Files
milvus-io--milvus/internal/proxy/credential_description_test.go
wehub-resource-sync 498b235461
Build and test / Build and test AMD64 Ubuntu 22.04 (push) Failing after 0s
Publish Builder / amazonlinux2023 (push) Failing after 1s
Build and test / UT for Go (push) Has been skipped
Publish KRTE Images / KRTE (push) Failing after 1s
Build and test / Integration Test (push) Has been skipped
Build and test / Upload Code Coverage (push) Has been skipped
Publish Builder / rockylinux9 (push) Failing after 1s
Publish Builder / ubuntu22.04 (push) Failing after 0s
Publish Builder / ubuntu24.04 (push) Failing after 0s
Publish Gpu Builder / publish-gpu-builder (push) Failing after 1s
Publish Test Images / PyTest (push) Failing after 0s
Build and test / UT for Cpp (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:31:17 +08:00

266 lines
9.1 KiB
Go

// Licensed to the LF AI & Data foundation under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package proxy
import (
"context"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"github.com/milvus-io/milvus-proto/go-api/v3/commonpb"
"github.com/milvus-io/milvus-proto/go-api/v3/milvuspb"
"github.com/milvus-io/milvus/internal/mocks"
"github.com/milvus-io/milvus/pkg/v3/proto/internalpb"
"github.com/milvus-io/milvus/pkg/v3/util/crypto"
"github.com/milvus-io/milvus/pkg/v3/util/merr"
"github.com/milvus-io/milvus/pkg/v3/util/paramtable"
)
func TestCreateCredentialPassesDescription(t *testing.T) {
paramtable.Init()
description := "created user description"
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.EXPECT().
CreateCredential(mock.Anything, mock.MatchedBy(func(cred *internalpb.CredentialInfo) bool {
return cred.GetUsername() == "desc_user" &&
cred.Description != nil &&
cred.GetDescription() == description &&
cred.GetEncryptedPassword() != "" &&
cred.GetSha256Password() != ""
})).
Return(merr.Success(), nil)
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
status, err := node.CreateCredential(context.Background(), &milvuspb.CreateCredentialRequest{
Username: "desc_user",
Password: crypto.Base64Encode("password"),
Description: &description,
})
require.NoError(t, err)
assert.Equal(t, commonpb.ErrorCode_Success, status.GetErrorCode())
}
func TestCreateCredentialRejectsOverLimitDescription(t *testing.T) {
paramtable.Init()
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.On("CreateCredential", mock.Anything, mock.Anything).Return(merr.Success(), nil).Maybe()
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
description := strings.Repeat("x", 1025)
status, err := node.CreateCredential(context.Background(), &milvuspb.CreateCredentialRequest{
Username: "desc_user",
Password: crypto.Base64Encode("password"),
Description: &description,
})
require.NoError(t, err)
assert.NotEqual(t, commonpb.ErrorCode_Success, status.GetErrorCode())
mixCoord.AssertNotCalled(t, "CreateCredential", mock.Anything, mock.Anything)
}
func TestUpdateCredentialDescriptionOnlySkipsPasswordVerification(t *testing.T) {
paramtable.Init()
description := "updated user description"
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.EXPECT().
UpdateCredential(mock.Anything, mock.MatchedBy(func(cred *internalpb.CredentialInfo) bool {
return cred.GetUsername() == "desc_user" &&
cred.Description != nil &&
cred.GetDescription() == description &&
cred.GetEncryptedPassword() == "" &&
cred.GetSha256Password() == ""
})).
Return(merr.Success(), nil)
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
status, err := node.UpdateCredential(context.Background(), &milvuspb.UpdateCredentialRequest{
Username: "desc_user",
Description: &description,
})
require.NoError(t, err)
assert.Equal(t, commonpb.ErrorCode_Success, status.GetErrorCode())
}
func TestUpdateCredentialClearsDescriptionOnly(t *testing.T) {
paramtable.Init()
description := ""
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.EXPECT().
UpdateCredential(mock.Anything, mock.MatchedBy(func(cred *internalpb.CredentialInfo) bool {
return cred.GetUsername() == "desc_user" &&
cred.Description != nil &&
cred.GetDescription() == description &&
cred.GetEncryptedPassword() == "" &&
cred.GetSha256Password() == ""
})).
Return(merr.Success(), nil)
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
status, err := node.UpdateCredential(context.Background(), &milvuspb.UpdateCredentialRequest{
Username: "desc_user",
Description: &description,
})
require.NoError(t, err)
assert.Equal(t, commonpb.ErrorCode_Success, status.GetErrorCode())
}
func TestUpdateCredentialRejectsEmptyUpdate(t *testing.T) {
paramtable.Init()
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.On("UpdateCredential", mock.Anything, mock.Anything).Return(merr.Success(), nil).Maybe()
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
status, err := node.UpdateCredential(context.Background(), &milvuspb.UpdateCredentialRequest{
Username: "desc_user",
})
require.NoError(t, err)
assert.NotEqual(t, commonpb.ErrorCode_Success, status.GetErrorCode())
assert.Contains(t, status.GetReason(), "must update either password or description")
mixCoord.AssertNotCalled(t, "UpdateCredential", mock.Anything, mock.Anything)
}
func TestUpdateCredentialPasswordAndDescription(t *testing.T) {
paramtable.Init()
require.NoError(t, paramtable.Get().Save(Params.CommonCfg.SuperUsers.Key, "root"))
defer paramtable.Get().Reset(Params.CommonCfg.SuperUsers.Key)
description := "updated user description"
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.EXPECT().
UpdateCredential(mock.Anything, mock.MatchedBy(func(cred *internalpb.CredentialInfo) bool {
return cred.GetUsername() == "desc_user" &&
cred.Description != nil &&
cred.GetDescription() == description &&
cred.GetEncryptedPassword() != "" &&
cred.GetSha256Password() == crypto.SHA256("new_password", "desc_user")
})).
Return(merr.Success(), nil)
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
status, err := node.UpdateCredential(GetContext(context.Background(), "root:password"), &milvuspb.UpdateCredentialRequest{
Username: "desc_user",
OldPassword: crypto.Base64Encode("old_password"),
NewPassword: crypto.Base64Encode("new_password"),
Description: &description,
})
require.NoError(t, err)
assert.Equal(t, commonpb.ErrorCode_Success, status.GetErrorCode())
}
func TestUpdateCredentialRejectsOverLimitDescription(t *testing.T) {
paramtable.Init()
require.NoError(t, paramtable.Get().Save(Params.CommonCfg.SuperUsers.Key, "root"))
defer paramtable.Get().Reset(Params.CommonCfg.SuperUsers.Key)
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.On("UpdateCredential", mock.Anything, mock.Anything).Return(merr.Success(), nil).Maybe()
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
description := strings.Repeat("x", 1025)
status, err := node.UpdateCredential(GetContext(context.Background(), "root:password"), &milvuspb.UpdateCredentialRequest{
Username: "desc_user",
OldPassword: crypto.Base64Encode("old_password"),
NewPassword: crypto.Base64Encode("new_password"),
Description: &description,
})
require.NoError(t, err)
assert.NotEqual(t, commonpb.ErrorCode_Success, status.GetErrorCode())
mixCoord.AssertNotCalled(t, "UpdateCredential", mock.Anything, mock.Anything)
}
func TestUpdateCredentialPasswordValidationErrors(t *testing.T) {
paramtable.Init()
tests := []struct {
name string
oldPassword string
newPassword string
reason string
}{
{
name: "invalid old password base64",
oldPassword: "not-base64!!",
newPassword: crypto.Base64Encode("new_password"),
reason: "decode old password failed",
},
{
name: "invalid new password base64",
oldPassword: crypto.Base64Encode("old_password"),
newPassword: "not-base64!!",
reason: "decode password failed",
},
{
name: "invalid new password length",
oldPassword: crypto.Base64Encode("old_password"),
newPassword: crypto.Base64Encode("short"),
reason: "invalid password length",
},
{
name: "old password verification failed",
oldPassword: crypto.Base64Encode("old_password"),
newPassword: crypto.Base64Encode("new_password"),
reason: "old password not correct",
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
mixCoord := mocks.NewMockMixCoordClient(t)
mixCoord.On("UpdateCredential", mock.Anything, mock.Anything).Return(merr.Success(), nil).Maybe()
node := &Proxy{mixCoord: mixCoord}
node.UpdateStateCode(commonpb.StateCode_Healthy)
status, err := node.UpdateCredential(context.Background(), &milvuspb.UpdateCredentialRequest{
Username: "desc_user",
OldPassword: test.oldPassword,
NewPassword: test.newPassword,
})
require.NoError(t, err)
assert.NotEqual(t, commonpb.ErrorCode_Success, status.GetErrorCode())
assert.Contains(t, status.GetReason(), test.reason)
mixCoord.AssertNotCalled(t, "UpdateCredential", mock.Anything, mock.Anything)
})
}
}