Merge pull request #9275 from gyuho/v2auth
etcdserver: move "etcdserver/auth" to "etcdserver/v2auth"release-3.4
commit
07f9229731
|
@ -35,6 +35,7 @@
|
|||
- Move `"github.com/coreos/etcd/snap"` to [`"github.com/coreos/etcd/internal/raftsnap"`](https://github.com/coreos/etcd/pull/9211).
|
||||
- Move `"github.com/coreos/etcd/store"` to [`"github.com/coreos/etcd/internal/store"`](https://github.com/coreos/etcd/pull/9238).
|
||||
- Move `"github.com/coreos/etcd/version"` to [`"github.com/coreos/etcd/internal/version"`](https://github.com/coreos/etcd/pull/9244).
|
||||
- Move `"github.com/coreos/etcd/etcdserver/auth"` to [`"github.com/coreos/etcd/etcdserver/v2auth"`](https://github.com/coreos/etcd/pull/9275).
|
||||
|
||||
### Added(`etcd`)
|
||||
|
||||
|
|
|
@ -32,10 +32,10 @@ import (
|
|||
"github.com/coreos/etcd/etcdserver/api"
|
||||
"github.com/coreos/etcd/etcdserver/api/etcdhttp"
|
||||
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
|
||||
"github.com/coreos/etcd/etcdserver/auth"
|
||||
"github.com/coreos/etcd/etcdserver/etcdserverpb"
|
||||
"github.com/coreos/etcd/etcdserver/membership"
|
||||
"github.com/coreos/etcd/etcdserver/stats"
|
||||
"github.com/coreos/etcd/etcdserver/v2auth"
|
||||
"github.com/coreos/etcd/internal/store"
|
||||
"github.com/coreos/etcd/pkg/types"
|
||||
|
||||
|
@ -59,7 +59,7 @@ func NewClientHandler(server etcdserver.ServerPeer, timeout time.Duration) http.
|
|||
}
|
||||
|
||||
func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Duration) {
|
||||
sec := auth.NewStore(server, timeout)
|
||||
sec := v2auth.NewStore(server, timeout)
|
||||
kh := &keysHandler{
|
||||
sec: sec,
|
||||
server: server,
|
||||
|
@ -101,7 +101,7 @@ func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Durat
|
|||
}
|
||||
|
||||
type keysHandler struct {
|
||||
sec auth.Store
|
||||
sec v2auth.Store
|
||||
server etcdserver.ServerV2
|
||||
cluster api.Cluster
|
||||
timeout time.Duration
|
||||
|
@ -168,7 +168,7 @@ func (h *machinesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
type membersHandler struct {
|
||||
sec auth.Store
|
||||
sec v2auth.Store
|
||||
server etcdserver.ServerV2
|
||||
cluster api.Cluster
|
||||
timeout time.Duration
|
||||
|
|
|
@ -22,23 +22,23 @@ import (
|
|||
|
||||
"github.com/coreos/etcd/etcdserver/api"
|
||||
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
|
||||
"github.com/coreos/etcd/etcdserver/auth"
|
||||
"github.com/coreos/etcd/etcdserver/v2auth"
|
||||
)
|
||||
|
||||
type authHandler struct {
|
||||
sec auth.Store
|
||||
sec v2auth.Store
|
||||
cluster api.Cluster
|
||||
clientCertAuthEnabled bool
|
||||
}
|
||||
|
||||
func hasWriteRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
|
||||
func hasWriteRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
|
||||
if r.Method == "GET" || r.Method == "HEAD" {
|
||||
return true
|
||||
}
|
||||
return hasRootAccess(sec, r, clientCertAuthEnabled)
|
||||
}
|
||||
|
||||
func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User {
|
||||
func userFromBasicAuth(sec v2auth.Store, r *http.Request) *v2auth.User {
|
||||
username, password, ok := r.BasicAuth()
|
||||
if !ok {
|
||||
plog.Warningf("auth: malformed basic auth encoding")
|
||||
|
@ -57,7 +57,7 @@ func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User {
|
|||
return &user
|
||||
}
|
||||
|
||||
func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User {
|
||||
func userFromClientCertificate(sec v2auth.Store, r *http.Request) *v2auth.User {
|
||||
if r.TLS == nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -75,7 +75,7 @@ func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User {
|
|||
return nil
|
||||
}
|
||||
|
||||
func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
|
||||
func hasRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
|
||||
if sec == nil {
|
||||
// No store means no auth available, eg, tests.
|
||||
return true
|
||||
|
@ -84,7 +84,7 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool)
|
|||
return true
|
||||
}
|
||||
|
||||
var rootUser *auth.User
|
||||
var rootUser *v2auth.User
|
||||
if r.Header.Get("Authorization") == "" && clientCertAuthEnabled {
|
||||
rootUser = userFromClientCertificate(sec, r)
|
||||
if rootUser == nil {
|
||||
|
@ -98,15 +98,15 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool)
|
|||
}
|
||||
|
||||
for _, role := range rootUser.Roles {
|
||||
if role == auth.RootRoleName {
|
||||
if role == v2auth.RootRoleName {
|
||||
return true
|
||||
}
|
||||
}
|
||||
plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, auth.RootRoleName, r.URL.Path)
|
||||
plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, v2auth.RootRoleName, r.URL.Path)
|
||||
return false
|
||||
}
|
||||
|
||||
func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool {
|
||||
func hasKeyPrefixAccess(sec v2auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool {
|
||||
if sec == nil {
|
||||
// No store means no auth available, eg, tests.
|
||||
return true
|
||||
|
@ -115,7 +115,7 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive,
|
|||
return true
|
||||
}
|
||||
|
||||
var user *auth.User
|
||||
var user *v2auth.User
|
||||
if r.Header.Get("Authorization") == "" {
|
||||
if clientCertAuthEnabled {
|
||||
user = userFromClientCertificate(sec, r)
|
||||
|
@ -148,9 +148,9 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive,
|
|||
return false
|
||||
}
|
||||
|
||||
func hasGuestAccess(sec auth.Store, r *http.Request, key string) bool {
|
||||
func hasGuestAccess(sec v2auth.Store, r *http.Request, key string) bool {
|
||||
writeAccess := r.Method != "GET" && r.Method != "HEAD"
|
||||
role, err := sec.GetRole(auth.GuestRoleName)
|
||||
role, err := sec.GetRole(v2auth.GuestRoleName)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
@ -204,10 +204,10 @@ func (sh *authHandler) baseRoles(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
var rolesCollections struct {
|
||||
Roles []auth.Role `json:"roles"`
|
||||
Roles []v2auth.Role `json:"roles"`
|
||||
}
|
||||
for _, roleName := range roles {
|
||||
var role auth.Role
|
||||
var role v2auth.Role
|
||||
role, err = sh.sec.GetRole(roleName)
|
||||
if err != nil {
|
||||
writeError(w, r, err)
|
||||
|
@ -265,7 +265,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
|
|||
}
|
||||
return
|
||||
case "PUT":
|
||||
var in auth.Role
|
||||
var in v2auth.Role
|
||||
err := json.NewDecoder(r.Body).Decode(&in)
|
||||
if err != nil {
|
||||
writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body."))
|
||||
|
@ -276,7 +276,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
|
|||
return
|
||||
}
|
||||
|
||||
var out auth.Role
|
||||
var out v2auth.Role
|
||||
|
||||
// create
|
||||
if in.Grant.IsEmpty() && in.Revoke.IsEmpty() {
|
||||
|
@ -317,7 +317,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
|
|||
|
||||
type userWithRoles struct {
|
||||
User string `json:"user"`
|
||||
Roles []auth.Role `json:"roles,omitempty"`
|
||||
Roles []v2auth.Role `json:"roles,omitempty"`
|
||||
}
|
||||
|
||||
type usersCollections struct {
|
||||
|
@ -352,7 +352,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
ucs := usersCollections{}
|
||||
for _, userName := range users {
|
||||
var user auth.User
|
||||
var user v2auth.User
|
||||
user, err = sh.sec.GetUser(userName)
|
||||
if err != nil {
|
||||
writeError(w, r, err)
|
||||
|
@ -361,7 +361,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
uwr := userWithRoles{User: user.User}
|
||||
for _, roleName := range user.Roles {
|
||||
var role auth.Role
|
||||
var role v2auth.Role
|
||||
role, err = sh.sec.GetRole(roleName)
|
||||
if err != nil {
|
||||
continue
|
||||
|
@ -423,7 +423,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
|
|||
|
||||
uwr := userWithRoles{User: u.User}
|
||||
for _, roleName := range u.Roles {
|
||||
var role auth.Role
|
||||
var role v2auth.Role
|
||||
role, err = sh.sec.GetRole(roleName)
|
||||
if err != nil {
|
||||
writeError(w, r, err)
|
||||
|
@ -439,7 +439,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
|
|||
}
|
||||
return
|
||||
case "PUT":
|
||||
var u auth.User
|
||||
var u v2auth.User
|
||||
err := json.NewDecoder(r.Body).Decode(&u)
|
||||
if err != nil {
|
||||
writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body."))
|
||||
|
@ -451,7 +451,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
|
|||
}
|
||||
|
||||
var (
|
||||
out auth.User
|
||||
out v2auth.User
|
||||
created bool
|
||||
)
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/coreos/etcd/etcdserver/api"
|
||||
"github.com/coreos/etcd/etcdserver/auth"
|
||||
"github.com/coreos/etcd/etcdserver/v2auth"
|
||||
)
|
||||
|
||||
const goodPassword = "good"
|
||||
|
@ -46,8 +46,8 @@ func mustJSONRequest(t *testing.T, method string, p string, body string) *http.R
|
|||
}
|
||||
|
||||
type mockAuthStore struct {
|
||||
users map[string]*auth.User
|
||||
roles map[string]*auth.Role
|
||||
users map[string]*v2auth.User
|
||||
roles map[string]*v2auth.Role
|
||||
err error
|
||||
enabled bool
|
||||
}
|
||||
|
@ -60,14 +60,14 @@ func (s *mockAuthStore) AllUsers() ([]string, error) {
|
|||
sort.Strings(us)
|
||||
return us, s.err
|
||||
}
|
||||
func (s *mockAuthStore) GetUser(name string) (auth.User, error) {
|
||||
func (s *mockAuthStore) GetUser(name string) (v2auth.User, error) {
|
||||
u, ok := s.users[name]
|
||||
if !ok {
|
||||
return auth.User{}, s.err
|
||||
return v2auth.User{}, s.err
|
||||
}
|
||||
return *u, s.err
|
||||
}
|
||||
func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, created bool, err error) {
|
||||
func (s *mockAuthStore) CreateOrUpdateUser(user v2auth.User) (out v2auth.User, created bool, err error) {
|
||||
if s.users == nil {
|
||||
out, err = s.CreateUser(user)
|
||||
return out, true, err
|
||||
|
@ -75,31 +75,31 @@ func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, creat
|
|||
out, err = s.UpdateUser(user)
|
||||
return out, false, err
|
||||
}
|
||||
func (s *mockAuthStore) CreateUser(user auth.User) (auth.User, error) { return user, s.err }
|
||||
func (s *mockAuthStore) CreateUser(user v2auth.User) (v2auth.User, error) { return user, s.err }
|
||||
func (s *mockAuthStore) DeleteUser(name string) error { return s.err }
|
||||
func (s *mockAuthStore) UpdateUser(user auth.User) (auth.User, error) {
|
||||
func (s *mockAuthStore) UpdateUser(user v2auth.User) (v2auth.User, error) {
|
||||
return *s.users[user.User], s.err
|
||||
}
|
||||
func (s *mockAuthStore) AllRoles() ([]string, error) {
|
||||
return []string{"awesome", "guest", "root"}, s.err
|
||||
}
|
||||
func (s *mockAuthStore) GetRole(name string) (auth.Role, error) {
|
||||
func (s *mockAuthStore) GetRole(name string) (v2auth.Role, error) {
|
||||
r, ok := s.roles[name]
|
||||
if ok {
|
||||
return *r, s.err
|
||||
}
|
||||
return auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err)
|
||||
return v2auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err)
|
||||
}
|
||||
func (s *mockAuthStore) CreateRole(role auth.Role) error { return s.err }
|
||||
func (s *mockAuthStore) CreateRole(role v2auth.Role) error { return s.err }
|
||||
func (s *mockAuthStore) DeleteRole(name string) error { return s.err }
|
||||
func (s *mockAuthStore) UpdateRole(role auth.Role) (auth.Role, error) {
|
||||
func (s *mockAuthStore) UpdateRole(role v2auth.Role) (v2auth.Role, error) {
|
||||
return *s.roles[role.Role], s.err
|
||||
}
|
||||
func (s *mockAuthStore) AuthEnabled() bool { return s.enabled }
|
||||
func (s *mockAuthStore) EnableAuth() error { return s.err }
|
||||
func (s *mockAuthStore) DisableAuth() error { return s.err }
|
||||
|
||||
func (s *mockAuthStore) CheckPassword(user auth.User, password string) bool {
|
||||
func (s *mockAuthStore) CheckPassword(user v2auth.User, password string) bool {
|
||||
return user.Password == password
|
||||
}
|
||||
|
||||
|
@ -132,7 +132,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "GET", "users", ""),
|
||||
store: mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"alice": {
|
||||
User: "alice",
|
||||
Roles: []string{"alicerole", "guest"},
|
||||
|
@ -149,7 +149,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
Password: "wheeee",
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"alicerole": {
|
||||
Role: "alicerole",
|
||||
},
|
||||
|
@ -173,14 +173,14 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "GET", "users/alice", ""),
|
||||
store: mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"alice": {
|
||||
User: "alice",
|
||||
Roles: []string{"alicerole"},
|
||||
Password: "wheeee",
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"alicerole": {
|
||||
Role: "alicerole",
|
||||
},
|
||||
|
@ -204,7 +204,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "password": "goodpassword"}`),
|
||||
store: mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"alice": {
|
||||
User: "alice",
|
||||
Roles: []string{"alicerole", "guest"},
|
||||
|
@ -218,7 +218,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "grant": ["alicerole"]}`),
|
||||
store: mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"alice": {
|
||||
User: "alice",
|
||||
Roles: []string{"alicerole", "guest"},
|
||||
|
@ -232,8 +232,8 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "GET", "users/alice", ``),
|
||||
store: mockAuthStore{
|
||||
users: map[string]*auth.User{},
|
||||
err: auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."},
|
||||
users: map[string]*v2auth.User{},
|
||||
err: v2auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."},
|
||||
},
|
||||
wcode: http.StatusNotFound,
|
||||
wbody: `{"message":"auth: User alice doesn't exist."}`,
|
||||
|
@ -241,7 +241,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "GET", "roles/manager", ""),
|
||||
store: mockAuthStore{
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"manager": {
|
||||
Role: "manager",
|
||||
},
|
||||
|
@ -265,7 +265,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "PUT", "roles/manager", `{"role":"manager","revoke":{"kv":{"read":["foo"],"write":[]}}}`),
|
||||
store: mockAuthStore{
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"manager": {
|
||||
Role: "manager",
|
||||
},
|
||||
|
@ -277,7 +277,7 @@ func TestAuthFlow(t *testing.T) {
|
|||
{
|
||||
req: mustJSONRequest(t, "GET", "roles", ""),
|
||||
store: mockAuthStore{
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"awesome": {
|
||||
Role: "awesome",
|
||||
},
|
||||
|
@ -318,14 +318,14 @@ func TestAuthFlow(t *testing.T) {
|
|||
})(),
|
||||
store: mockAuthStore{
|
||||
enabled: true,
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"root": {
|
||||
User: "root",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"root"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "root",
|
||||
},
|
||||
|
@ -342,14 +342,14 @@ func TestAuthFlow(t *testing.T) {
|
|||
})(),
|
||||
store: mockAuthStore{
|
||||
enabled: true,
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"root": {
|
||||
User: "root",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"root"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "guest",
|
||||
},
|
||||
|
@ -383,13 +383,13 @@ func TestAuthFlow(t *testing.T) {
|
|||
func TestGetUserGrantedWithNonexistingRole(t *testing.T) {
|
||||
sh := &authHandler{
|
||||
sec: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"root": {
|
||||
User: "root",
|
||||
Roles: []string{"root", "foo"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "root",
|
||||
},
|
||||
|
@ -483,14 +483,14 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustAuthRequest("GET", "root", "good"),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"root": {
|
||||
User: "root",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"root"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "root",
|
||||
},
|
||||
|
@ -505,18 +505,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustAuthRequest("GET", "user", "good"),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"foorole"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"foorole": {
|
||||
Role: "foorole",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo"},
|
||||
Write: []string{"/foo"},
|
||||
},
|
||||
|
@ -533,18 +533,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustAuthRequest("GET", "user", "good"),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"foorole"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"foorole": {
|
||||
Role: "foorole",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo*"},
|
||||
Write: []string{"/foo*"},
|
||||
},
|
||||
|
@ -561,18 +561,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustAuthRequest("GET", "user", "bad"),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"foorole"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"foorole": {
|
||||
Role: "foorole",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo*"},
|
||||
Write: []string{"/foo*"},
|
||||
},
|
||||
|
@ -589,7 +589,7 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustAuthRequest("GET", "user", "good"),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{},
|
||||
users: map[string]*v2auth.User{},
|
||||
err: errors.New("Not the user"),
|
||||
enabled: true,
|
||||
},
|
||||
|
@ -601,18 +601,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustJSONRequest(t, "GET", "somepath", ""),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"foorole"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"guest": {
|
||||
Role: "guest",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo*"},
|
||||
Write: []string{"/foo*"},
|
||||
},
|
||||
|
@ -629,18 +629,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/bar",
|
||||
req: mustJSONRequest(t, "GET", "somepath", ""),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"foorole"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"guest": {
|
||||
Role: "guest",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo*"},
|
||||
Write: []string{"/foo*"},
|
||||
},
|
||||
|
@ -658,21 +658,21 @@ func TestPrefixAccess(t *testing.T) {
|
|||
key: "/foo",
|
||||
req: mustAuthRequest("GET", "user", "good"),
|
||||
store: &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"role1", "role2"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"role1": {
|
||||
Role: "role1",
|
||||
},
|
||||
"role2": {
|
||||
Role: "role2",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo"},
|
||||
Write: []string{"/foo"},
|
||||
},
|
||||
|
@ -694,18 +694,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
})(),
|
||||
store: &mockAuthStore{
|
||||
enabled: true,
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"root": {
|
||||
User: "root",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"root"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"guest": {
|
||||
Role: "guest",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo*"},
|
||||
Write: []string{"/foo*"},
|
||||
},
|
||||
|
@ -724,18 +724,18 @@ func TestPrefixAccess(t *testing.T) {
|
|||
})(),
|
||||
store: &mockAuthStore{
|
||||
enabled: true,
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"root": {
|
||||
User: "root",
|
||||
Password: goodPassword,
|
||||
Roles: []string{"root"},
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"guest": {
|
||||
Role: "guest",
|
||||
Permissions: auth.Permissions{
|
||||
KV: auth.RWPermission{
|
||||
Permissions: v2auth.Permissions{
|
||||
KV: v2auth.RWPermission{
|
||||
Read: []string{"/foo*"},
|
||||
Write: []string{"/foo*"},
|
||||
},
|
||||
|
@ -764,7 +764,7 @@ func TestPrefixAccess(t *testing.T) {
|
|||
|
||||
func TestUserFromClientCertificate(t *testing.T) {
|
||||
witherror := &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Roles: []string{"root"},
|
||||
|
@ -776,7 +776,7 @@ func TestUserFromClientCertificate(t *testing.T) {
|
|||
Password: "password",
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "root",
|
||||
},
|
||||
|
@ -785,7 +785,7 @@ func TestUserFromClientCertificate(t *testing.T) {
|
|||
}
|
||||
|
||||
noerror := &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Roles: []string{"root"},
|
||||
|
@ -797,7 +797,7 @@ func TestUserFromClientCertificate(t *testing.T) {
|
|||
Password: "password",
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "root",
|
||||
},
|
||||
|
@ -807,7 +807,7 @@ func TestUserFromClientCertificate(t *testing.T) {
|
|||
var table = []struct {
|
||||
req *http.Request
|
||||
userExists bool
|
||||
store auth.Store
|
||||
store v2auth.Store
|
||||
username string
|
||||
}{
|
||||
{
|
||||
|
@ -846,14 +846,14 @@ func TestUserFromClientCertificate(t *testing.T) {
|
|||
|
||||
func TestUserFromBasicAuth(t *testing.T) {
|
||||
sec := &mockAuthStore{
|
||||
users: map[string]*auth.User{
|
||||
users: map[string]*v2auth.User{
|
||||
"user": {
|
||||
User: "user",
|
||||
Roles: []string{"root"},
|
||||
Password: "password",
|
||||
},
|
||||
},
|
||||
roles: map[string]*auth.Role{
|
||||
roles: map[string]*v2auth.Role{
|
||||
"root": {
|
||||
Role: "root",
|
||||
},
|
||||
|
|
|
@ -22,7 +22,7 @@ import (
|
|||
|
||||
"github.com/coreos/etcd/etcdserver/api/etcdhttp"
|
||||
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
|
||||
"github.com/coreos/etcd/etcdserver/auth"
|
||||
"github.com/coreos/etcd/etcdserver/v2auth"
|
||||
"github.com/coreos/etcd/pkg/logutil"
|
||||
|
||||
"github.com/coreos/pkg/capnslog"
|
||||
|
@ -42,7 +42,7 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) {
|
|||
if err == nil {
|
||||
return
|
||||
}
|
||||
if e, ok := err.(auth.Error); ok {
|
||||
if e, ok := err.(v2auth.Error); ok {
|
||||
herr := httptypes.NewHTTPError(e.HTTPStatus(), e.Error())
|
||||
if et := herr.WriteTo(w); et != nil {
|
||||
plog.Debugf("error writing HTTPError (%v) to %s", et, r.RemoteAddr)
|
||||
|
|
|
@ -12,8 +12,8 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package auth implements etcd authentication.
|
||||
package auth
|
||||
// Package v2auth implements etcd authentication.
|
||||
package v2auth
|
||||
|
||||
import (
|
||||
"context"
|
|
@ -12,7 +12,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package auth
|
||||
package v2auth
|
||||
|
||||
import (
|
||||
"context"
|
|
@ -12,7 +12,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package auth
|
||||
package v2auth
|
||||
|
||||
import (
|
||||
"context"
|
Loading…
Reference in New Issue