milvus/internal/proxy/authentication_interceptor_test.go

package proxy

import (
	"context"
	"testing"

	"github.com/milvus-io/milvus/internal/types"
	"github.com/milvus-io/milvus/internal/util"
	"github.com/milvus-io/milvus/internal/util/crypto"
	"github.com/milvus-io/milvus/internal/util/paramtable"
	"github.com/stretchr/testify/assert"
	"google.golang.org/grpc/metadata"
)

// validAuth validates the authentication
func TestValidAuth(t *testing.T) {
	validAuth := func(ctx context.Context, authorization []string) bool {
		username, password := parseMD(authorization)
		if username == "" || password == "" {
			return false
		}
		return passwordVerify(ctx, username, password, globalMetaCache)
	}

	ctx := context.Background()
	// no metadata
	res := validAuth(ctx, nil)
	assert.False(t, res)
	// illegal metadata
	res = validAuth(ctx, []string{"xxx"})
	assert.False(t, res)
	// normal metadata
	rootCoord := &MockRootCoordClientInterface{}
	queryCoord := &types.MockQueryCoord{}
	mgr := newShardClientMgr()
	err := InitMetaCache(ctx, rootCoord, queryCoord, mgr)
	assert.Nil(t, err)
	res = validAuth(ctx, []string{crypto.Base64Encode("mockUser:mockPass")})
	assert.True(t, res)
}

func TestValidSourceID(t *testing.T) {
	ctx := context.Background()
	// no metadata
	res := validSourceID(ctx, nil)
	assert.False(t, res)
	// illegal metadata
	res = validSourceID(ctx, []string{"invalid_sourceid"})
	assert.False(t, res)
	// normal sourceId
	res = validSourceID(ctx, []string{crypto.Base64Encode(util.MemberCredID)})
	assert.True(t, res)
}

func TestAuthenticationInterceptor(t *testing.T) {
	ctx := context.Background()
	paramtable.Get().Save(Params.CommonCfg.AuthorizationEnabled.Key, "true") // mock authorization is turned on
	defer paramtable.Get().Reset(Params.CommonCfg.AuthorizationEnabled.Key)  // mock authorization is turned on
	// no metadata
	_, err := AuthenticationInterceptor(ctx)
	assert.NotNil(t, err)
	// mock metacache
	rootCoord := &MockRootCoordClientInterface{}
	queryCoord := &types.MockQueryCoord{}
	mgr := newShardClientMgr()
	err = InitMetaCache(ctx, rootCoord, queryCoord, mgr)
	assert.Nil(t, err)
	// with invalid metadata
	md := metadata.Pairs("xxx", "yyy")
	ctx = metadata.NewIncomingContext(ctx, md)
	_, err = AuthenticationInterceptor(ctx)
	assert.NotNil(t, err)
	// with valid username/password
	md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockUser:mockPass"))
	ctx = metadata.NewIncomingContext(ctx, md)
	_, err = AuthenticationInterceptor(ctx)
	assert.Nil(t, err)
	// with valid sourceId
	md = metadata.Pairs("sourceid", crypto.Base64Encode(util.MemberCredID))
	ctx = metadata.NewIncomingContext(ctx, md)
	_, err = AuthenticationInterceptor(ctx)
	assert.Nil(t, err)
}
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`package proxy`

			`import (`
			`"context"`
			`"testing"`

refine mock querycoord (#22198) Signed-off-by: Wei Liu <wei.liu@zilliz.com> 2023-02-16 15:38:34 +08:00			`"github.com/milvus-io/milvus/internal/types"`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`"github.com/milvus-io/milvus/internal/util"`
			`"github.com/milvus-io/milvus/internal/util/crypto"`
Refactor all params into ParamItem (#20987) Signed-off-by: Enwei Jiao <enwei.jiao@zilliz.com> Signed-off-by: Enwei Jiao <enwei.jiao@zilliz.com> 2022-12-07 18:01:19 +08:00			`"github.com/milvus-io/milvus/internal/util/paramtable"`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`"github.com/stretchr/testify/assert"`
Check the collection num when creating the collection (#22946) Signed-off-by: SimFG <bang.fu@zilliz.com> 2023-03-23 16:47:57 +08:00			`"google.golang.org/grpc/metadata"`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`)`

			`// validAuth validates the authentication`
			`func TestValidAuth(t *testing.T) {`
Check the collection num when creating the collection (#22946) Signed-off-by: SimFG <bang.fu@zilliz.com> 2023-03-23 16:47:57 +08:00			`validAuth := func(ctx context.Context, authorization []string) bool {`
			`username, password := parseMD(authorization)`
			`if username == "" \|\| password == "" {`
			`return false`
			`}`
			`return passwordVerify(ctx, username, password, globalMetaCache)`
			`}`

Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`ctx := context.Background()`
			`// no metadata`
			`res := validAuth(ctx, nil)`
			`assert.False(t, res)`
			`// illegal metadata`
			`res = validAuth(ctx, []string{"xxx"})`
			`assert.False(t, res)`
			`// normal metadata`
Add collection load cache and InvalidateCollMetaCache by collID (#16882) Signed-off-by: bigsheeper <yihao.dai@zilliz.com> 2022-05-19 10:13:56 +08:00			`rootCoord := &MockRootCoordClientInterface{}`
refine mock querycoord (#22198) Signed-off-by: Wei Liu <wei.liu@zilliz.com> 2023-02-16 15:38:34 +08:00			`queryCoord := &types.MockQueryCoord{}`
Add cache of grpc client of ShardLeader in proxy (#17301) Signed-off-by: zhenshan.cao <zhenshan.cao@zilliz.com> 2022-06-02 12:16:03 +08:00			`mgr := newShardClientMgr()`
Support Role-Based Access Control (#18425) Signed-off-by: SimFG <bang.fu@zilliz.com> 2022-08-04 11:04:34 +08:00			`err := InitMetaCache(ctx, rootCoord, queryCoord, mgr)`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`assert.Nil(t, err)`
			`res = validAuth(ctx, []string{crypto.Base64Encode("mockUser:mockPass")})`
			`assert.True(t, res)`
			`}`

			`func TestValidSourceID(t *testing.T) {`
			`ctx := context.Background()`
			`// no metadata`
			`res := validSourceID(ctx, nil)`
			`assert.False(t, res)`
			`// illegal metadata`
			`res = validSourceID(ctx, []string{"invalid_sourceid"})`
			`assert.False(t, res)`
			`// normal sourceId`
			`res = validSourceID(ctx, []string{crypto.Base64Encode(util.MemberCredID)})`
			`assert.True(t, res)`
			`}`

			`func TestAuthenticationInterceptor(t *testing.T) {`
			`ctx := context.Background()`
Refactor all params into ParamItem (#20987) Signed-off-by: Enwei Jiao <enwei.jiao@zilliz.com> Signed-off-by: Enwei Jiao <enwei.jiao@zilliz.com> 2022-12-07 18:01:19 +08:00			`paramtable.Get().Save(Params.CommonCfg.AuthorizationEnabled.Key, "true") // mock authorization is turned on`
			`defer paramtable.Get().Reset(Params.CommonCfg.AuthorizationEnabled.Key) // mock authorization is turned on`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`// no metadata`
			`_, err := AuthenticationInterceptor(ctx)`
			`assert.NotNil(t, err)`
			`// mock metacache`
Add collection load cache and InvalidateCollMetaCache by collID (#16882) Signed-off-by: bigsheeper <yihao.dai@zilliz.com> 2022-05-19 10:13:56 +08:00			`rootCoord := &MockRootCoordClientInterface{}`
refine mock querycoord (#22198) Signed-off-by: Wei Liu <wei.liu@zilliz.com> 2023-02-16 15:38:34 +08:00			`queryCoord := &types.MockQueryCoord{}`
Add cache of grpc client of ShardLeader in proxy (#17301) Signed-off-by: zhenshan.cao <zhenshan.cao@zilliz.com> 2022-06-02 12:16:03 +08:00			`mgr := newShardClientMgr()`
Support Role-Based Access Control (#18425) Signed-off-by: SimFG <bang.fu@zilliz.com> 2022-08-04 11:04:34 +08:00			`err = InitMetaCache(ctx, rootCoord, queryCoord, mgr)`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`assert.Nil(t, err)`
			`// with invalid metadata`
			`md := metadata.Pairs("xxx", "yyy")`
			`ctx = metadata.NewIncomingContext(ctx, md)`
			`_, err = AuthenticationInterceptor(ctx)`
			`assert.NotNil(t, err)`
			`// with valid username/password`
			`md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockUser:mockPass"))`
			`ctx = metadata.NewIncomingContext(ctx, md)`
			`_, err = AuthenticationInterceptor(ctx)`
			`assert.Nil(t, err)`
			`// with valid sourceId`
			`md = metadata.Pairs("sourceid", crypto.Base64Encode(util.MemberCredID))`
			`ctx = metadata.NewIncomingContext(ctx, md)`
			`_, err = AuthenticationInterceptor(ctx)`
			`assert.Nil(t, err)`
			`}`