vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16,408 Commits
21 Branches
406 Tags
79 MiB
Commit Graph

129 Commits (0b95e8cef14a92a8a063eda2406ab0a939cc3f60)

Author SHA1 Message Date
Piotr Tabor 28f2b07623 *: Update references to code moved to the api/ dir. 
Follow up to file-moves done in the previous commit.

The commit contains purely mechanical consequences of execution (apart
of scripts/genproto.sh):

  % find ./ -name '*.go'  | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/v3rpc/rpctypes|v3/api/v3rpc/rpctypes|g'
  % find ./ -name '*.go'  | xargs sed --follow-symlinks -i 's|v3/version|v3/api/version|g'
  % find ./ -name '*.go'  | xargs sed --follow-symlinks -i 's|v3/mvcc/mvccpb|v3/api/mvccpb|g'
  % find ./ -name '*.go'  | xargs sed --follow-symlinks -i 's|v3/etcdserver/etcdserverpb|v3/api/etcdserverpb|g'
  % find ./ -name '*.go'  | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/membership/membershippb|v3/api/membershippb|g'
  % find ./ -name '*.go'  | xargs sed --follow-symlinks -i 's|v3/auth/authpb|v3/api/authpb|g'

  % find ./ -name '*.proto' -o -name '*.md'  | xargs -L 1 sed --follow-symlinks -i 's|/mvcc/mvccpb/kv.proto|/api/mvccpb/kv.proto|g'
  % find ./ -name '*.proto' -o -name '*.md'  | xargs -L 1 sed --follow-symlinks -i 's|/auth/authpb/auth.proto|/api/authpb/auth.proto|g'
  % find ./ -name '*.proto' -o -name '*.md'  | xargs -L 1 sed --follow-symlinks -i 's|/etcdserver/api/membership/membershippb/membership.proto|/api/membershippb/membership.proto|g'

  I also modified manually paths in scripts/genproto.sh.

  % go fmt ./...
 2020-10-06 11:56:16 +02:00
Sahdev Zala ef866a6d8b
Merge pull request #11943 from mitake/bcrypt-in-api 
auth, etcdserver: hash password in the API layer
 2020-07-20 10:52:24 -04:00
Hitoshi Mitake 5a3da48cdf auth, etcdserver: hash password in the API layer 2020-07-14 00:15:19 +09:00
Gyuho Lee ebdccedbde
Merge pull request #11980 from cfc4n/simple-token-ttl 
auth: Customize the settings of simpleTokenTTL.
 2020-06-21 23:23:45 -07:00
CFC4N b6d1987ccd
auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. (#12005) 
Fiexs https://github.com/etcd-io/etcd/issues/12004 .
 2020-06-12 16:10:19 -07:00
cfc4n d507ab4aad auth: Customize simpleTokenTTL settings. 
see https://github.com/etcd-io/etcd/issues/11978 for more detail.
 2020-06-11 17:15:42 +08:00
Brandon Philips 96cce208c2 go.mod: use go.etcd.io/etcd/v3 versioning 
This change makes the etcd package compatible with the existing Go
ecosystem for module versioning.

Used this tool to update package imports:
  https://github.com/KSubedi/gomove
 2020-04-28 00:57:35 +00:00
Hitoshi Mitake b6032eb7d2 auth: a new error code for the case of password auth against no password user 2020-04-22 23:25:24 +09:00
shawwang 9cf3162d11 auth: optimize lock scope for CheckPassword 
to improve authentication performance in concurrent scenarios when enable auth and using authentication based password
 2020-04-01 02:21:26 +08:00
Gyuho Lee 3ac7a11515
Merge pull request #11699 from tangcong/refactor-consistentindex 
*: refactor consistentindex
 2020-03-25 18:07:44 -07:00
tangcong 7b2018683a *: refactor consistent index 2020-03-25 10:59:15 +08:00
tangcong d70600feca auth: ensure RoleGrantPermission is compatible with older versions 2020-03-25 09:50:07 +08:00
tangcong 0d084d3a08 auth: cleanup saveConsistentIndex in NewAuthStore 2020-03-10 10:04:58 +08:00
tangcong ebe256d61c auth: print warning log when error is ErrAuthOldRevision 2020-03-03 23:21:25 +08:00
shawwang f14d2a087f auth: add new metric 'etcd_debugging_auth_revision' 2020-02-29 13:31:44 +08:00
tangcong 06ad53321e *: fix auth revision corruption bug 2020-02-29 13:31:37 +08:00
Jingyi Hu 84fe23d530
auth: remove capnslog (#11596) 2020-02-06 12:28:14 -08:00
yoyinzyc aea34c14ca auth: fix NoPassWord check when add user 2019-12-09 14:10:54 -08:00
yoyinzyc c8ffd921d4 auth: fix user.Options nil pointer 2019-12-02 14:09:07 -08:00
Raphael Westphal ade5337b92 etcdserver: add check for nil options 2019-08-26 17:43:05 +07:00
Sahdev P. Zala 1cef112a79 etcdserver: do not allow creating empty role 
Like user, we should not allow creating empty role.

Related #10905
 2019-07-24 17:41:24 -04:00
Hitoshi Mitake 5a67dd788d *: support creating a user without password 
This commit adds a feature for creating a user without password. The
purpose of the feature is reducing attack surface by configuring bad
passwords (CN based auth will be allowed for the user).

The feature can be used with `--no-password` of `etcdctl user add`
command.

Fix https://github.com/coreos/etcd/issues/9590
 2019-05-30 21:59:30 +09:00
Gyuho Lee 34bd797e67 *: revert module import paths 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-05-28 15:39:35 -07:00
shivaramr 9150bf52d6 go modules: Fix module path version to include version number 2019-04-26 15:29:50 -07:00
Sam Batschelet bf9d0d8291 auth: disable CommonName auth for gRPC-gateway 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2019-01-08 12:31:20 -05:00
Gyuho Lee fced933294 auth: update Go import paths to "go.etcd.io" 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2018-08-28 17:47:55 -07:00
Joe LeGasse a6ddb51c8a auth: Support all JWT algorithms 
This change adds support to etcd for all of the JWT algorithms included
in the underlying JWT library.
 2018-06-26 16:31:01 -04:00
Sam Batschelet b30a1166e0 auth: fix panic using WithRoot and improve JWT coverage 2018-05-22 12:53:27 -04:00
Jiang Xuan bf432648ae *: make bcrypt-cost configurable 2018-05-03 11:43:32 -07:00
Gyuho Lee 200401248a
Merge pull request #9665 from gyuho/unconvert 
test: integrate github.com/mdempsky/unconvert
 2018-05-01 09:52:44 -07:00
Gyuho Lee ae71076579 auth: fix "unconvert" warnings 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-30 15:32:16 -07:00
Gyuho Lee e9d5789dd4 auth: remove "strings.Compare == 0" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-30 15:10:56 -07:00
Gyuho Lee d398d41ff0 auth: break TLS VerifiedChains for-loop early 
Fix "auth/store.go:1147:4: the surrounding loop is unconditionally terminated (SA4004)"

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-30 10:34:59 -07:00
Gyuho Lee da4a982b1c auth: support structured logging 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-27 14:19:48 -07:00
Gyuho Lee f57fa6abaf auth: support structured logger 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-16 17:36:00 -07:00
Hitoshi Mitake b1dd19a7aa *: don't use string literals directly in grpc metadata 
Current etcd code uses the string literals ("token", "authorization")
as field names of grpc and swappger metadata for passing token. It is
difficult to maintain so this commit introduces new constants for the
purpose.
 2018-03-15 14:17:34 +09:00
Gyuho Lee f0eb772963 auth: add "IsAuthEnabled" method 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-02-28 11:16:35 -08:00
Hitoshi Mitake 8eb7cfb296 auth: a new auth token provider nop 
This commit adds a new auth token provider named nop. The nop provider
refuses every Authenticate() request so CN based authentication can
only be allowed. If the tokenOpts parameter of auth.NewTokenProvider()
is empty, the provider will be used.
 2018-02-27 16:21:14 +09:00
Gyuho Lee 8a518b01c4 *: revert "internal/mvcc" change 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-02-26 17:11:40 -08:00
Gyuho Lee bb95d190c1 *: revert "internal/auth" change 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-02-26 17:11:40 -08:00
Hitoshi Mitake 6c91766490 *: move "auth" to "internal/auth" 2018-01-29 14:57:35 +09:00
Gyuho Lee 80d15948bc *: move "mvcc" to "internal/mvcc" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-01-26 11:14:41 -08:00
Gyuho Lee 1f191a0e34 auth: use NewIncomingContext for "WithRoot" 
"WithRoot" is only used within local node, and
"AuthInfoFromCtx" expects token from incoming context.
Embed token with "NewIncomingContext" so that token
can be found in "AuthInfoFromCtx".

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2017-12-14 21:45:16 -08:00
Gyuho Lee 645c7c9a92 auth: use "sort.Strings" instead of StringSlice 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2017-12-04 14:09:27 -08:00
Hitoshi Mitake f649132a5a auth, etcdserver: follow the correct usage of context 
The keys of context shouldn't be string. They should be a struct of
their own type.

Fix https://github.com/coreos/etcd/issues/8826
 2017-11-21 15:31:19 +09:00
Gyu-Ho Lee 38942a2a51 auth: clean up mutex lock/unlocks 
Only hold locks when needed.

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-11-06 13:17:29 -08:00
Gyu-Ho Lee 568b856be8 auth: pre-allocate slices in store 
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-11-06 09:16:15 -08:00
Hitoshi Mitake da0a387aac auth: use binary search for checking root permission 
authpb.User.Roles is sorted so we don't need a linear search for
checking the user has a root role or not.
 2017-10-25 13:16:37 +09:00
Gyu-Ho Lee f65aee0759 *: replace 'golang.org/x/net/context' with 'context' 
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-09-07 13:39:42 -07:00
Gyu-Ho Lee 35b11bf438 auth: replace NewContext with NewOutgoingContext 
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-08-17 19:46:19 -07:00