vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #9275 from gyuho/v2auth 

etcdserver: move "etcdserver/auth" to "etcdserver/v2auth"
release-3.4
Gyuho Lee 2018-02-05 08:33:05 -08:00 committed by GitHub
parent 6a265731e1 eecbba7927
commit 07f9229731
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 109 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG-3.4.md
View File

@ -35,6 +35,7 @@
- Move `"github.com/coreos/etcd/snap"` to [`"github.com/coreos/etcd/internal/raftsnap"`](https://github.com/coreos/etcd/pull/9211).
- Move `"github.com/coreos/etcd/store"` to [`"github.com/coreos/etcd/internal/store"`](https://github.com/coreos/etcd/pull/9238).
- Move `"github.com/coreos/etcd/version"` to [`"github.com/coreos/etcd/internal/version"`](https://github.com/coreos/etcd/pull/9244).
- Move `"github.com/coreos/etcd/etcdserver/auth"` to [`"github.com/coreos/etcd/etcdserver/v2auth"`](https://github.com/coreos/etcd/pull/9275).
### Added(`etcd`)

8
etcdserver/api/v2http/client.go
View File

@ -32,10 +32,10 @@ import (
"github.com/coreos/etcd/etcdserver/api"
"github.com/coreos/etcd/etcdserver/api/etcdhttp"
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
"github.com/coreos/etcd/etcdserver/auth"
"github.com/coreos/etcd/etcdserver/etcdserverpb"
"github.com/coreos/etcd/etcdserver/membership"
"github.com/coreos/etcd/etcdserver/stats"
"github.com/coreos/etcd/etcdserver/v2auth"
"github.com/coreos/etcd/internal/store"
"github.com/coreos/etcd/pkg/types"
@ -59,7 +59,7 @@ func NewClientHandler(server etcdserver.ServerPeer, timeout time.Duration) http.
}
func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Duration) {
sec := auth.NewStore(server, timeout)
sec := v2auth.NewStore(server, timeout)
kh := &keysHandler{
sec: sec,
server: server,
@ -101,7 +101,7 @@ func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Durat
}
type keysHandler struct {
sec auth.Store
sec v2auth.Store
server etcdserver.ServerV2
cluster api.Cluster
timeout time.Duration
@ -168,7 +168,7 @@ func (h *machinesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
type membersHandler struct {
sec auth.Store
sec v2auth.Store
server etcdserver.ServerV2
cluster api.Cluster
timeout time.Duration

48
etcdserver/api/v2http/client_auth.go
View File

@ -22,23 +22,23 @@ import (
"github.com/coreos/etcd/etcdserver/api"
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
"github.com/coreos/etcd/etcdserver/auth"
"github.com/coreos/etcd/etcdserver/v2auth"
)
type authHandler struct {
sec auth.Store
sec v2auth.Store
cluster api.Cluster
clientCertAuthEnabled bool
}
func hasWriteRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
func hasWriteRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
if r.Method == "GET" || r.Method == "HEAD" {
return true
}
return hasRootAccess(sec, r, clientCertAuthEnabled)
}
func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User {
func userFromBasicAuth(sec v2auth.Store, r *http.Request) *v2auth.User {
username, password, ok := r.BasicAuth()
if !ok {
plog.Warningf("auth: malformed basic auth encoding")
@ -57,7 +57,7 @@ func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User {
return &user
}
func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User {
func userFromClientCertificate(sec v2auth.Store, r *http.Request) *v2auth.User {
if r.TLS == nil {
return nil
}
@ -75,7 +75,7 @@ func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User {
return nil
}
func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
func hasRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
if sec == nil {
// No store means no auth available, eg, tests.
return true
@ -84,7 +84,7 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool)
return true
}
var rootUser *auth.User
var rootUser *v2auth.User
if r.Header.Get("Authorization") == "" && clientCertAuthEnabled {
rootUser = userFromClientCertificate(sec, r)
if rootUser == nil {
@ -98,15 +98,15 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool)
}
for _, role := range rootUser.Roles {
if role == auth.RootRoleName {
if role == v2auth.RootRoleName {
return true
}
}
plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, auth.RootRoleName, r.URL.Path)
plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, v2auth.RootRoleName, r.URL.Path)
return false
}
func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool {
func hasKeyPrefixAccess(sec v2auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool {
if sec == nil {
// No store means no auth available, eg, tests.
return true
@ -115,7 +115,7 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive,
return true
}
var user *auth.User
var user *v2auth.User
if r.Header.Get("Authorization") == "" {
if clientCertAuthEnabled {
user = userFromClientCertificate(sec, r)
@ -148,9 +148,9 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive,
return false
}
func hasGuestAccess(sec auth.Store, r *http.Request, key string) bool {
func hasGuestAccess(sec v2auth.Store, r *http.Request, key string) bool {
writeAccess := r.Method != "GET" && r.Method != "HEAD"
role, err := sec.GetRole(auth.GuestRoleName)
role, err := sec.GetRole(v2auth.GuestRoleName)
if err != nil {
return false
}
@ -204,10 +204,10 @@ func (sh *authHandler) baseRoles(w http.ResponseWriter, r *http.Request) {
}
var rolesCollections struct {
Roles []auth.Role `json:"roles"`
Roles []v2auth.Role `json:"roles"`
}
for _, roleName := range roles {
var role auth.Role
var role v2auth.Role
role, err = sh.sec.GetRole(roleName)
if err != nil {
writeError(w, r, err)
@ -265,7 +265,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
}
return
case "PUT":
var in auth.Role
var in v2auth.Role
err := json.NewDecoder(r.Body).Decode(&in)
if err != nil {
writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body."))
@ -276,7 +276,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
return
}
var out auth.Role
var out v2auth.Role
// create
if in.Grant.IsEmpty() && in.Revoke.IsEmpty() {
@ -316,8 +316,8 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
}
type userWithRoles struct {
User string `json:"user"`
Roles []auth.Role `json:"roles,omitempty"`
User string `json:"user"`
Roles []v2auth.Role `json:"roles,omitempty"`
}
type usersCollections struct {
@ -352,7 +352,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
ucs := usersCollections{}
for _, userName := range users {
var user auth.User
var user v2auth.User
user, err = sh.sec.GetUser(userName)
if err != nil {
writeError(w, r, err)
@ -361,7 +361,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
uwr := userWithRoles{User: user.User}
for _, roleName := range user.Roles {
var role auth.Role
var role v2auth.Role
role, err = sh.sec.GetRole(roleName)
if err != nil {
continue
@ -423,7 +423,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
uwr := userWithRoles{User: u.User}
for _, roleName := range u.Roles {
var role auth.Role
var role v2auth.Role
role, err = sh.sec.GetRole(roleName)
if err != nil {
writeError(w, r, err)
@ -439,7 +439,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
}
return
case "PUT":
var u auth.User
var u v2auth.User
err := json.NewDecoder(r.Body).Decode(&u)
if err != nil {
writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body."))
@ -451,7 +451,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
}
var (
out auth.User
out v2auth.User
created bool
)

148
etcdserver/api/v2http/client_auth_test.go
View File

@ -31,7 +31,7 @@ import (
"testing"
"github.com/coreos/etcd/etcdserver/api"
"github.com/coreos/etcd/etcdserver/auth"
"github.com/coreos/etcd/etcdserver/v2auth"
)
const goodPassword = "good"
@ -46,8 +46,8 @@ func mustJSONRequest(t *testing.T, method string, p string, body string) *http.R
}
type mockAuthStore struct {
users map[string]*auth.User
roles map[string]*auth.Role
users map[string]*v2auth.User
roles map[string]*v2auth.Role
err error
enabled bool
}
@ -60,14 +60,14 @@ func (s *mockAuthStore) AllUsers() ([]string, error) {
sort.Strings(us)
return us, s.err
}
func (s *mockAuthStore) GetUser(name string) (auth.User, error) {
func (s *mockAuthStore) GetUser(name string) (v2auth.User, error) {
u, ok := s.users[name]
if !ok {
return auth.User{}, s.err
return v2auth.User{}, s.err
}
return *u, s.err
}
func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, created bool, err error) {
func (s *mockAuthStore) CreateOrUpdateUser(user v2auth.User) (out v2auth.User, created bool, err error) {
if s.users == nil {
out, err = s.CreateUser(user)
return out, true, err
@ -75,31 +75,31 @@ func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, creat
out, err = s.UpdateUser(user)
return out, false, err
}
func (s *mockAuthStore) CreateUser(user auth.User) (auth.User, error) { return user, s.err }
func (s *mockAuthStore) DeleteUser(name string) error { return s.err }
func (s *mockAuthStore) UpdateUser(user auth.User) (auth.User, error) {
func (s *mockAuthStore) CreateUser(user v2auth.User) (v2auth.User, error) { return user, s.err }
func (s *mockAuthStore) DeleteUser(name string) error { return s.err }
func (s *mockAuthStore) UpdateUser(user v2auth.User) (v2auth.User, error) {
return *s.users[user.User], s.err
}
func (s *mockAuthStore) AllRoles() ([]string, error) {
return []string{"awesome", "guest", "root"}, s.err
}
func (s *mockAuthStore) GetRole(name string) (auth.Role, error) {
func (s *mockAuthStore) GetRole(name string) (v2auth.Role, error) {
r, ok := s.roles[name]
if ok {
return *r, s.err
}
return auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err)
return v2auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err)
}
func (s *mockAuthStore) CreateRole(role auth.Role) error { return s.err }
func (s *mockAuthStore) DeleteRole(name string) error { return s.err }
func (s *mockAuthStore) UpdateRole(role auth.Role) (auth.Role, error) {
func (s *mockAuthStore) CreateRole(role v2auth.Role) error { return s.err }
func (s *mockAuthStore) DeleteRole(name string) error { return s.err }
func (s *mockAuthStore) UpdateRole(role v2auth.Role) (v2auth.Role, error) {
return *s.roles[role.Role], s.err
}
func (s *mockAuthStore) AuthEnabled() bool { return s.enabled }
func (s *mockAuthStore) EnableAuth() error { return s.err }
func (s *mockAuthStore) DisableAuth() error { return s.err }
func (s *mockAuthStore) CheckPassword(user auth.User, password string) bool {
func (s *mockAuthStore) CheckPassword(user v2auth.User, password string) bool {
return user.Password == password
}
@ -132,7 +132,7 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "GET", "users", ""),
store: mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"alice": {
User: "alice",
Roles: []string{"alicerole", "guest"},
@ -149,7 +149,7 @@ func TestAuthFlow(t *testing.T) {
Password: "wheeee",
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"alicerole": {
Role: "alicerole",
},
@ -173,14 +173,14 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "GET", "users/alice", ""),
store: mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"alice": {
User: "alice",
Roles: []string{"alicerole"},
Password: "wheeee",
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"alicerole": {
Role: "alicerole",
},
@ -204,7 +204,7 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "password": "goodpassword"}`),
store: mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"alice": {
User: "alice",
Roles: []string{"alicerole", "guest"},
@ -218,7 +218,7 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "grant": ["alicerole"]}`),
store: mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"alice": {
User: "alice",
Roles: []string{"alicerole", "guest"},
@ -232,8 +232,8 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "GET", "users/alice", ``),
store: mockAuthStore{
users: map[string]*auth.User{},
err: auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."},
users: map[string]*v2auth.User{},
err: v2auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."},
},
wcode: http.StatusNotFound,
wbody: `{"message":"auth: User alice doesn't exist."}`,
@ -241,7 +241,7 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "GET", "roles/manager", ""),
store: mockAuthStore{
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"manager": {
Role: "manager",
},
@ -265,7 +265,7 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "PUT", "roles/manager", `{"role":"manager","revoke":{"kv":{"read":["foo"],"write":[]}}}`),
store: mockAuthStore{
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"manager": {
Role: "manager",
},
@ -277,7 +277,7 @@ func TestAuthFlow(t *testing.T) {
{
req: mustJSONRequest(t, "GET", "roles", ""),
store: mockAuthStore{
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"awesome": {
Role: "awesome",
},
@ -318,14 +318,14 @@ func TestAuthFlow(t *testing.T) {
})(),
store: mockAuthStore{
enabled: true,
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"root": {
User: "root",
Password: goodPassword,
Roles: []string{"root"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "root",
},
@ -342,14 +342,14 @@ func TestAuthFlow(t *testing.T) {
})(),
store: mockAuthStore{
enabled: true,
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"root": {
User: "root",
Password: goodPassword,
Roles: []string{"root"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "guest",
},
@ -383,13 +383,13 @@ func TestAuthFlow(t *testing.T) {
func TestGetUserGrantedWithNonexistingRole(t *testing.T) {
sh := &authHandler{
sec: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"root": {
User: "root",
Roles: []string{"root", "foo"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "root",
},
@ -483,14 +483,14 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustAuthRequest("GET", "root", "good"),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"root": {
User: "root",
Password: goodPassword,
Roles: []string{"root"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "root",
},
@ -505,18 +505,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Password: goodPassword,
Roles: []string{"foorole"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"foorole": {
Role: "foorole",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo"},
Write: []string{"/foo"},
},
@ -533,18 +533,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Password: goodPassword,
Roles: []string{"foorole"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"foorole": {
Role: "foorole",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo*"},
Write: []string{"/foo*"},
},
@ -561,18 +561,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustAuthRequest("GET", "user", "bad"),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Password: goodPassword,
Roles: []string{"foorole"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"foorole": {
Role: "foorole",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo*"},
Write: []string{"/foo*"},
},
@ -589,7 +589,7 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{
users: map[string]*auth.User{},
users: map[string]*v2auth.User{},
err: errors.New("Not the user"),
enabled: true,
},
@ -601,18 +601,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustJSONRequest(t, "GET", "somepath", ""),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Password: goodPassword,
Roles: []string{"foorole"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"guest": {
Role: "guest",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo*"},
Write: []string{"/foo*"},
},
@ -629,18 +629,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/bar",
req: mustJSONRequest(t, "GET", "somepath", ""),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Password: goodPassword,
Roles: []string{"foorole"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"guest": {
Role: "guest",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo*"},
Write: []string{"/foo*"},
},
@ -658,21 +658,21 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo",
req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Password: goodPassword,
Roles: []string{"role1", "role2"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"role1": {
Role: "role1",
},
"role2": {
Role: "role2",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo"},
Write: []string{"/foo"},
},
@ -694,18 +694,18 @@ func TestPrefixAccess(t *testing.T) {
})(),
store: &mockAuthStore{
enabled: true,
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"root": {
User: "root",
Password: goodPassword,
Roles: []string{"root"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"guest": {
Role: "guest",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo*"},
Write: []string{"/foo*"},
},
@ -724,18 +724,18 @@ func TestPrefixAccess(t *testing.T) {
})(),
store: &mockAuthStore{
enabled: true,
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"root": {
User: "root",
Password: goodPassword,
Roles: []string{"root"},
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"guest": {
Role: "guest",
Permissions: auth.Permissions{
KV: auth.RWPermission{
Permissions: v2auth.Permissions{
KV: v2auth.RWPermission{
Read: []string{"/foo*"},
Write: []string{"/foo*"},
},
@ -764,7 +764,7 @@ func TestPrefixAccess(t *testing.T) {
func TestUserFromClientCertificate(t *testing.T) {
witherror := &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Roles: []string{"root"},
@ -776,7 +776,7 @@ func TestUserFromClientCertificate(t *testing.T) {
Password: "password",
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "root",
},
@ -785,7 +785,7 @@ func TestUserFromClientCertificate(t *testing.T) {
}
noerror := &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Roles: []string{"root"},
@ -797,7 +797,7 @@ func TestUserFromClientCertificate(t *testing.T) {
Password: "password",
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "root",
},
@ -807,7 +807,7 @@ func TestUserFromClientCertificate(t *testing.T) {
var table = []struct {
req *http.Request
userExists bool
store auth.Store
store v2auth.Store
username string
}{
{
@ -846,14 +846,14 @@ func TestUserFromClientCertificate(t *testing.T) {
func TestUserFromBasicAuth(t *testing.T) {
sec := &mockAuthStore{
users: map[string]*auth.User{
users: map[string]*v2auth.User{
"user": {
User: "user",
Roles: []string{"root"},
Password: "password",
},
},
roles: map[string]*auth.Role{
roles: map[string]*v2auth.Role{
"root": {
Role: "root",
},

4
etcdserver/api/v2http/http.go
View File

@ -22,7 +22,7 @@ import (
"github.com/coreos/etcd/etcdserver/api/etcdhttp"
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
"github.com/coreos/etcd/etcdserver/auth"
"github.com/coreos/etcd/etcdserver/v2auth"
"github.com/coreos/etcd/pkg/logutil"
"github.com/coreos/pkg/capnslog"
@ -42,7 +42,7 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) {
if err == nil {
return
}
if e, ok := err.(auth.Error); ok {
if e, ok := err.(v2auth.Error); ok {
herr := httptypes.NewHTTPError(e.HTTPStatus(), e.Error())
if et := herr.WriteTo(w); et != nil {
plog.Debugf("error writing HTTPError (%v) to %s", et, r.RemoteAddr)

4
etcdserver/auth/auth.go → etcdserver/v2auth/auth.go
View File

@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
// Package auth implements etcd authentication.
package auth
// Package v2auth implements etcd authentication.
package v2auth
import (
"context"

2
etcdserver/auth/auth_requests.go → etcdserver/v2auth/auth_requests.go
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package auth
package v2auth
import (
"context"

2
etcdserver/auth/auth_test.go → etcdserver/v2auth/auth_test.go
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package auth
package v2auth
import (
"context"