auth: fix panic using WithRoot and improve JWT coverage

[hexfusion]

ref: #9695

[hexfusion]

@gyuho FYI

https://jenkins-etcd-public.prod.coreos.systems/job/etcd-ci-ppc64/4075/console
fatal: write error: No space left on device

[gyuho]

@hexfusion

@mkumatag Can you clean up the disk :)

[hexfusion]

@gyuho PTAL, thanks.

[gyuho]

@hexfusion Can we add a simple unit test? Thanks!

[codecov-io]

Codecov Report

Merging #9698 into master will increase coverage by 0.26%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #9698      +/-   ##
==========================================
+ Coverage   69.49%   69.76%   +0.26%     
==========================================
  Files         375      375              
  Lines       35179    35179              
==========================================
+ Hits        24449    24541      +92     
+ Misses       8981     8887      -94     
- Partials     1749     1751       +2

Impacted Files	Coverage Δ
auth/store.go	73.53% <100%> (+0.26%)	⬆️
clientv3/namespace/watch.go	72.72% <0%> (-6.07%)	⬇️
lease/leasehttp/http.go	58.08% <0%> (-1.48%)	⬇️
etcdserver/cluster_util.go	58.74% <0%> (-0.9%)	⬇️
clientv3/watch.go	95.97% <0%> (-0.48%)	⬇️
clientv3/op.go	73.04% <0%> (-0.44%)	⬇️
rafthttp/stream.go	79.39% <0%> (-0.43%)	⬇️
rafthttp/peer.go	78.77% <0%> (ø)	⬆️
etcdserver/server.go	73.99% <0%> (+0.14%)	⬆️
... and 18 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 346589e...b30a116. Read the comment docs.

[hexfusion]

@hexfusion Can we add a simple unit test? Thanks!

@gyuho yes sir will address

[hexfusion]

@gyuho test added, thanks.

[gyuho]

I took a second look, and this seems wrong. Request with JWT token should also be passing contexts with auth information. See

https://github.com/coreos/etcd/blob/4a4be9275c033505555f75c61890498099a895c6/auth/store.go#L1292-L1309

We just need to check as

if ts, ok := as.tokenProvider.(*tokenSimple); ok && ts != nil { 

Also we need unit tests to cover this line, not on the util function.

[xiang90]

we probably should define "simple" as a const.

[hexfusion]

@xiang90 good idea, done.

[hexfusion]

Updated the check and added some testing. In general, it is very awkward how NewTokenProvider accepts opts as a string, that is fine for simple but not for jwt. I didn't address this here but this should be looked at further. I also removed the util function and tests as they were not necessary.

/cc @gyuho @joelegasse

[joelegasse]

@gyuho The only times those context values are used is by the simple token during assign (token creation). This means that we don't need a type-switch to handle other token types (for now).

[hexfusion]

@gyuho @joelegasse @xiang90 thank you!