From fbb0330d39eabe2b4b338ab82d71476cb767cced Mon Sep 17 00:00:00 2001
From: Gyuho Lee <gyuhox@gmail.com>
Date: Thu, 24 May 2018 11:07:37 -0700
Subject: [PATCH] integration: test lease revoke routine with JWT token

https://github.com/coreos/etcd/pull/9698 wasn't really testing
the panic code path when leases are expiry.

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
---
 integration/cluster.go      | 14 +++++++++++++-
 integration/v3_auth_test.go | 16 +++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/integration/cluster.go b/integration/cluster.go
index 9944dc8bbfd3..a1840f73409a 100644
--- a/integration/cluster.go
+++ b/integration/cluster.go
@@ -107,6 +107,8 @@ var (
 		ClientCertAuth: true,
 	}
 
+	defaultTokenJWT = "jwt,pub-key=./fixtures/server.crt,priv-key=./fixtures/server.key.insecure,sign-method=RS256,ttl=1s"
+
 	lg = zap.NewNop()
 )
 
@@ -123,6 +125,8 @@ type ClusterConfig struct {
 
 	DiscoveryURL string
 
+	AuthToken string
+
 	UseGRPC bool
 
 	QuotaBackendBytes int64
@@ -272,6 +276,7 @@ func (c *cluster) mustNewMember(t *testing.T) *member {
 	m := mustNewMember(t,
 		memberConfig{
 			name:                     c.name(rand.Int()),
+			authToken:                c.cfg.AuthToken,
 			peerTLS:                  c.cfg.PeerTLS,
 			clientTLS:                c.cfg.ClientTLS,
 			quotaBackendBytes:        c.cfg.QuotaBackendBytes,
@@ -557,6 +562,7 @@ type memberConfig struct {
 	name                     string
 	peerTLS                  *transport.TLSInfo
 	clientTLS                *transport.TLSInfo
+	authToken                string
 	quotaBackendBytes        int64
 	maxTxnOps                uint
 	maxRequestBytes          uint
@@ -632,7 +638,13 @@ func mustNewMember(t *testing.T, mcfg memberConfig) *member {
 	if mcfg.snapshotCatchUpEntries != 0 {
 		m.SnapshotCatchUpEntries = mcfg.snapshotCatchUpEntries
 	}
-	m.AuthToken = "simple"              // for the purpose of integration testing, simple token is enough
+
+	// for the purpose of integration testing, simple token is enough
+	m.AuthToken = "simple"
+	if mcfg.authToken != "" {
+		m.AuthToken = mcfg.authToken
+	}
+
 	m.BcryptCost = uint(bcrypt.MinCost) // use min bcrypt cost to speedy up integration testing
 
 	m.grpcServerOpts = []grpc.ServerOption{}
diff --git a/integration/v3_auth_test.go b/integration/v3_auth_test.go
index 97017a07fae0..39646f728a27 100644
--- a/integration/v3_auth_test.go
+++ b/integration/v3_auth_test.go
@@ -109,9 +109,23 @@ func TestV3AuthRevision(t *testing.T) {
 // TestV3AuthWithLeaseRevokeWithRoot ensures that granted leases
 // with root user be revoked after TTL.
 func TestV3AuthWithLeaseRevokeWithRoot(t *testing.T) {
+	testV3AuthWithLeaseRevokeWithRoot(t, false)
+}
+
+// TestV3AuthWithLeaseRevokeWithRootJWT creates a lease with a JWT-token enabled cluster.
+// And tests if server is able to revoke expiry lease item.
+func TestV3AuthWithLeaseRevokeWithRootJWT(t *testing.T) {
+	testV3AuthWithLeaseRevokeWithRoot(t, true)
+}
+
+func testV3AuthWithLeaseRevokeWithRoot(t *testing.T, jwt bool) {
 	defer testutil.AfterTest(t)
 
-	clus := NewClusterV3(t, &ClusterConfig{Size: 1})
+	ccfg := &ClusterConfig{Size: 1}
+	if jwt {
+		ccfg.AuthToken = defaultTokenJWT
+	}
+	clus := NewClusterV3(t, ccfg)
 	defer clus.Terminate(t)
 
 	api := toGRPC(clus.Client(0))