diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md index d4362f578..b26051499 100644 --- a/CHANGELOG-3.4.md +++ b/CHANGELOG-3.4.md @@ -35,6 +35,7 @@ - Move `"github.com/coreos/etcd/snap"` to [`"github.com/coreos/etcd/internal/raftsnap"`](https://github.com/coreos/etcd/pull/9211). - Move `"github.com/coreos/etcd/store"` to [`"github.com/coreos/etcd/internal/store"`](https://github.com/coreos/etcd/pull/9238). - Move `"github.com/coreos/etcd/version"` to [`"github.com/coreos/etcd/internal/version"`](https://github.com/coreos/etcd/pull/9244). +- Move `"github.com/coreos/etcd/etcdserver/auth"` to [`"github.com/coreos/etcd/etcdserver/v2auth"`](https://github.com/coreos/etcd/pull/9275). ### Added(`etcd`) diff --git a/etcdserver/api/v2http/client.go b/etcdserver/api/v2http/client.go index f40c410f6..6ae5f9cba 100644 --- a/etcdserver/api/v2http/client.go +++ b/etcdserver/api/v2http/client.go @@ -32,10 +32,10 @@ import ( "github.com/coreos/etcd/etcdserver/api" "github.com/coreos/etcd/etcdserver/api/etcdhttp" "github.com/coreos/etcd/etcdserver/api/v2http/httptypes" - "github.com/coreos/etcd/etcdserver/auth" "github.com/coreos/etcd/etcdserver/etcdserverpb" "github.com/coreos/etcd/etcdserver/membership" "github.com/coreos/etcd/etcdserver/stats" + "github.com/coreos/etcd/etcdserver/v2auth" "github.com/coreos/etcd/internal/store" "github.com/coreos/etcd/pkg/types" @@ -59,7 +59,7 @@ func NewClientHandler(server etcdserver.ServerPeer, timeout time.Duration) http. } func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Duration) { - sec := auth.NewStore(server, timeout) + sec := v2auth.NewStore(server, timeout) kh := &keysHandler{ sec: sec, server: server, @@ -101,7 +101,7 @@ func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Durat } type keysHandler struct { - sec auth.Store + sec v2auth.Store server etcdserver.ServerV2 cluster api.Cluster timeout time.Duration @@ -168,7 +168,7 @@ func (h *machinesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } type membersHandler struct { - sec auth.Store + sec v2auth.Store server etcdserver.ServerV2 cluster api.Cluster timeout time.Duration diff --git a/etcdserver/api/v2http/client_auth.go b/etcdserver/api/v2http/client_auth.go index 606e2e00b..17f0fe6d5 100644 --- a/etcdserver/api/v2http/client_auth.go +++ b/etcdserver/api/v2http/client_auth.go @@ -22,23 +22,23 @@ import ( "github.com/coreos/etcd/etcdserver/api" "github.com/coreos/etcd/etcdserver/api/v2http/httptypes" - "github.com/coreos/etcd/etcdserver/auth" + "github.com/coreos/etcd/etcdserver/v2auth" ) type authHandler struct { - sec auth.Store + sec v2auth.Store cluster api.Cluster clientCertAuthEnabled bool } -func hasWriteRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool { +func hasWriteRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool { if r.Method == "GET" || r.Method == "HEAD" { return true } return hasRootAccess(sec, r, clientCertAuthEnabled) } -func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User { +func userFromBasicAuth(sec v2auth.Store, r *http.Request) *v2auth.User { username, password, ok := r.BasicAuth() if !ok { plog.Warningf("auth: malformed basic auth encoding") @@ -57,7 +57,7 @@ func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User { return &user } -func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User { +func userFromClientCertificate(sec v2auth.Store, r *http.Request) *v2auth.User { if r.TLS == nil { return nil } @@ -75,7 +75,7 @@ func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User { return nil } -func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool { +func hasRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool { if sec == nil { // No store means no auth available, eg, tests. return true @@ -84,7 +84,7 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) return true } - var rootUser *auth.User + var rootUser *v2auth.User if r.Header.Get("Authorization") == "" && clientCertAuthEnabled { rootUser = userFromClientCertificate(sec, r) if rootUser == nil { @@ -98,15 +98,15 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) } for _, role := range rootUser.Roles { - if role == auth.RootRoleName { + if role == v2auth.RootRoleName { return true } } - plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, auth.RootRoleName, r.URL.Path) + plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, v2auth.RootRoleName, r.URL.Path) return false } -func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool { +func hasKeyPrefixAccess(sec v2auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool { if sec == nil { // No store means no auth available, eg, tests. return true @@ -115,7 +115,7 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive, return true } - var user *auth.User + var user *v2auth.User if r.Header.Get("Authorization") == "" { if clientCertAuthEnabled { user = userFromClientCertificate(sec, r) @@ -148,9 +148,9 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive, return false } -func hasGuestAccess(sec auth.Store, r *http.Request, key string) bool { +func hasGuestAccess(sec v2auth.Store, r *http.Request, key string) bool { writeAccess := r.Method != "GET" && r.Method != "HEAD" - role, err := sec.GetRole(auth.GuestRoleName) + role, err := sec.GetRole(v2auth.GuestRoleName) if err != nil { return false } @@ -204,10 +204,10 @@ func (sh *authHandler) baseRoles(w http.ResponseWriter, r *http.Request) { } var rolesCollections struct { - Roles []auth.Role `json:"roles"` + Roles []v2auth.Role `json:"roles"` } for _, roleName := range roles { - var role auth.Role + var role v2auth.Role role, err = sh.sec.GetRole(roleName) if err != nil { writeError(w, r, err) @@ -265,7 +265,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri } return case "PUT": - var in auth.Role + var in v2auth.Role err := json.NewDecoder(r.Body).Decode(&in) if err != nil { writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body.")) @@ -276,7 +276,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri return } - var out auth.Role + var out v2auth.Role // create if in.Grant.IsEmpty() && in.Revoke.IsEmpty() { @@ -316,8 +316,8 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri } type userWithRoles struct { - User string `json:"user"` - Roles []auth.Role `json:"roles,omitempty"` + User string `json:"user"` + Roles []v2auth.Role `json:"roles,omitempty"` } type usersCollections struct { @@ -352,7 +352,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) { ucs := usersCollections{} for _, userName := range users { - var user auth.User + var user v2auth.User user, err = sh.sec.GetUser(userName) if err != nil { writeError(w, r, err) @@ -361,7 +361,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) { uwr := userWithRoles{User: user.User} for _, roleName := range user.Roles { - var role auth.Role + var role v2auth.Role role, err = sh.sec.GetRole(roleName) if err != nil { continue @@ -423,7 +423,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri uwr := userWithRoles{User: u.User} for _, roleName := range u.Roles { - var role auth.Role + var role v2auth.Role role, err = sh.sec.GetRole(roleName) if err != nil { writeError(w, r, err) @@ -439,7 +439,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri } return case "PUT": - var u auth.User + var u v2auth.User err := json.NewDecoder(r.Body).Decode(&u) if err != nil { writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body.")) @@ -451,7 +451,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri } var ( - out auth.User + out v2auth.User created bool ) diff --git a/etcdserver/api/v2http/client_auth_test.go b/etcdserver/api/v2http/client_auth_test.go index 261ce1689..195973fb1 100644 --- a/etcdserver/api/v2http/client_auth_test.go +++ b/etcdserver/api/v2http/client_auth_test.go @@ -31,7 +31,7 @@ import ( "testing" "github.com/coreos/etcd/etcdserver/api" - "github.com/coreos/etcd/etcdserver/auth" + "github.com/coreos/etcd/etcdserver/v2auth" ) const goodPassword = "good" @@ -46,8 +46,8 @@ func mustJSONRequest(t *testing.T, method string, p string, body string) *http.R } type mockAuthStore struct { - users map[string]*auth.User - roles map[string]*auth.Role + users map[string]*v2auth.User + roles map[string]*v2auth.Role err error enabled bool } @@ -60,14 +60,14 @@ func (s *mockAuthStore) AllUsers() ([]string, error) { sort.Strings(us) return us, s.err } -func (s *mockAuthStore) GetUser(name string) (auth.User, error) { +func (s *mockAuthStore) GetUser(name string) (v2auth.User, error) { u, ok := s.users[name] if !ok { - return auth.User{}, s.err + return v2auth.User{}, s.err } return *u, s.err } -func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, created bool, err error) { +func (s *mockAuthStore) CreateOrUpdateUser(user v2auth.User) (out v2auth.User, created bool, err error) { if s.users == nil { out, err = s.CreateUser(user) return out, true, err @@ -75,31 +75,31 @@ func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, creat out, err = s.UpdateUser(user) return out, false, err } -func (s *mockAuthStore) CreateUser(user auth.User) (auth.User, error) { return user, s.err } -func (s *mockAuthStore) DeleteUser(name string) error { return s.err } -func (s *mockAuthStore) UpdateUser(user auth.User) (auth.User, error) { +func (s *mockAuthStore) CreateUser(user v2auth.User) (v2auth.User, error) { return user, s.err } +func (s *mockAuthStore) DeleteUser(name string) error { return s.err } +func (s *mockAuthStore) UpdateUser(user v2auth.User) (v2auth.User, error) { return *s.users[user.User], s.err } func (s *mockAuthStore) AllRoles() ([]string, error) { return []string{"awesome", "guest", "root"}, s.err } -func (s *mockAuthStore) GetRole(name string) (auth.Role, error) { +func (s *mockAuthStore) GetRole(name string) (v2auth.Role, error) { r, ok := s.roles[name] if ok { return *r, s.err } - return auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err) + return v2auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err) } -func (s *mockAuthStore) CreateRole(role auth.Role) error { return s.err } -func (s *mockAuthStore) DeleteRole(name string) error { return s.err } -func (s *mockAuthStore) UpdateRole(role auth.Role) (auth.Role, error) { +func (s *mockAuthStore) CreateRole(role v2auth.Role) error { return s.err } +func (s *mockAuthStore) DeleteRole(name string) error { return s.err } +func (s *mockAuthStore) UpdateRole(role v2auth.Role) (v2auth.Role, error) { return *s.roles[role.Role], s.err } func (s *mockAuthStore) AuthEnabled() bool { return s.enabled } func (s *mockAuthStore) EnableAuth() error { return s.err } func (s *mockAuthStore) DisableAuth() error { return s.err } -func (s *mockAuthStore) CheckPassword(user auth.User, password string) bool { +func (s *mockAuthStore) CheckPassword(user v2auth.User, password string) bool { return user.Password == password } @@ -132,7 +132,7 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "GET", "users", ""), store: mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "alice": { User: "alice", Roles: []string{"alicerole", "guest"}, @@ -149,7 +149,7 @@ func TestAuthFlow(t *testing.T) { Password: "wheeee", }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "alicerole": { Role: "alicerole", }, @@ -173,14 +173,14 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "GET", "users/alice", ""), store: mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "alice": { User: "alice", Roles: []string{"alicerole"}, Password: "wheeee", }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "alicerole": { Role: "alicerole", }, @@ -204,7 +204,7 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "password": "goodpassword"}`), store: mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "alice": { User: "alice", Roles: []string{"alicerole", "guest"}, @@ -218,7 +218,7 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "grant": ["alicerole"]}`), store: mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "alice": { User: "alice", Roles: []string{"alicerole", "guest"}, @@ -232,8 +232,8 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "GET", "users/alice", ``), store: mockAuthStore{ - users: map[string]*auth.User{}, - err: auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."}, + users: map[string]*v2auth.User{}, + err: v2auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."}, }, wcode: http.StatusNotFound, wbody: `{"message":"auth: User alice doesn't exist."}`, @@ -241,7 +241,7 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "GET", "roles/manager", ""), store: mockAuthStore{ - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "manager": { Role: "manager", }, @@ -265,7 +265,7 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "PUT", "roles/manager", `{"role":"manager","revoke":{"kv":{"read":["foo"],"write":[]}}}`), store: mockAuthStore{ - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "manager": { Role: "manager", }, @@ -277,7 +277,7 @@ func TestAuthFlow(t *testing.T) { { req: mustJSONRequest(t, "GET", "roles", ""), store: mockAuthStore{ - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "awesome": { Role: "awesome", }, @@ -318,14 +318,14 @@ func TestAuthFlow(t *testing.T) { })(), store: mockAuthStore{ enabled: true, - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "root": { User: "root", Password: goodPassword, Roles: []string{"root"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "root", }, @@ -342,14 +342,14 @@ func TestAuthFlow(t *testing.T) { })(), store: mockAuthStore{ enabled: true, - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "root": { User: "root", Password: goodPassword, Roles: []string{"root"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "guest", }, @@ -383,13 +383,13 @@ func TestAuthFlow(t *testing.T) { func TestGetUserGrantedWithNonexistingRole(t *testing.T) { sh := &authHandler{ sec: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "root": { User: "root", Roles: []string{"root", "foo"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "root", }, @@ -483,14 +483,14 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustAuthRequest("GET", "root", "good"), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "root": { User: "root", Password: goodPassword, Roles: []string{"root"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "root", }, @@ -505,18 +505,18 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustAuthRequest("GET", "user", "good"), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Password: goodPassword, Roles: []string{"foorole"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "foorole": { Role: "foorole", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo"}, Write: []string{"/foo"}, }, @@ -533,18 +533,18 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustAuthRequest("GET", "user", "good"), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Password: goodPassword, Roles: []string{"foorole"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "foorole": { Role: "foorole", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo*"}, Write: []string{"/foo*"}, }, @@ -561,18 +561,18 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustAuthRequest("GET", "user", "bad"), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Password: goodPassword, Roles: []string{"foorole"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "foorole": { Role: "foorole", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo*"}, Write: []string{"/foo*"}, }, @@ -589,7 +589,7 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustAuthRequest("GET", "user", "good"), store: &mockAuthStore{ - users: map[string]*auth.User{}, + users: map[string]*v2auth.User{}, err: errors.New("Not the user"), enabled: true, }, @@ -601,18 +601,18 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustJSONRequest(t, "GET", "somepath", ""), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Password: goodPassword, Roles: []string{"foorole"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "guest": { Role: "guest", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo*"}, Write: []string{"/foo*"}, }, @@ -629,18 +629,18 @@ func TestPrefixAccess(t *testing.T) { key: "/bar", req: mustJSONRequest(t, "GET", "somepath", ""), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Password: goodPassword, Roles: []string{"foorole"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "guest": { Role: "guest", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo*"}, Write: []string{"/foo*"}, }, @@ -658,21 +658,21 @@ func TestPrefixAccess(t *testing.T) { key: "/foo", req: mustAuthRequest("GET", "user", "good"), store: &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Password: goodPassword, Roles: []string{"role1", "role2"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "role1": { Role: "role1", }, "role2": { Role: "role2", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo"}, Write: []string{"/foo"}, }, @@ -694,18 +694,18 @@ func TestPrefixAccess(t *testing.T) { })(), store: &mockAuthStore{ enabled: true, - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "root": { User: "root", Password: goodPassword, Roles: []string{"root"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "guest": { Role: "guest", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo*"}, Write: []string{"/foo*"}, }, @@ -724,18 +724,18 @@ func TestPrefixAccess(t *testing.T) { })(), store: &mockAuthStore{ enabled: true, - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "root": { User: "root", Password: goodPassword, Roles: []string{"root"}, }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "guest": { Role: "guest", - Permissions: auth.Permissions{ - KV: auth.RWPermission{ + Permissions: v2auth.Permissions{ + KV: v2auth.RWPermission{ Read: []string{"/foo*"}, Write: []string{"/foo*"}, }, @@ -764,7 +764,7 @@ func TestPrefixAccess(t *testing.T) { func TestUserFromClientCertificate(t *testing.T) { witherror := &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Roles: []string{"root"}, @@ -776,7 +776,7 @@ func TestUserFromClientCertificate(t *testing.T) { Password: "password", }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "root", }, @@ -785,7 +785,7 @@ func TestUserFromClientCertificate(t *testing.T) { } noerror := &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Roles: []string{"root"}, @@ -797,7 +797,7 @@ func TestUserFromClientCertificate(t *testing.T) { Password: "password", }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "root", }, @@ -807,7 +807,7 @@ func TestUserFromClientCertificate(t *testing.T) { var table = []struct { req *http.Request userExists bool - store auth.Store + store v2auth.Store username string }{ { @@ -846,14 +846,14 @@ func TestUserFromClientCertificate(t *testing.T) { func TestUserFromBasicAuth(t *testing.T) { sec := &mockAuthStore{ - users: map[string]*auth.User{ + users: map[string]*v2auth.User{ "user": { User: "user", Roles: []string{"root"}, Password: "password", }, }, - roles: map[string]*auth.Role{ + roles: map[string]*v2auth.Role{ "root": { Role: "root", }, diff --git a/etcdserver/api/v2http/http.go b/etcdserver/api/v2http/http.go index 589c172db..8719a2d39 100644 --- a/etcdserver/api/v2http/http.go +++ b/etcdserver/api/v2http/http.go @@ -22,7 +22,7 @@ import ( "github.com/coreos/etcd/etcdserver/api/etcdhttp" "github.com/coreos/etcd/etcdserver/api/v2http/httptypes" - "github.com/coreos/etcd/etcdserver/auth" + "github.com/coreos/etcd/etcdserver/v2auth" "github.com/coreos/etcd/pkg/logutil" "github.com/coreos/pkg/capnslog" @@ -42,7 +42,7 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) { if err == nil { return } - if e, ok := err.(auth.Error); ok { + if e, ok := err.(v2auth.Error); ok { herr := httptypes.NewHTTPError(e.HTTPStatus(), e.Error()) if et := herr.WriteTo(w); et != nil { plog.Debugf("error writing HTTPError (%v) to %s", et, r.RemoteAddr) diff --git a/etcdserver/auth/auth.go b/etcdserver/v2auth/auth.go similarity index 99% rename from etcdserver/auth/auth.go rename to etcdserver/v2auth/auth.go index 8991675cc..c3f543503 100644 --- a/etcdserver/auth/auth.go +++ b/etcdserver/v2auth/auth.go @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package auth implements etcd authentication. -package auth +// Package v2auth implements etcd authentication. +package v2auth import ( "context" diff --git a/etcdserver/auth/auth_requests.go b/etcdserver/v2auth/auth_requests.go similarity index 99% rename from etcdserver/auth/auth_requests.go rename to etcdserver/v2auth/auth_requests.go index 2464828e6..fbe301509 100644 --- a/etcdserver/auth/auth_requests.go +++ b/etcdserver/v2auth/auth_requests.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package auth +package v2auth import ( "context" diff --git a/etcdserver/auth/auth_test.go b/etcdserver/v2auth/auth_test.go similarity index 99% rename from etcdserver/auth/auth_test.go rename to etcdserver/v2auth/auth_test.go index b484cc1c2..d083d45ab 100644 --- a/etcdserver/auth/auth_test.go +++ b/etcdserver/v2auth/auth_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package auth +package v2auth import ( "context"