|
|
res = validSourceID(ctx, []string{"invalid_sourceid"})
|
|
|
|
assert.False(t, res)
|
|
|
|
// normal sourceId
|
|
|
|
res = validSourceID(ctx, []string{crypto.Base64Encode(util.MemberCredID)})
|
|
|
|
assert.True(t, res)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthenticationInterceptor(t *testing.T) {
|
|
|
|
ctx := context.Background()
|
2022-12-07 10:01:19 +00:00
|
|
|
paramtable.Get().Save(Params.CommonCfg.AuthorizationEnabled.Key, "true") // mock authorization is turned on
|
|
|
|
defer paramtable.Get().Reset(Params.CommonCfg.AuthorizationEnabled.Key) // mock authorization is turned on
|
2022-04-11 11:49:34 +00:00
|
|
|
// no metadata
|
|
|
|
_, err := AuthenticationInterceptor(ctx)
|
2023-06-08 07:36:36 +00:00
|
|
|
assert.Error(t, err)
|
2022-04-11 11:49:34 +00:00
|
|
|
// mock metacache
|
2022-05-19 02:13:56 +00:00
|
|
|
rootCoord := &MockRootCoordClientInterface{}
|
2023-09-26 01:57:25 +00:00
|
|
|
queryCoord := &mocks.MockQueryCoordClient{}
|
2022-06-02 04:16:03 +00:00
|
|
|
mgr := newShardClientMgr()
|
2022-08-04 03:04:34 +00:00
|
|
|
err = InitMetaCache(ctx, rootCoord, queryCoord, mgr)
|
2023-06-08 07:36:36 +00:00
|
|
|
assert.NoError(t, err)
|
2022-04-11 11:49:34 +00:00
|
|
|
// with invalid metadata
|
|
|
|
md := metadata.Pairs("xxx", "yyy")
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
2023-06-08 07:36:36 +00:00
|
|
|
assert.Error(t, err)
|
2022-04-11 11:49:34 +00:00
|
|
|
// with valid username/password
|
|
|
|
md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockUser:mockPass"))
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
2023-06-08 07:36:36 +00:00
|
|
|
assert.NoError(t, err)
|
2022-04-11 11:49:34 +00:00
|
|
|
// with valid sourceId
|
|
|
|
md = metadata.Pairs("sourceid", crypto.Base64Encode(util.MemberCredID))
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
2023-06-08 07:36:36 +00:00
|
|
|
assert.NoError(t, err)
|
2023-10-17 13:00:11 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
// wrong authorization style
|
|
|
|
md = metadata.Pairs(util.HeaderAuthorize, "123456")
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
|
|
|
assert.Error(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
// invalid user
|
|
|
|
md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockUser2:mockPass"))
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
|
|
|
assert.Error(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
// default hook
|
|
|
|
md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockapikey"))
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
|
|
|
assert.Error(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
// verify apikey error
|
2023-10-18 08:36:12 +00:00
|
|
|
SetMockAPIHook("", errors.New("err"))
|
2023-10-17 13:00:11 +00:00
|
|
|
md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockapikey"))
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
_, err = AuthenticationInterceptor(ctx)
|
|
|
|
assert.Error(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
2023-10-18 08:36:12 +00:00
|
|
|
SetMockAPIHook("mockUser", nil)
|
2023-10-17 13:00:11 +00:00
|
|
|
md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockapikey"))
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, md)
|
|
|
|
authCtx, err := AuthenticationInterceptor(ctx)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
md, ok := metadata.FromIncomingContext(authCtx)
|
|
|
|
assert.True(t, ok)
|
|
|
|
authStrArr := md[strings.ToLower(util.HeaderAuthorize)]
|
|
|
|
token := authStrArr[0]
|
|
|
|
rawToken, err := crypto.Base64Decode(token)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
user, _ := parseMD(rawToken)
|
|
|
|
assert.Equal(t, "mockUser", user)
|
|
|
|
}
|
2023-10-18 08:36:12 +00:00
|
|
|
hoo = defaultHook{}
|
2022-04-11 11:49:34 +00:00
|
|
|
}
|