milvus/internal/proxy/authentication_interceptor_test.go

package proxy

import (
	"context"
	"testing"

	"google.golang.org/grpc/metadata"

	"github.com/milvus-io/milvus/internal/util"

	"github.com/milvus-io/milvus/internal/util/crypto"
	"github.com/stretchr/testify/assert"
)

// validAuth validates the authentication
func TestValidAuth(t *testing.T) {
	ctx := context.Background()
	// no metadata
	res := validAuth(ctx, nil)
	assert.False(t, res)
	// illegal metadata
	res = validAuth(ctx, []string{"xxx"})
	assert.False(t, res)
	// normal metadata
	rootCoord := &MockRootCoordClientInterface{}
	queryCoord := &MockQueryCoordClientInterface{}
	mgr := newShardClientMgr()
	err := InitMetaCache(ctx, rootCoord, queryCoord, mgr)
	assert.Nil(t, err)
	res = validAuth(ctx, []string{crypto.Base64Encode("mockUser:mockPass")})
	assert.True(t, res)
}

func TestValidSourceID(t *testing.T) {
	ctx := context.Background()
	// no metadata
	res := validSourceID(ctx, nil)
	assert.False(t, res)
	// illegal metadata
	res = validSourceID(ctx, []string{"invalid_sourceid"})
	assert.False(t, res)
	// normal sourceId
	res = validSourceID(ctx, []string{crypto.Base64Encode(util.MemberCredID)})
	assert.True(t, res)
}

func TestAuthenticationInterceptor(t *testing.T) {
	ctx := context.Background()
	Params.CommonCfg.AuthorizationEnabled = true // mock authorization is turned on
	// no metadata
	_, err := AuthenticationInterceptor(ctx)
	assert.NotNil(t, err)
	// mock metacache
	rootCoord := &MockRootCoordClientInterface{}
	queryCoord := &MockQueryCoordClientInterface{}
	mgr := newShardClientMgr()
	err = InitMetaCache(ctx, rootCoord, queryCoord, mgr)
	assert.Nil(t, err)
	// with invalid metadata
	md := metadata.Pairs("xxx", "yyy")
	ctx = metadata.NewIncomingContext(ctx, md)
	_, err = AuthenticationInterceptor(ctx)
	assert.NotNil(t, err)
	// with valid username/password
	md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockUser:mockPass"))
	ctx = metadata.NewIncomingContext(ctx, md)
	_, err = AuthenticationInterceptor(ctx)
	assert.Nil(t, err)
	// with valid sourceId
	md = metadata.Pairs("sourceid", crypto.Base64Encode(util.MemberCredID))
	ctx = metadata.NewIncomingContext(ctx, md)
	_, err = AuthenticationInterceptor(ctx)
	assert.Nil(t, err)
}
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`package proxy`

			`import (`
			`"context"`
			`"testing"`

			`"google.golang.org/grpc/metadata"`

			`"github.com/milvus-io/milvus/internal/util"`

			`"github.com/milvus-io/milvus/internal/util/crypto"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`// validAuth validates the authentication`
			`func TestValidAuth(t *testing.T) {`
			`ctx := context.Background()`
			`// no metadata`
			`res := validAuth(ctx, nil)`
			`assert.False(t, res)`
			`// illegal metadata`
			`res = validAuth(ctx, []string{"xxx"})`
			`assert.False(t, res)`
			`// normal metadata`
Add collection load cache and InvalidateCollMetaCache by collID (#16882) Signed-off-by: bigsheeper <yihao.dai@zilliz.com> 2022-05-19 10:13:56 +08:00			`rootCoord := &MockRootCoordClientInterface{}`
			`queryCoord := &MockQueryCoordClientInterface{}`
Add cache of grpc client of ShardLeader in proxy (#17301) Signed-off-by: zhenshan.cao <zhenshan.cao@zilliz.com> 2022-06-02 12:16:03 +08:00			`mgr := newShardClientMgr()`
Support Role-Based Access Control (#18425) Signed-off-by: SimFG <bang.fu@zilliz.com> 2022-08-04 11:04:34 +08:00			`err := InitMetaCache(ctx, rootCoord, queryCoord, mgr)`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`assert.Nil(t, err)`
			`res = validAuth(ctx, []string{crypto.Base64Encode("mockUser:mockPass")})`
			`assert.True(t, res)`
			`}`

			`func TestValidSourceID(t *testing.T) {`
			`ctx := context.Background()`
			`// no metadata`
			`res := validSourceID(ctx, nil)`
			`assert.False(t, res)`
			`// illegal metadata`
			`res = validSourceID(ctx, []string{"invalid_sourceid"})`
			`assert.False(t, res)`
			`// normal sourceId`
			`res = validSourceID(ctx, []string{crypto.Base64Encode(util.MemberCredID)})`
			`assert.True(t, res)`
			`}`

			`func TestAuthenticationInterceptor(t *testing.T) {`
			`ctx := context.Background()`
fix #16504 (#16523) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-19 16:35:39 +08:00			`Params.CommonCfg.AuthorizationEnabled = true // mock authorization is turned on`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`// no metadata`
			`_, err := AuthenticationInterceptor(ctx)`
			`assert.NotNil(t, err)`
			`// mock metacache`
Add collection load cache and InvalidateCollMetaCache by collID (#16882) Signed-off-by: bigsheeper <yihao.dai@zilliz.com> 2022-05-19 10:13:56 +08:00			`rootCoord := &MockRootCoordClientInterface{}`
			`queryCoord := &MockQueryCoordClientInterface{}`
Add cache of grpc client of ShardLeader in proxy (#17301) Signed-off-by: zhenshan.cao <zhenshan.cao@zilliz.com> 2022-06-02 12:16:03 +08:00			`mgr := newShardClientMgr()`
Support Role-Based Access Control (#18425) Signed-off-by: SimFG <bang.fu@zilliz.com> 2022-08-04 11:04:34 +08:00			`err = InitMetaCache(ctx, rootCoord, queryCoord, mgr)`
Support login with username and password (#15656) (#16341) Signed-off-by: kejiang <ke.jiang@zilliz.com> Co-authored-by: kejiang <ke.jiang@zilliz.com> 2022-04-11 19:49:34 +08:00			`assert.Nil(t, err)`
			`// with invalid metadata`
			`md := metadata.Pairs("xxx", "yyy")`
			`ctx = metadata.NewIncomingContext(ctx, md)`
			`_, err = AuthenticationInterceptor(ctx)`
			`assert.NotNil(t, err)`
			`// with valid username/password`
			`md = metadata.Pairs(util.HeaderAuthorize, crypto.Base64Encode("mockUser:mockPass"))`
			`ctx = metadata.NewIncomingContext(ctx, md)`
			`_, err = AuthenticationInterceptor(ctx)`
			`assert.Nil(t, err)`
			`// with valid sourceId`
			`md = metadata.Pairs("sourceid", crypto.Base64Encode(util.MemberCredID))`
			`ctx = metadata.NewIncomingContext(ctx, md)`
			`_, err = AuthenticationInterceptor(ctx)`
			`assert.Nil(t, err)`
			`}`