vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5295 from ajityagaty/auth_disable 

auth: Adding support for "auth disable" command.
release-3.0
Xiang Li 2016-05-07 23:09:37 -07:00
parent 53491aac0a adc981c53d
commit 0d43a2b7e7
9 changed files with 220 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
auth/store.go
View File

@ -47,6 +47,9 @@ type AuthStore interface {
// AuthEnable turns on the authentication feature
AuthEnable()
// AuthDisable turns off the authentication feature
AuthDisable()
// Authenticate does authentication based on given user name and password,
// and returns a token for successful case.
// Note that the generated token is valid only for the member the client
@ -92,6 +95,19 @@ func (as *authStore) AuthEnable() {
plog.Noticef("Authentication enabled")
}
func (as *authStore) AuthDisable() {
value := []byte{0}
b := as.be
tx := b.BatchTx()
tx.Lock()
tx.UnsafePut(authBucketName, enableFlagKey, value)
tx.Unlock()
b.ForceCommit()
plog.Noticef("Authentication disabled")
}
func (as *authStore) Authenticate(name string, password string) (*pb.AuthenticateResponse, error) {
tx := as.be.BatchTx()
tx.Lock()

9
clientv3/auth.go
View File

@ -27,6 +27,7 @@ import (
type (
AuthEnableResponse pb.AuthEnableResponse
AuthDisableResponse pb.AuthDisableResponse
AuthenticateResponse pb.AuthenticateResponse
AuthUserAddResponse pb.AuthUserAddResponse
AuthUserDeleteResponse pb.AuthUserDeleteResponse
@ -48,6 +49,9 @@ type Auth interface {
// AuthEnable enables auth of an etcd cluster.
AuthEnable(ctx context.Context) (*AuthEnableResponse, error)
// AuthDisable disables auth of an etcd cluster.
AuthDisable(ctx context.Context) (*AuthDisableResponse, error)
// Authenticate does authenticate with given user name and password.
Authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error)
@ -91,6 +95,11 @@ func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
return (*AuthEnableResponse)(resp), rpctypes.Error(err)
}
func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{})
return (*AuthDisableResponse)(resp), rpctypes.Error(err)
}
func (auth *auth) Authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) {
resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password})
return (*AuthenticateResponse)(resp), rpctypes.Error(err)

16
e2e/ctl_v3_auth_test.go
View File

@ -16,9 +16,8 @@ package e2e
import "testing"
func TestCtlV3AuthEnable(t *testing.T) { testCtl(t, authEnableTest) }
// TODO: test auth disable
func TestCtlV3AuthEnable(t *testing.T) { testCtl(t, authEnableTest) }
func TestCtlV3AuthDisable(t *testing.T) { testCtl(t, authDisableTest) }
func authEnableTest(cx ctlCtx) {
if err := ctlV3AuthEnable(cx); err != nil {
@ -30,3 +29,14 @@ func ctlV3AuthEnable(cx ctlCtx) error {
cmdArgs := append(cx.PrefixArgs(), "auth", "enable")
return spawnWithExpect(cmdArgs, "Authentication Enabled")
}
func authDisableTest(cx ctlCtx) {
if err := ctlV3AuthDisable(cx); err != nil {
cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err)
}
}
func ctlV3AuthDisable(cx ctlCtx) error {
cmdArgs := append(cx.PrefixArgs(), "auth", "disable")
return spawnWithExpect(cmdArgs, "Authentication Disabled")
}

27
etcdctl/ctlv3/command/auth_command.go
View File

@ -28,6 +28,7 @@ func NewAuthCommand() *cobra.Command {
}
ac.AddCommand(newAuthEnableCommand())
ac.AddCommand(newAuthDisableCommand())
return ac
}
@ -43,7 +44,7 @@ func newAuthEnableCommand() *cobra.Command {
// authEnableCommandFunc executes the "auth enable" command.
func authEnableCommandFunc(cmd *cobra.Command, args []string) {
if len(args) != 0 {
ExitWithError(ExitBadArgs, fmt.Errorf("auth enable command does not accept argument."))
ExitWithError(ExitBadArgs, fmt.Errorf("auth enable command does not accept any arguments."))
}
ctx, cancel := commandCtx(cmd)
@ -55,3 +56,27 @@ func authEnableCommandFunc(cmd *cobra.Command, args []string) {
fmt.Println("Authentication Enabled")
}
func newAuthDisableCommand() *cobra.Command {
return &cobra.Command{
Use: "disable",
Short: "disable authentication",
Run: authDisableCommandFunc,
}
}
// authDisableCommandFunc executes the "auth disable" command.
func authDisableCommandFunc(cmd *cobra.Command, args []string) {
if len(args) != 0 {
ExitWithError(ExitBadArgs, fmt.Errorf("auth disable command does not accept any arguments."))
}
ctx, cancel := commandCtx(cmd)
_, err := mustClientFromCmd(cmd).Auth.AuthDisable(ctx)
cancel()
if err != nil {
ExitWithError(ExitError, err)
}
fmt.Println("Authentication Disabled")
}

7
etcdserver/api/v3rpc/auth.go
View File

@ -37,8 +37,11 @@ func (as *AuthServer) AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (
}
func (as *AuthServer) AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error) {
plog.Info("not implemented yet")
return nil, nil
resp, err := as.authenticator.AuthDisable(ctx, r)
if err != nil {
return nil, togRPCError(err)
}
return resp, nil
}
func (as *AuthServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) {

8
etcdserver/apply.go
View File

@ -54,6 +54,7 @@ type applierV3 interface {
LeaseRevoke(lc *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error)
Alarm(*pb.AlarmRequest) (*pb.AlarmResponse, error)
AuthEnable() (*pb.AuthEnableResponse, error)
AuthDisable() (*pb.AuthDisableResponse, error)
Authenticate(r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error)
UserAdd(ua *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error)
UserDelete(ua *pb.AuthUserDeleteRequest) (*pb.AuthUserDeleteResponse, error)
@ -88,6 +89,8 @@ func (s *EtcdServer) applyV3Request(r *pb.InternalRaftRequest) *applyResult {
ar.resp, ar.err = s.applyV3.Alarm(r.Alarm)
case r.AuthEnable != nil:
ar.resp, ar.err = s.applyV3.AuthEnable()
case r.AuthDisable != nil:
ar.resp, ar.err = s.applyV3.AuthDisable()
case r.Authenticate != nil:
ar.resp, ar.err = s.applyV3.Authenticate(r.Authenticate)
case r.AuthUserAdd != nil:
@ -495,6 +498,11 @@ func (a *applierV3backend) AuthEnable() (*pb.AuthEnableResponse, error) {
return &pb.AuthEnableResponse{}, nil
}
func (a *applierV3backend) AuthDisable() (*pb.AuthDisableResponse, error) {
a.s.AuthStore().AuthDisable()
return &pb.AuthDisableResponse{}, nil
}
func (a *applierV3backend) Authenticate(r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) {
return a.s.AuthStore().Authenticate(r.Name, r.Password)
}

199
etcdserver/etcdserverpb/raft_internal.pb.go
View File

@ -32,14 +32,15 @@ type InternalRaftRequest struct {
LeaseGrant *LeaseGrantRequest `protobuf:"bytes,8,opt,name=lease_grant,json=leaseGrant" json:"lease_grant,omitempty"`
LeaseRevoke *LeaseRevokeRequest `protobuf:"bytes,9,opt,name=lease_revoke,json=leaseRevoke" json:"lease_revoke,omitempty"`
AuthEnable *AuthEnableRequest `protobuf:"bytes,10,opt,name=auth_enable,json=authEnable" json:"auth_enable,omitempty"`
AuthUserAdd *AuthUserAddRequest `protobuf:"bytes,11,opt,name=auth_user_add,json=authUserAdd" json:"auth_user_add,omitempty"`
AuthUserDelete *AuthUserDeleteRequest `protobuf:"bytes,12,opt,name=auth_user_delete,json=authUserDelete" json:"auth_user_delete,omitempty"`
AuthUserChangePassword *AuthUserChangePasswordRequest `protobuf:"bytes,13,opt,name=auth_user_change_password,json=authUserChangePassword" json:"auth_user_change_password,omitempty"`
AuthUserGrant *AuthUserGrantRequest `protobuf:"bytes,14,opt,name=auth_user_grant,json=authUserGrant" json:"auth_user_grant,omitempty"`
AuthRoleAdd *AuthRoleAddRequest `protobuf:"bytes,15,opt,name=auth_role_add,json=authRoleAdd" json:"auth_role_add,omitempty"`
AuthRoleGrant *AuthRoleGrantRequest `protobuf:"bytes,16,opt,name=auth_role_grant,json=authRoleGrant" json:"auth_role_grant,omitempty"`
Authenticate *AuthenticateRequest `protobuf:"bytes,17,opt,name=authenticate" json:"authenticate,omitempty"`
Alarm *AlarmRequest `protobuf:"bytes,18,opt,name=alarm" json:"alarm,omitempty"`
AuthDisable *AuthDisableRequest `protobuf:"bytes,11,opt,name=auth_disable,json=authDisable" json:"auth_disable,omitempty"`
AuthUserAdd *AuthUserAddRequest `protobuf:"bytes,12,opt,name=auth_user_add,json=authUserAdd" json:"auth_user_add,omitempty"`
AuthUserDelete *AuthUserDeleteRequest `protobuf:"bytes,13,opt,name=auth_user_delete,json=authUserDelete" json:"auth_user_delete,omitempty"`
AuthUserChangePassword *AuthUserChangePasswordRequest `protobuf:"bytes,14,opt,name=auth_user_change_password,json=authUserChangePassword" json:"auth_user_change_password,omitempty"`
AuthUserGrant *AuthUserGrantRequest `protobuf:"bytes,15,opt,name=auth_user_grant,json=authUserGrant" json:"auth_user_grant,omitempty"`
AuthRoleAdd *AuthRoleAddRequest `protobuf:"bytes,16,opt,name=auth_role_add,json=authRoleAdd" json:"auth_role_add,omitempty"`
AuthRoleGrant *AuthRoleGrantRequest `protobuf:"bytes,17,opt,name=auth_role_grant,json=authRoleGrant" json:"auth_role_grant,omitempty"`
Authenticate *AuthenticateRequest `protobuf:"bytes,18,opt,name=authenticate" json:"authenticate,omitempty"`
Alarm *AlarmRequest `protobuf:"bytes,19,opt,name=alarm" json:"alarm,omitempty"`
}
func (m *InternalRaftRequest) Reset() { *m = InternalRaftRequest{} }
@ -169,92 +170,104 @@ func (m *InternalRaftRequest) MarshalTo(data []byte) (int, error) {
}
i += n9
}
if m.AuthUserAdd != nil {
if m.AuthDisable != nil {
data[i] = 0x5a
i++
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserAdd.Size()))
n10, err := m.AuthUserAdd.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthDisable.Size()))
n10, err := m.AuthDisable.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n10
}
if m.AuthUserDelete != nil {
if m.AuthUserAdd != nil {
data[i] = 0x62
i++
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserDelete.Size()))
n11, err := m.AuthUserDelete.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserAdd.Size()))
n11, err := m.AuthUserAdd.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n11
}
if m.AuthUserChangePassword != nil {
if m.AuthUserDelete != nil {
data[i] = 0x6a
i++
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserChangePassword.Size()))
n12, err := m.AuthUserChangePassword.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserDelete.Size()))
n12, err := m.AuthUserDelete.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n12
}
if m.AuthUserGrant != nil {
if m.AuthUserChangePassword != nil {
data[i] = 0x72
i++
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserGrant.Size()))
n13, err := m.AuthUserGrant.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserChangePassword.Size()))
n13, err := m.AuthUserChangePassword.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n13
}
if m.AuthRoleAdd != nil {
if m.AuthUserGrant != nil {
data[i] = 0x7a
i++
i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleAdd.Size()))
n14, err := m.AuthRoleAdd.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserGrant.Size()))
n14, err := m.AuthUserGrant.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n14
}
if m.AuthRoleGrant != nil {
if m.AuthRoleAdd != nil {
data[i] = 0x82
i++
data[i] = 0x1
i++
i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleGrant.Size()))
n15, err := m.AuthRoleGrant.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleAdd.Size()))
n15, err := m.AuthRoleAdd.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n15
}
if m.Authenticate != nil {
if m.AuthRoleGrant != nil {
data[i] = 0x8a
i++
data[i] = 0x1
i++
i = encodeVarintRaftInternal(data, i, uint64(m.Authenticate.Size()))
n16, err := m.Authenticate.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleGrant.Size()))
n16, err := m.AuthRoleGrant.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n16
}
if m.Alarm != nil {
if m.Authenticate != nil {
data[i] = 0x92
i++
data[i] = 0x1
i++
i = encodeVarintRaftInternal(data, i, uint64(m.Alarm.Size()))
n17, err := m.Alarm.MarshalTo(data[i:])
i = encodeVarintRaftInternal(data, i, uint64(m.Authenticate.Size()))
n17, err := m.Authenticate.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n17
}
if m.Alarm != nil {
data[i] = 0x9a
i++
data[i] = 0x1
i++
i = encodeVarintRaftInternal(data, i, uint64(m.Alarm.Size()))
n18, err := m.Alarm.MarshalTo(data[i:])
if err != nil {
return 0, err
}
i += n18
}
return i, nil
}
@ -345,6 +358,10 @@ func (m *InternalRaftRequest) Size() (n int) {
l = m.AuthEnable.Size()
n += 1 + l + sovRaftInternal(uint64(l))
}
if m.AuthDisable != nil {
l = m.AuthDisable.Size()
n += 1 + l + sovRaftInternal(uint64(l))
}
if m.AuthUserAdd != nil {
l = m.AuthUserAdd.Size()
n += 1 + l + sovRaftInternal(uint64(l))
@ -363,7 +380,7 @@ func (m *InternalRaftRequest) Size() (n int) {
}
if m.AuthRoleAdd != nil {
l = m.AuthRoleAdd.Size()
n += 1 + l + sovRaftInternal(uint64(l))
n += 2 + l + sovRaftInternal(uint64(l))
}
if m.AuthRoleGrant != nil {
l = m.AuthRoleGrant.Size()
@ -745,6 +762,39 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
}
iNdEx = postIndex
case 11:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthDisable", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowRaftInternal
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := data[iNdEx]
iNdEx++
msglen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthRaftInternal
}
postIndex := iNdEx + msglen
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.AuthDisable == nil {
m.AuthDisable = &AuthDisableRequest{}
}
if err := m.AuthDisable.Unmarshal(data[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 12:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthUserAdd", wireType)
}
@ -777,7 +827,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 12:
case 13:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthUserDelete", wireType)
}
@ -810,7 +860,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 13:
case 14:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthUserChangePassword", wireType)
}
@ -843,7 +893,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 14:
case 15:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthUserGrant", wireType)
}
@ -876,7 +926,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 15:
case 16:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthRoleAdd", wireType)
}
@ -909,7 +959,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 16:
case 17:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AuthRoleGrant", wireType)
}
@ -942,7 +992,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 17:
case 18:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Authenticate", wireType)
}
@ -975,7 +1025,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error {
return err
}
iNdEx = postIndex
case 18:
case 19:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Alarm", wireType)
}
@ -1185,39 +1235,40 @@ var (
)
var fileDescriptorRaftInternal = []byte{
// 534 bytes of a gzipped FileDescriptorProto
// 550 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x94, 0xdf, 0x6e, 0xd3, 0x30,
0x14, 0xc6, 0x69, 0xf7, 0x87, 0xcd, 0xfd, 0x8b, 0x07, 0xc8, 0xf4, 0x62, 0x8c, 0x22, 0x24, 0x04,
0x52, 0x41, 0xe3, 0x01, 0xa0, 0xb4, 0x15, 0x1a, 0x02, 0x69, 0x8a, 0xe0, 0x3a, 0x72, 0x93, 0xb3,
0xae, 0x22, 0x8d, 0x83, 0xe3, 0x94, 0xf1, 0x86, 0xbb, 0xe4, 0x11, 0x80, 0xb7, 0xe0, 0x0e, 0xfb,
0x24, 0x71, 0x9a, 0xcd, 0xbd, 0xa8, 0x94, 0x7c, 0xe7, 0x3b, 0xbf, 0xf3, 0xc5, 0x47, 0x2e, 0x39,
0x92, 0xfc, 0x42, 0xf9, 0xcb, 0x58, 0x81, 0x8c, 0x79, 0x34, 0x4a, 0xa4, 0x50, 0x82, 0xb6, 0x41,
0x05, 0x61, 0x0a, 0x72, 0x0d, 0x32, 0x99, 0x0f, 0xee, 0x2f, 0xc4, 0x42, 0x60, 0xe1, 0x95, 0x79,
0xca, 0x3d, 0x83, 0x7e, 0xe5, 0x29, 0x94, 0x43, 0x99, 0x04, 0xf9, 0xe3, 0xf0, 0xdf, 0x01, 0x39,
0x3a, 0x2b, 0x98, 0x9e, 0x1e, 0xe0, 0xc1, 0xf7, 0x0c, 0x52, 0x45, 0xbb, 0xa4, 0x79, 0x36, 0x65,
0x8d, 0x93, 0xc6, 0xf3, 0x5d, 0xaf, 0xb9, 0x9c, 0xd2, 0x67, 0xa4, 0xb9, 0x3e, 0x65, 0x4d, 0xfd,
0xde, 0x3a, 0x7d, 0x30, 0xda, 0x9c, 0x3a, 0x2a, 0x5a, 0x3c, 0x6d, 0xa0, 0xaf, 0xc9, 0x9e, 0xe4,
0xf1, 0x02, 0xd8, 0x0e, 0x3a, 0x07, 0x37, 0x9c, 0xa6, 0x54, 0xda, 0x73, 0x23, 0x7d, 0x41, 0x76,
0x92, 0x4c, 0xb1, 0x5d, 0xf4, 0xb3, 0xba, 0xff, 0x3c, 0x2b, 0xf3, 0x78, 0xc6, 0x44, 0x27, 0xa4,
0x1d, 0x42, 0x04, 0x0a, 0xfc, 0x7c, 0xc8, 0x1e, 0x36, 0x9d, 0xd4, 0x9b, 0xa6, 0xe8, 0xa8, 0x8d,
0x6a, 0x85, 0x95, 0x66, 0x06, 0xaa, 0xab, 0x98, 0xed, 0xbb, 0x06, 0x7e, 0xb9, 0x8a, 0xed, 0x40,
0x6d, 0xa2, 0x6f, 0x09, 0x09, 0xc4, 0x2a, 0xe1, 0x81, 0x5a, 0x8a, 0x98, 0xdd, 0xc5, 0x96, 0xc7,
0xf5, 0x96, 0x89, 0xad, 0x97, 0x9d, 0x1b, 0x2d, 0xf4, 0x1d, 0x69, 0x45, 0xc0, 0x53, 0xf0, 0x17,
0x3a, 0xb1, 0x62, 0x07, 0x2e, 0xc2, 0x27, 0x63, 0xf8, 0x60, 0xea, 0x96, 0x10, 0x59, 0xc9, 0x7c,
0x73, 0x4e, 0x90, 0xb0, 0x16, 0xdf, 0x80, 0x1d, 0xba, 0xbe, 0x19, 0x11, 0x1e, 0x1a, 0xec, 0x37,
0x47, 0x95, 0x66, 0x62, 0xf0, 0x4c, 0x5d, 0xfa, 0x10, 0xf3, 0x79, 0x04, 0x8c, 0xb8, 0x62, 0x8c,
0xb5, 0x61, 0x86, 0x75, 0x1b, 0x83, 0x5b, 0x89, 0x4e, 0x49, 0x07, 0x09, 0x99, 0xf6, 0xfb, 0x3c,
0x0c, 0x59, 0xcb, 0x95, 0xc3, 0x30, 0xbe, 0xea, 0xb7, 0x71, 0x18, 0xda, 0x1c, 0xbc, 0xd2, 0xe8,
0x67, 0xd2, 0xaf, 0x28, 0xf9, 0x52, 0x58, 0x1b, 0x41, 0x4f, 0xdd, 0xa0, 0x62, 0x99, 0x05, 0xab,
0xcb, 0x6b, 0x32, 0xbd, 0x20, 0x8f, 0x2a, 0x5c, 0x70, 0x69, 0xd6, 0xeb, 0x27, 0x3c, 0x4d, 0x7f,
0x08, 0x19, 0xb2, 0x0e, 0x72, 0x5f, 0xba, 0xb9, 0x13, 0x34, 0x9f, 0x17, 0xde, 0x92, 0xff, 0x90,
0x3b, 0xcb, 0xf4, 0x23, 0xe9, 0x55, 0x73, 0xf2, 0x4d, 0x76, 0x91, 0x3e, 0x74, 0xd3, 0x6b, 0xcb,
0xec, 0xf0, 0x4d, 0xd5, 0x1e, 0xa4, 0x14, 0x11, 0xe0, 0x41, 0xf6, 0xb6, 0x1d, 0xa4, 0xa7, 0x1d,
0x37, 0x0f, 0xb2, 0xd0, 0x6c, 0x22, 0xa4, 0xe4, 0x89, 0xfa, 0xdb, 0x12, 0x99, 0x9e, 0xdb, 0x89,
0xac, 0x4a, 0x67, 0xa4, 0x6d, 0x04, 0x88, 0xd5, 0x32, 0xe0, 0x7a, 0x21, 0xf7, 0x10, 0xf4, 0xe4,
0x36, 0xa8, 0x74, 0x94, 0x9c, 0x5a, 0x9b, 0xb9, 0xfa, 0x3c, 0xe2, 0x72, 0xc5, 0xa8, 0xeb, 0xea,
0x8f, 0x4d, 0xc9, 0x5e, 0x7d, 0x34, 0x0e, 0x7b, 0xa4, 0x33, 0x5b, 0x25, 0xea, 0xa7, 0x07, 0x69,
0x22, 0xe2, 0x14, 0xde, 0xf7, 0xaf, 0xff, 0x1c, 0xdf, 0xb9, 0xfe, 0x7b, 0xdc, 0xf8, 0xa5, 0x7f,
0xbf, 0xf5, 0x6f, 0xbe, 0x8f, 0xff, 0x52, 0x6f, 0xfe, 0x07, 0x00, 0x00, 0xff, 0xff, 0xee, 0xd7,
0xc5, 0x26, 0xfd, 0x04, 0x00, 0x00,
0x14, 0xc6, 0x69, 0xf7, 0x07, 0xea, 0xfe, 0xc5, 0x05, 0x64, 0x7a, 0x31, 0x46, 0x11, 0x12, 0x02,
0xa9, 0xa0, 0xf1, 0x00, 0x50, 0xda, 0x0a, 0x0d, 0x81, 0x34, 0x45, 0x70, 0x1d, 0xb9, 0xc9, 0x59,
0x57, 0x91, 0x26, 0xc1, 0x71, 0xcb, 0x78, 0x39, 0xae, 0x77, 0xc9, 0x23, 0x00, 0x4f, 0x32, 0xfb,
0x38, 0x71, 0x9a, 0xcd, 0xbd, 0x88, 0x94, 0x7c, 0xe7, 0x3b, 0xbf, 0xf3, 0xd9, 0xb1, 0x4c, 0xfa,
0x82, 0x9f, 0x4b, 0x7f, 0x19, 0x4b, 0x10, 0x31, 0x8f, 0x46, 0xa9, 0x48, 0x64, 0x42, 0x5b, 0x20,
0x83, 0x30, 0x03, 0xb1, 0x01, 0x91, 0xce, 0x07, 0x0f, 0x16, 0xc9, 0x22, 0xc1, 0xc2, 0x6b, 0xfd,
0x66, 0x3c, 0x83, 0x5e, 0xe9, 0xc9, 0x95, 0x86, 0x48, 0x03, 0xf3, 0x3a, 0xfc, 0xdd, 0x20, 0xfd,
0xd3, 0x9c, 0xe9, 0xa9, 0x01, 0x1e, 0xfc, 0x58, 0x43, 0x26, 0x69, 0x87, 0xd4, 0x4f, 0xa7, 0xac,
0x76, 0x5c, 0x7b, 0xb1, 0xef, 0xd5, 0x97, 0x53, 0xfa, 0x9c, 0xd4, 0x37, 0x27, 0xac, 0xae, 0xbe,
0x9b, 0x27, 0x0f, 0x47, 0xdb, 0x53, 0x47, 0x79, 0x8b, 0xa7, 0x0c, 0xf4, 0x0d, 0x39, 0x10, 0x3c,
0x5e, 0x00, 0xdb, 0x43, 0xe7, 0xe0, 0x86, 0x53, 0x97, 0x0a, 0xbb, 0x31, 0xd2, 0x97, 0x64, 0x2f,
0x5d, 0x4b, 0xb6, 0x8f, 0x7e, 0x56, 0xf5, 0x9f, 0xad, 0x8b, 0x3c, 0x9e, 0x36, 0xd1, 0x09, 0x69,
0x85, 0x10, 0x81, 0x04, 0xdf, 0x0c, 0x39, 0xc0, 0xa6, 0xe3, 0x6a, 0xd3, 0x14, 0x1d, 0x95, 0x51,
0xcd, 0xb0, 0xd4, 0xf4, 0x40, 0x79, 0x19, 0xb3, 0x43, 0xd7, 0xc0, 0xaf, 0x97, 0xb1, 0x1d, 0xa8,
0x4c, 0xf4, 0x1d, 0x21, 0x41, 0xb2, 0x4a, 0x79, 0x20, 0x97, 0x49, 0xcc, 0xee, 0x62, 0xcb, 0x93,
0x6a, 0xcb, 0xc4, 0xd6, 0x8b, 0xce, 0xad, 0x16, 0xfa, 0x9e, 0x34, 0x23, 0xe0, 0x19, 0xf8, 0x0b,
0x95, 0x58, 0xb2, 0x7b, 0x2e, 0xc2, 0x67, 0x6d, 0xf8, 0xa8, 0xeb, 0x96, 0x10, 0x59, 0x49, 0xaf,
0xd9, 0x10, 0x04, 0x6c, 0x92, 0xef, 0xc0, 0x1a, 0xae, 0x35, 0x23, 0xc2, 0x43, 0x83, 0x5d, 0x73,
0x54, 0x6a, 0x3a, 0x06, 0x5f, 0xcb, 0x0b, 0x1f, 0x62, 0x3e, 0x8f, 0x80, 0x11, 0x57, 0x8c, 0xb1,
0x32, 0xcc, 0xb0, 0x6e, 0x63, 0x70, 0x2b, 0xe9, 0x18, 0x48, 0x08, 0x97, 0x19, 0x22, 0x9a, 0xae,
0x18, 0x1a, 0x31, 0x35, 0x06, 0x1b, 0x83, 0x97, 0x1a, 0x9d, 0x92, 0x36, 0x42, 0xd6, 0xaa, 0xc3,
0xe7, 0x61, 0xc8, 0x5a, 0xbb, 0x28, 0xdf, 0xd4, 0xd7, 0x38, 0x0c, 0x2b, 0x94, 0x5c, 0xa3, 0x5f,
0x48, 0xaf, 0xa4, 0x98, 0x3f, 0xcb, 0xda, 0x08, 0x7a, 0xe6, 0x06, 0xe5, 0x27, 0x22, 0x67, 0x75,
0x78, 0x45, 0xa6, 0xe7, 0xe4, 0x71, 0x89, 0x0b, 0x2e, 0xf4, 0x19, 0xf1, 0x53, 0x9e, 0x65, 0x3f,
0x13, 0x11, 0xb2, 0x0e, 0x72, 0x5f, 0xb9, 0xb9, 0x13, 0x34, 0x9f, 0xe5, 0xde, 0x82, 0xff, 0x88,
0x3b, 0xcb, 0xf4, 0x13, 0xe9, 0x96, 0x73, 0xcc, 0x71, 0xe8, 0x22, 0x7d, 0xe8, 0xa6, 0x57, 0x4e,
0x44, 0x9b, 0x6f, 0xab, 0x76, 0x23, 0x45, 0x12, 0x01, 0x6e, 0x64, 0x6f, 0xd7, 0x46, 0x7a, 0xca,
0x71, 0x73, 0x23, 0x73, 0xcd, 0x26, 0x42, 0x8a, 0x49, 0x74, 0x7f, 0x57, 0x22, 0xdd, 0x73, 0x3b,
0x91, 0x55, 0xe9, 0xcc, 0x9c, 0x0f, 0x88, 0xe5, 0x32, 0xe0, 0xea, 0x87, 0x50, 0x04, 0x3d, 0xbd,
0x0d, 0x2a, 0x1c, 0x05, 0xa7, 0xd2, 0xa6, 0xef, 0x0f, 0x1e, 0x71, 0xb1, 0x62, 0x7d, 0xd7, 0xfd,
0x31, 0xd6, 0x25, 0x7b, 0x7f, 0xa0, 0x71, 0xd8, 0x25, 0xed, 0xd9, 0x2a, 0x95, 0xbf, 0x3c, 0xc8,
0xd2, 0x24, 0xce, 0xe0, 0x43, 0xef, 0xea, 0xdf, 0xd1, 0x9d, 0xab, 0xff, 0x47, 0xb5, 0x3f, 0xea,
0xf9, 0xab, 0x9e, 0xf9, 0x21, 0x5e, 0x75, 0x6f, 0xaf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xe8, 0x6d,
0xd8, 0x5b, 0x42, 0x05, 0x00, 0x00,
}

17
etcdserver/etcdserverpb/raft_internal.proto
View File

@ -26,15 +26,16 @@ message InternalRaftRequest {
LeaseRevokeRequest lease_revoke = 9;
AuthEnableRequest auth_enable = 10;
AuthUserAddRequest auth_user_add = 11;
AuthUserDeleteRequest auth_user_delete = 12;
AuthUserChangePasswordRequest auth_user_change_password = 13;
AuthUserGrantRequest auth_user_grant = 14;
AuthRoleAddRequest auth_role_add = 15;
AuthRoleGrantRequest auth_role_grant = 16;
AuthenticateRequest authenticate = 17;
AuthDisableRequest auth_disable = 11;
AuthUserAddRequest auth_user_add = 12;
AuthUserDeleteRequest auth_user_delete = 13;
AuthUserChangePasswordRequest auth_user_change_password = 14;
AuthUserGrantRequest auth_user_grant = 15;
AuthRoleAddRequest auth_role_add = 16;
AuthRoleGrantRequest auth_role_grant = 17;
AuthenticateRequest authenticate = 18;
AlarmRequest alarm = 18;
AlarmRequest alarm = 19;
}
message EmptyResponse {

9
etcdserver/v3_server.go
View File

@ -56,6 +56,7 @@ type Lessor interface {
type Authenticator interface {
AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (*pb.AuthEnableResponse, error)
AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error)
Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error)
UserAdd(ctx context.Context, r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error)
UserDelete(ctx context.Context, r *pb.AuthUserDeleteRequest) (*pb.AuthUserDeleteResponse, error)
@ -216,6 +217,14 @@ func (s *EtcdServer) AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (*
return result.resp.(*pb.AuthEnableResponse), result.err
}
func (s *EtcdServer) AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error) {
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthDisable: r})
if err != nil {
return nil, err
}
return result.resp.(*pb.AuthDisableResponse), result.err
}
func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) {
result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Authenticate: r})
if err != nil {