2016-05-13 06:49:40 +03:00
|
|
|
// Copyright 2015 The etcd Authors
|
2015-08-08 15:58:29 +03:00
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
package etcdserver
|
|
|
|
|
|
|
|
|
|
import (
|
2016-06-09 03:11:26 +03:00
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2016-01-20 08:09:09 +03:00
|
|
|
"time"
|
2015-08-14 21:45:31 +03:00
|
|
|
|
2015-08-08 15:58:29 +03:00
|
|
|
pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
|
2016-01-05 21:16:50 +03:00
|
|
|
"github.com/coreos/etcd/lease"
|
2016-01-25 01:09:54 +03:00
|
|
|
"github.com/coreos/etcd/lease/leasehttp"
|
2016-04-25 22:32:58 +03:00
|
|
|
"github.com/coreos/etcd/mvcc"
|
2016-03-23 03:10:28 +03:00
|
|
|
"golang.org/x/net/context"
|
2016-05-17 09:20:50 +03:00
|
|
|
"google.golang.org/grpc/metadata"
|
2015-08-08 15:58:29 +03:00
|
|
|
)
|
|
|
|
|
|
2016-02-08 23:44:25 +03:00
|
|
|
const (
|
|
|
|
|
// the max request size that raft accepts.
|
|
|
|
|
// TODO: make this a flag? But we probably do not want to
|
|
|
|
|
// accept large request which might block raft stream. User
|
|
|
|
|
// specify a large value might end up with shooting in the foot.
|
|
|
|
|
maxRequestBytes = 1.5 * 1024 * 1024
|
2016-04-28 07:36:01 +03:00
|
|
|
|
|
|
|
|
// max timeout for waiting a v3 request to go through raft.
|
|
|
|
|
maxV3RequestTimeout = 5 * time.Second
|
2016-02-08 23:44:25 +03:00
|
|
|
)
|
|
|
|
|
|
2015-11-04 22:23:33 +03:00
|
|
|
type RaftKV interface {
|
|
|
|
|
Range(ctx context.Context, r *pb.RangeRequest) (*pb.RangeResponse, error)
|
|
|
|
|
Put(ctx context.Context, r *pb.PutRequest) (*pb.PutResponse, error)
|
|
|
|
|
DeleteRange(ctx context.Context, r *pb.DeleteRangeRequest) (*pb.DeleteRangeResponse, error)
|
|
|
|
|
Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse, error)
|
|
|
|
|
Compact(ctx context.Context, r *pb.CompactionRequest) (*pb.CompactionResponse, error)
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-06 00:49:25 +03:00
|
|
|
type Lessor interface {
|
2016-04-07 20:27:36 +03:00
|
|
|
// LeaseGrant sends LeaseGrant request to raft and apply it after committed.
|
|
|
|
|
LeaseGrant(ctx context.Context, r *pb.LeaseGrantRequest) (*pb.LeaseGrantResponse, error)
|
2016-01-10 00:26:45 +03:00
|
|
|
// LeaseRevoke sends LeaseRevoke request to raft and apply it after committed.
|
2016-01-06 00:49:25 +03:00
|
|
|
LeaseRevoke(ctx context.Context, r *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error)
|
2016-01-10 00:26:45 +03:00
|
|
|
|
|
|
|
|
// LeaseRenew renews the lease with given ID. The renewed TTL is returned. Or an error
|
|
|
|
|
// is returned.
|
|
|
|
|
LeaseRenew(id lease.LeaseID) (int64, error)
|
2016-01-06 00:49:25 +03:00
|
|
|
}
|
|
|
|
|
|
2016-03-02 08:56:42 +03:00
|
|
|
type Authenticator interface {
|
|
|
|
|
AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (*pb.AuthEnableResponse, error)
|
2016-05-07 21:24:43 +03:00
|
|
|
AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error)
|
2016-04-13 07:44:53 +03:00
|
|
|
Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error)
|
2016-03-29 08:32:19 +03:00
|
|
|
UserAdd(ctx context.Context, r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error)
|
2016-03-31 05:29:47 +03:00
|
|
|
UserDelete(ctx context.Context, r *pb.AuthUserDeleteRequest) (*pb.AuthUserDeleteResponse, error)
|
2016-03-31 08:31:07 +03:00
|
|
|
UserChangePassword(ctx context.Context, r *pb.AuthUserChangePasswordRequest) (*pb.AuthUserChangePasswordResponse, error)
|
2016-06-07 06:17:28 +03:00
|
|
|
UserGrantRole(ctx context.Context, r *pb.AuthUserGrantRoleRequest) (*pb.AuthUserGrantRoleResponse, error)
|
2016-05-30 11:21:11 +03:00
|
|
|
UserGet(ctx context.Context, r *pb.AuthUserGetRequest) (*pb.AuthUserGetResponse, error)
|
2016-06-05 10:57:23 +03:00
|
|
|
UserRevokeRole(ctx context.Context, r *pb.AuthUserRevokeRoleRequest) (*pb.AuthUserRevokeRoleResponse, error)
|
2016-04-01 05:07:43 +03:00
|
|
|
RoleAdd(ctx context.Context, r *pb.AuthRoleAddRequest) (*pb.AuthRoleAddResponse, error)
|
2016-06-07 06:17:28 +03:00
|
|
|
RoleGrantPermission(ctx context.Context, r *pb.AuthRoleGrantPermissionRequest) (*pb.AuthRoleGrantPermissionResponse, error)
|
2016-06-02 17:25:15 +03:00
|
|
|
RoleGet(ctx context.Context, r *pb.AuthRoleGetRequest) (*pb.AuthRoleGetResponse, error)
|
2016-06-05 10:57:23 +03:00
|
|
|
RoleRevokePermission(ctx context.Context, r *pb.AuthRoleRevokePermissionRequest) (*pb.AuthRoleRevokePermissionResponse, error)
|
2016-06-03 11:33:05 +03:00
|
|
|
RoleDelete(ctx context.Context, r *pb.AuthRoleDeleteRequest) (*pb.AuthRoleDeleteResponse, error)
|
2016-06-15 09:11:27 +03:00
|
|
|
UserList(ctx context.Context, r *pb.AuthUserListRequest) (*pb.AuthUserListResponse, error)
|
|
|
|
|
RoleList(ctx context.Context, r *pb.AuthRoleListRequest) (*pb.AuthRoleListResponse, error)
|
2016-03-02 08:56:42 +03:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 22:23:33 +03:00
|
|
|
func (s *EtcdServer) Range(ctx context.Context, r *pb.RangeRequest) (*pb.RangeResponse, error) {
|
2016-06-15 08:45:09 +03:00
|
|
|
var result *applyResult
|
|
|
|
|
var err error
|
|
|
|
|
|
2016-02-12 23:04:06 +03:00
|
|
|
if r.Serializable {
|
2016-06-10 20:53:40 +03:00
|
|
|
user, err := s.usernameFromCtx(ctx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-06-15 08:45:09 +03:00
|
|
|
result = s.applyV3.Apply(
|
|
|
|
|
&pb.InternalRaftRequest{
|
|
|
|
|
Header: &pb.RequestHeader{Username: user},
|
|
|
|
|
Range: r})
|
|
|
|
|
} else {
|
|
|
|
|
result, err = s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Range: r})
|
2016-02-12 23:04:06 +03:00
|
|
|
}
|
2015-11-04 22:23:33 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.RangeResponse), nil
|
2015-11-04 22:23:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *EtcdServer) Put(ctx context.Context, r *pb.PutRequest) (*pb.PutResponse, error) {
|
2015-11-10 00:37:15 +03:00
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Put: r})
|
2015-11-04 22:23:33 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.PutResponse), nil
|
2015-11-04 22:23:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *EtcdServer) DeleteRange(ctx context.Context, r *pb.DeleteRangeRequest) (*pb.DeleteRangeResponse, error) {
|
2015-11-10 00:37:15 +03:00
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{DeleteRange: r})
|
2015-11-04 22:23:33 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.DeleteRangeResponse), nil
|
2015-11-04 22:23:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *EtcdServer) Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse, error) {
|
2016-04-04 14:21:42 +03:00
|
|
|
if isTxnSerializable(r) {
|
|
|
|
|
return s.applyV3.Txn(r)
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-10 00:37:15 +03:00
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Txn: r})
|
2015-11-04 22:23:33 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.TxnResponse), nil
|
2015-11-04 22:23:33 +03:00
|
|
|
}
|
|
|
|
|
|
2016-04-04 14:21:42 +03:00
|
|
|
func isTxnSerializable(r *pb.TxnRequest) bool {
|
|
|
|
|
for _, u := range r.Success {
|
|
|
|
|
if r := u.GetRequestRange(); r == nil || !r.Serializable {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for _, u := range r.Failure {
|
|
|
|
|
if r := u.GetRequestRange(); r == nil || !r.Serializable {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 22:23:33 +03:00
|
|
|
func (s *EtcdServer) Compact(ctx context.Context, r *pb.CompactionRequest) (*pb.CompactionResponse, error) {
|
2015-11-10 00:37:15 +03:00
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Compaction: r})
|
2016-05-07 01:26:05 +03:00
|
|
|
if r.Physical && result != nil && result.physc != nil {
|
2016-03-29 02:07:56 +03:00
|
|
|
<-result.physc
|
2016-03-31 10:03:34 +03:00
|
|
|
// The compaction is done deleting keys; the hash is now settled
|
|
|
|
|
// but the data is not necessarily committed. If there's a crash,
|
|
|
|
|
// the hash may revert to a hash prior to compaction completing
|
|
|
|
|
// if the compaction resumes. Force the finished compaction to
|
|
|
|
|
// commit so it won't resume following a crash.
|
|
|
|
|
s.be.ForceCommit()
|
2016-03-29 02:07:56 +03:00
|
|
|
}
|
2016-03-30 23:58:10 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
2016-02-12 23:25:26 +03:00
|
|
|
resp := result.resp.(*pb.CompactionResponse)
|
|
|
|
|
if resp == nil {
|
|
|
|
|
resp = &pb.CompactionResponse{}
|
|
|
|
|
}
|
|
|
|
|
if resp.Header == nil {
|
|
|
|
|
resp.Header = &pb.ResponseHeader{}
|
|
|
|
|
}
|
|
|
|
|
resp.Header.Revision = s.kv.Rev()
|
2016-05-24 05:10:01 +03:00
|
|
|
return resp, nil
|
2015-08-08 20:14:42 +03:00
|
|
|
}
|
|
|
|
|
|
2016-04-07 20:27:36 +03:00
|
|
|
func (s *EtcdServer) LeaseGrant(ctx context.Context, r *pb.LeaseGrantRequest) (*pb.LeaseGrantResponse, error) {
|
2016-01-20 08:09:09 +03:00
|
|
|
// no id given? choose one
|
|
|
|
|
for r.ID == int64(lease.NoLease) {
|
|
|
|
|
// only use positive int64 id's
|
|
|
|
|
r.ID = int64(s.reqIDGen.Next() & ((1 << 63) - 1))
|
|
|
|
|
}
|
2016-04-07 20:27:36 +03:00
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{LeaseGrant: r})
|
2016-01-06 00:49:25 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.LeaseGrantResponse), nil
|
2016-01-06 00:49:25 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *EtcdServer) LeaseRevoke(ctx context.Context, r *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{LeaseRevoke: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.LeaseRevokeResponse), nil
|
2016-01-06 00:49:25 +03:00
|
|
|
}
|
|
|
|
|
|
2016-01-10 00:26:45 +03:00
|
|
|
func (s *EtcdServer) LeaseRenew(id lease.LeaseID) (int64, error) {
|
2016-01-20 08:09:09 +03:00
|
|
|
ttl, err := s.lessor.Renew(id)
|
|
|
|
|
if err == nil {
|
|
|
|
|
return ttl, nil
|
|
|
|
|
}
|
|
|
|
|
if err != lease.ErrNotPrimary {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// renewals don't go through raft; forward to leader manually
|
|
|
|
|
leader := s.cluster.Member(s.Leader())
|
|
|
|
|
for i := 0; i < 5 && leader == nil; i++ {
|
|
|
|
|
// wait an election
|
2016-05-12 22:34:03 +03:00
|
|
|
dur := time.Duration(s.Cfg.ElectionTicks) * time.Duration(s.Cfg.TickMs) * time.Millisecond
|
2016-01-20 08:09:09 +03:00
|
|
|
select {
|
|
|
|
|
case <-time.After(dur):
|
|
|
|
|
leader = s.cluster.Member(s.Leader())
|
|
|
|
|
case <-s.done:
|
|
|
|
|
return -1, ErrStopped
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if leader == nil || len(leader.PeerURLs) == 0 {
|
|
|
|
|
return -1, ErrNoLeader
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, url := range leader.PeerURLs {
|
|
|
|
|
lurl := url + "/leases"
|
2016-05-12 22:34:03 +03:00
|
|
|
ttl, err = leasehttp.RenewHTTP(id, lurl, s.peerRt, s.Cfg.peerDialTimeout())
|
2016-01-20 08:09:09 +03:00
|
|
|
if err == nil {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ttl, err
|
2016-01-10 00:26:45 +03:00
|
|
|
}
|
|
|
|
|
|
2016-03-24 03:20:52 +03:00
|
|
|
func (s *EtcdServer) Alarm(ctx context.Context, r *pb.AlarmRequest) (*pb.AlarmResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Alarm: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AlarmResponse), nil
|
2016-03-24 03:20:52 +03:00
|
|
|
}
|
|
|
|
|
|
2016-03-02 08:56:42 +03:00
|
|
|
func (s *EtcdServer) AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (*pb.AuthEnableResponse, error) {
|
2016-03-08 11:31:48 +03:00
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthEnable: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthEnableResponse), nil
|
2016-03-02 08:56:42 +03:00
|
|
|
}
|
|
|
|
|
|
2016-05-07 21:24:43 +03:00
|
|
|
func (s *EtcdServer) AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthDisable: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthDisableResponse), nil
|
2016-05-07 21:24:43 +03:00
|
|
|
}
|
|
|
|
|
|
2016-04-13 07:44:53 +03:00
|
|
|
func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) {
|
2016-06-09 03:11:26 +03:00
|
|
|
st, err := s.AuthStore().GenSimpleToken()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internalReq := &pb.InternalAuthenticateRequest{
|
|
|
|
|
Name: r.Name,
|
|
|
|
|
Password: r.Password,
|
|
|
|
|
SimpleToken: st,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Authenticate: internalReq})
|
2016-04-13 07:44:53 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthenticateResponse), nil
|
2016-04-13 07:44:53 +03:00
|
|
|
}
|
|
|
|
|
|
2016-03-29 08:32:19 +03:00
|
|
|
func (s *EtcdServer) UserAdd(ctx context.Context, r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserAdd: r})
|
2016-03-23 07:25:48 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthUserAddResponse), nil
|
2016-03-23 07:25:48 +03:00
|
|
|
}
|
|
|
|
|
|
2016-03-31 05:29:47 +03:00
|
|
|
func (s *EtcdServer) UserDelete(ctx context.Context, r *pb.AuthUserDeleteRequest) (*pb.AuthUserDeleteResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserDelete: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthUserDeleteResponse), nil
|
2016-03-31 05:29:47 +03:00
|
|
|
}
|
|
|
|
|
|
2016-03-31 08:31:07 +03:00
|
|
|
func (s *EtcdServer) UserChangePassword(ctx context.Context, r *pb.AuthUserChangePasswordRequest) (*pb.AuthUserChangePasswordResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserChangePassword: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthUserChangePasswordResponse), nil
|
2016-03-31 08:31:07 +03:00
|
|
|
}
|
|
|
|
|
|
2016-06-07 06:17:28 +03:00
|
|
|
func (s *EtcdServer) UserGrantRole(ctx context.Context, r *pb.AuthUserGrantRoleRequest) (*pb.AuthUserGrantRoleResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserGrantRole: r})
|
2016-04-11 08:34:13 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
2016-06-07 06:17:28 +03:00
|
|
|
return result.resp.(*pb.AuthUserGrantRoleResponse), nil
|
2016-04-11 08:34:13 +03:00
|
|
|
}
|
|
|
|
|
|
2016-05-30 11:21:11 +03:00
|
|
|
func (s *EtcdServer) UserGet(ctx context.Context, r *pb.AuthUserGetRequest) (*pb.AuthUserGetResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserGet: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthUserGetResponse), nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-15 09:11:27 +03:00
|
|
|
func (s *EtcdServer) UserList(ctx context.Context, r *pb.AuthUserListRequest) (*pb.AuthUserListResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserList: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthUserListResponse), nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-05 10:57:23 +03:00
|
|
|
func (s *EtcdServer) UserRevokeRole(ctx context.Context, r *pb.AuthUserRevokeRoleRequest) (*pb.AuthUserRevokeRoleResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthUserRevokeRole: r})
|
2016-06-03 10:38:59 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
2016-06-05 10:57:23 +03:00
|
|
|
return result.resp.(*pb.AuthUserRevokeRoleResponse), nil
|
2016-06-03 10:38:59 +03:00
|
|
|
}
|
|
|
|
|
|
2016-04-01 05:07:43 +03:00
|
|
|
func (s *EtcdServer) RoleAdd(ctx context.Context, r *pb.AuthRoleAddRequest) (*pb.AuthRoleAddResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthRoleAdd: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthRoleAddResponse), nil
|
2016-04-01 05:07:43 +03:00
|
|
|
}
|
|
|
|
|
|
2016-06-07 06:17:28 +03:00
|
|
|
func (s *EtcdServer) RoleGrantPermission(ctx context.Context, r *pb.AuthRoleGrantPermissionRequest) (*pb.AuthRoleGrantPermissionResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthRoleGrantPermission: r})
|
2016-04-05 09:42:38 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-05-24 05:10:01 +03:00
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
2016-06-07 06:17:28 +03:00
|
|
|
return result.resp.(*pb.AuthRoleGrantPermissionResponse), nil
|
2016-04-05 09:42:38 +03:00
|
|
|
}
|
|
|
|
|
|
2016-06-02 17:25:15 +03:00
|
|
|
func (s *EtcdServer) RoleGet(ctx context.Context, r *pb.AuthRoleGetRequest) (*pb.AuthRoleGetResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthRoleGet: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthRoleGetResponse), nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-15 09:11:27 +03:00
|
|
|
func (s *EtcdServer) RoleList(ctx context.Context, r *pb.AuthRoleListRequest) (*pb.AuthRoleListResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthRoleList: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthRoleListResponse), nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-05 10:57:23 +03:00
|
|
|
func (s *EtcdServer) RoleRevokePermission(ctx context.Context, r *pb.AuthRoleRevokePermissionRequest) (*pb.AuthRoleRevokePermissionResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthRoleRevokePermission: r})
|
2016-06-03 11:10:08 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
2016-06-05 10:57:23 +03:00
|
|
|
return result.resp.(*pb.AuthRoleRevokePermissionResponse), nil
|
2016-06-03 11:10:08 +03:00
|
|
|
}
|
|
|
|
|
|
2016-06-03 11:33:05 +03:00
|
|
|
func (s *EtcdServer) RoleDelete(ctx context.Context, r *pb.AuthRoleDeleteRequest) (*pb.AuthRoleDeleteResponse, error) {
|
|
|
|
|
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthRoleDelete: r})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if result.err != nil {
|
|
|
|
|
return nil, result.err
|
|
|
|
|
}
|
|
|
|
|
return result.resp.(*pb.AuthRoleDeleteResponse), nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-09 03:11:26 +03:00
|
|
|
func (s *EtcdServer) isValidSimpleToken(token string) bool {
|
|
|
|
|
splitted := strings.Split(token, ".")
|
|
|
|
|
if len(splitted) != 2 {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
index, err := strconv.Atoi(splitted[1])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CAUTION: below index synchronization is required because this node
|
|
|
|
|
// might not receive and apply the log entry of Authenticate() RPC.
|
|
|
|
|
authApplied := false
|
|
|
|
|
for i := 0; i < 10; i++ {
|
|
|
|
|
if uint64(index) <= s.getAppliedIndex() {
|
|
|
|
|
authApplied = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
time.Sleep(100 * time.Millisecond)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !authApplied {
|
|
|
|
|
plog.Errorf("timeout of waiting Authenticate() RPC")
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-17 09:20:50 +03:00
|
|
|
func (s *EtcdServer) usernameFromCtx(ctx context.Context) (string, error) {
|
2016-06-08 07:17:32 +03:00
|
|
|
md, ok := metadata.FromContext(ctx)
|
|
|
|
|
if !ok {
|
|
|
|
|
return "", nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ts, tok := md["token"]
|
|
|
|
|
if !tok {
|
|
|
|
|
return "", nil
|
2016-05-17 09:20:50 +03:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 07:17:32 +03:00
|
|
|
token := ts[0]
|
2016-06-09 03:11:26 +03:00
|
|
|
if !s.isValidSimpleToken(token) {
|
|
|
|
|
return "", ErrInvalidAuthToken
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-08 07:17:32 +03:00
|
|
|
username, uok := s.AuthStore().UsernameFromToken(token)
|
|
|
|
|
if !uok {
|
|
|
|
|
plog.Warningf("invalid auth token: %s", token)
|
|
|
|
|
return "", ErrInvalidAuthToken
|
|
|
|
|
}
|
|
|
|
|
return username, nil
|
2016-05-17 09:20:50 +03:00
|
|
|
}
|
|
|
|
|
|
2015-11-10 00:37:15 +03:00
|
|
|
func (s *EtcdServer) processInternalRaftRequest(ctx context.Context, r pb.InternalRaftRequest) (*applyResult, error) {
|
2016-05-17 09:20:50 +03:00
|
|
|
r.Header = &pb.RequestHeader{
|
|
|
|
|
ID: s.reqIDGen.Next(),
|
|
|
|
|
}
|
|
|
|
|
username, err := s.usernameFromCtx(ctx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
r.Header.Username = username
|
2015-09-13 18:32:01 +03:00
|
|
|
|
|
|
|
|
data, err := r.Marshal()
|
|
|
|
|
if err != nil {
|
2015-11-04 22:23:33 +03:00
|
|
|
return nil, err
|
2015-09-13 18:32:01 +03:00
|
|
|
}
|
2016-02-08 23:44:25 +03:00
|
|
|
|
|
|
|
|
if len(data) > maxRequestBytes {
|
|
|
|
|
return nil, ErrRequestTooLarge
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-17 09:20:50 +03:00
|
|
|
id := r.ID
|
|
|
|
|
if id == 0 {
|
|
|
|
|
id = r.Header.ID
|
|
|
|
|
}
|
|
|
|
|
ch := s.w.Register(id)
|
2015-09-13 18:32:01 +03:00
|
|
|
|
2016-04-28 07:36:01 +03:00
|
|
|
cctx, cancel := context.WithTimeout(ctx, maxV3RequestTimeout)
|
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
|
|
s.r.Propose(cctx, data)
|
2015-09-13 18:32:01 +03:00
|
|
|
|
|
|
|
|
select {
|
|
|
|
|
case x := <-ch:
|
2015-11-04 22:23:33 +03:00
|
|
|
return x.(*applyResult), nil
|
2016-04-28 07:36:01 +03:00
|
|
|
case <-cctx.Done():
|
2016-05-17 09:20:50 +03:00
|
|
|
s.w.Trigger(id, nil) // GC wait
|
2016-04-28 07:36:01 +03:00
|
|
|
return nil, cctx.Err()
|
2015-09-13 18:32:01 +03:00
|
|
|
case <-s.done:
|
2015-11-04 22:23:33 +03:00
|
|
|
return nil, ErrStopped
|
2015-09-13 18:32:01 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-08 11:21:19 +03:00
|
|
|
// Watchable returns a watchable interface attached to the etcdserver.
|
2016-04-25 22:32:58 +03:00
|
|
|
func (s *EtcdServer) Watchable() mvcc.Watchable { return s.KV() }
|
