auth: support structured logger
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>release-3.4
parent
ce8348e3e0
commit
f57fa6abaf
|
@ -30,6 +30,7 @@ import (
|
||||||
"github.com/coreos/etcd/mvcc/backend"
|
"github.com/coreos/etcd/mvcc/backend"
|
||||||
|
|
||||||
"github.com/coreos/pkg/capnslog"
|
"github.com/coreos/pkg/capnslog"
|
||||||
|
"go.uber.org/zap"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
"google.golang.org/grpc/credentials"
|
"google.golang.org/grpc/credentials"
|
||||||
"google.golang.org/grpc/metadata"
|
"google.golang.org/grpc/metadata"
|
||||||
|
@ -1047,7 +1048,7 @@ func decomposeOpts(optstr string) (string, map[string]string, error) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewTokenProvider(tokenOpts string, indexWaiter func(uint64) <-chan struct{}) (TokenProvider, error) {
|
func NewTokenProvider(lg *zap.Logger, tokenOpts string, indexWaiter func(uint64) <-chan struct{}) (TokenProvider, error) {
|
||||||
tokenType, typeSpecificOpts, err := decomposeOpts(tokenOpts)
|
tokenType, typeSpecificOpts, err := decomposeOpts(tokenOpts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, ErrInvalidAuthOpts
|
return nil, ErrInvalidAuthOpts
|
||||||
|
@ -1055,14 +1056,22 @@ func NewTokenProvider(tokenOpts string, indexWaiter func(uint64) <-chan struct{}
|
||||||
|
|
||||||
switch tokenType {
|
switch tokenType {
|
||||||
case "simple":
|
case "simple":
|
||||||
|
if lg != nil {
|
||||||
|
lg.Warn("simple token is not cryptographically signed")
|
||||||
|
} else {
|
||||||
plog.Warningf("simple token is not cryptographically signed")
|
plog.Warningf("simple token is not cryptographically signed")
|
||||||
|
}
|
||||||
return newTokenProviderSimple(indexWaiter), nil
|
return newTokenProviderSimple(indexWaiter), nil
|
||||||
case "jwt":
|
case "jwt":
|
||||||
return newTokenProviderJWT(typeSpecificOpts)
|
return newTokenProviderJWT(typeSpecificOpts)
|
||||||
case "":
|
case "":
|
||||||
return newTokenProviderNop()
|
return newTokenProviderNop()
|
||||||
default:
|
default:
|
||||||
|
if lg != nil {
|
||||||
|
lg.Warn("unknown token type", zap.String("type", tokenType), zap.Error(ErrInvalidAuthOpts))
|
||||||
|
} else {
|
||||||
plog.Errorf("unknown token type: %s", tokenType)
|
plog.Errorf("unknown token type: %s", tokenType)
|
||||||
|
}
|
||||||
return nil, ErrInvalidAuthOpts
|
return nil, ErrInvalidAuthOpts
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,6 +29,7 @@ import (
|
||||||
pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
|
pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
|
||||||
"github.com/coreos/etcd/mvcc/backend"
|
"github.com/coreos/etcd/mvcc/backend"
|
||||||
|
|
||||||
|
"go.uber.org/zap"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
"google.golang.org/grpc/metadata"
|
"google.golang.org/grpc/metadata"
|
||||||
)
|
)
|
||||||
|
@ -49,7 +50,7 @@ func TestNewAuthStoreRevision(t *testing.T) {
|
||||||
b, tPath := backend.NewDefaultTmpBackend()
|
b, tPath := backend.NewDefaultTmpBackend()
|
||||||
defer os.Remove(tPath)
|
defer os.Remove(tPath)
|
||||||
|
|
||||||
tp, err := NewTokenProvider("simple", dummyIndexWaiter)
|
tp, err := NewTokenProvider(zap.NewExample(), "simple", dummyIndexWaiter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -77,7 +78,7 @@ func TestNewAuthStoreRevision(t *testing.T) {
|
||||||
func setupAuthStore(t *testing.T) (store *authStore, teardownfunc func(t *testing.T)) {
|
func setupAuthStore(t *testing.T) (store *authStore, teardownfunc func(t *testing.T)) {
|
||||||
b, tPath := backend.NewDefaultTmpBackend()
|
b, tPath := backend.NewDefaultTmpBackend()
|
||||||
|
|
||||||
tp, err := NewTokenProvider("simple", dummyIndexWaiter)
|
tp, err := NewTokenProvider(zap.NewExample(), "simple", dummyIndexWaiter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -514,7 +515,7 @@ func TestAuthInfoFromCtxRace(t *testing.T) {
|
||||||
b, tPath := backend.NewDefaultTmpBackend()
|
b, tPath := backend.NewDefaultTmpBackend()
|
||||||
defer os.Remove(tPath)
|
defer os.Remove(tPath)
|
||||||
|
|
||||||
tp, err := NewTokenProvider("simple", dummyIndexWaiter)
|
tp, err := NewTokenProvider(zap.NewExample(), "simple", dummyIndexWaiter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -580,7 +581,7 @@ func TestRecoverFromSnapshot(t *testing.T) {
|
||||||
|
|
||||||
as.Close()
|
as.Close()
|
||||||
|
|
||||||
tp, err := NewTokenProvider("simple", dummyIndexWaiter)
|
tp, err := NewTokenProvider(zap.NewExample(), "simple", dummyIndexWaiter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -662,7 +663,7 @@ func TestRolesOrder(t *testing.T) {
|
||||||
b, tPath := backend.NewDefaultTmpBackend()
|
b, tPath := backend.NewDefaultTmpBackend()
|
||||||
defer os.Remove(tPath)
|
defer os.Remove(tPath)
|
||||||
|
|
||||||
tp, err := NewTokenProvider("simple", dummyIndexWaiter)
|
tp, err := NewTokenProvider(zap.NewExample(), "simple", dummyIndexWaiter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -708,7 +709,7 @@ func TestAuthInfoFromCtxWithRoot(t *testing.T) {
|
||||||
b, tPath := backend.NewDefaultTmpBackend()
|
b, tPath := backend.NewDefaultTmpBackend()
|
||||||
defer os.Remove(tPath)
|
defer os.Remove(tPath)
|
||||||
|
|
||||||
tp, err := NewTokenProvider("simple", dummyIndexWaiter)
|
tp, err := NewTokenProvider(zap.NewExample(), "simple", dummyIndexWaiter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue