etcdserver: replace "hostWhitelist" with "AccessController"
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>release-3.4
parent
35509bf69c
commit
29db853317
|
@ -253,7 +253,7 @@ type EtcdServer struct {
|
||||||
leadTimeMu sync.RWMutex
|
leadTimeMu sync.RWMutex
|
||||||
leadElectedTime time.Time
|
leadElectedTime time.Time
|
||||||
|
|
||||||
hostWhitelist map[string]struct{}
|
*AccessController
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewServer creates a new EtcdServer from the supplied configuration. The
|
// NewServer creates a new EtcdServer from the supplied configuration. The
|
||||||
|
@ -443,7 +443,7 @@ func NewServer(cfg ServerConfig) (srv *EtcdServer, err error) {
|
||||||
peerRt: prt,
|
peerRt: prt,
|
||||||
reqIDGen: idutil.NewGenerator(uint16(id), time.Now()),
|
reqIDGen: idutil.NewGenerator(uint16(id), time.Now()),
|
||||||
forceVersionC: make(chan struct{}),
|
forceVersionC: make(chan struct{}),
|
||||||
hostWhitelist: cfg.HostWhitelist,
|
AccessController: &AccessController{CORS: cfg.CORS, HostWhitelist: cfg.HostWhitelist},
|
||||||
}
|
}
|
||||||
|
|
||||||
srv.applyV2 = &applierV2store{store: srv.v2store, cluster: srv.cluster}
|
srv.applyV2 = &applierV2store{store: srv.v2store, cluster: srv.cluster}
|
||||||
|
@ -673,16 +673,6 @@ func (s *EtcdServer) ReportSnapshot(id uint64, status raft.SnapshotStatus) {
|
||||||
s.r.ReportSnapshot(id, status)
|
s.r.ReportSnapshot(id, status)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsHostWhitelisted returns true if the host is whitelisted.
|
|
||||||
// If whitelist is empty, allow all.
|
|
||||||
func (s *EtcdServer) IsHostWhitelisted(host string) bool {
|
|
||||||
if len(s.hostWhitelist) == 0 { // allow all
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
_, ok := s.hostWhitelist[host]
|
|
||||||
return ok
|
|
||||||
}
|
|
||||||
|
|
||||||
type etcdProgress struct {
|
type etcdProgress struct {
|
||||||
confState raftpb.ConfState
|
confState raftpb.ConfState
|
||||||
snapi uint64
|
snapi uint64
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
// Copyright 2018 The etcd Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package etcdserver
|
||||||
|
|
||||||
|
import "sync"
|
||||||
|
|
||||||
|
// AccessController controls etcd server HTTP request access.
|
||||||
|
type AccessController struct {
|
||||||
|
corsMu sync.RWMutex
|
||||||
|
CORS map[string]struct{}
|
||||||
|
hostWhitelistMu sync.RWMutex
|
||||||
|
HostWhitelist map[string]struct{}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewAccessController returns a new "AccessController" with default "*" values.
|
||||||
|
func NewAccessController() *AccessController {
|
||||||
|
return &AccessController{
|
||||||
|
CORS: map[string]struct{}{"*": {}},
|
||||||
|
HostWhitelist: map[string]struct{}{"*": {}},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// OriginAllowed determines whether the server will allow a given CORS origin.
|
||||||
|
// If CORS is empty, allow all.
|
||||||
|
func (ac *AccessController) OriginAllowed(origin string) bool {
|
||||||
|
ac.corsMu.RLock()
|
||||||
|
defer ac.corsMu.RUnlock()
|
||||||
|
if len(ac.CORS) == 0 { // allow all
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
_, ok := ac.CORS["*"]
|
||||||
|
if ok {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
_, ok = ac.CORS[origin]
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsHostWhitelisted returns true if the host is whitelisted.
|
||||||
|
// If whitelist is empty, allow all.
|
||||||
|
func (ac *AccessController) IsHostWhitelisted(host string) bool {
|
||||||
|
ac.hostWhitelistMu.RLock()
|
||||||
|
defer ac.hostWhitelistMu.RUnlock()
|
||||||
|
if len(ac.HostWhitelist) == 0 { // allow all
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
_, ok := ac.HostWhitelist["*"]
|
||||||
|
if ok {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
_, ok = ac.HostWhitelist[host]
|
||||||
|
return ok
|
||||||
|
}
|
Loading…
Reference in New Issue