Piotr Tabor
28f2b07623
*: Update references to code moved to the api/ dir.
...
Follow up to file-moves done in the previous commit.
The commit contains purely mechanical consequences of execution (apart
of scripts/genproto.sh):
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/v3rpc/rpctypes|v3/api/v3rpc/rpctypes|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/version|v3/api/version|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/mvcc/mvccpb|v3/api/mvccpb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/etcdserverpb|v3/api/etcdserverpb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/membership/membershippb|v3/api/membershippb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/auth/authpb|v3/api/authpb|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/mvcc/mvccpb/kv.proto|/api/mvccpb/kv.proto|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/auth/authpb/auth.proto|/api/authpb/auth.proto|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/etcdserver/api/membership/membershippb/membership.proto|/api/membershippb/membership.proto|g'
I also modified manually paths in scripts/genproto.sh.
% go fmt ./...
2020-10-06 11:56:16 +02:00
Sahdev Zala
ef866a6d8b
Merge pull request #11943 from mitake/bcrypt-in-api
...
auth, etcdserver: hash password in the API layer
2020-07-20 10:52:24 -04:00
Hitoshi Mitake
5a3da48cdf
auth, etcdserver: hash password in the API layer
2020-07-14 00:15:19 +09:00
Gyuho Lee
ebdccedbde
Merge pull request #11980 from cfc4n/simple-token-ttl
...
auth: Customize the settings of simpleTokenTTL.
2020-06-21 23:23:45 -07:00
CFC4N
b6d1987ccd
auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. ( #12005 )
...
Fiexs https://github.com/etcd-io/etcd/issues/12004 .
2020-06-12 16:10:19 -07:00
cfc4n
d507ab4aad
auth: Customize simpleTokenTTL settings.
...
see https://github.com/etcd-io/etcd/issues/11978 for more detail.
2020-06-11 17:15:42 +08:00
Brandon Philips
96cce208c2
go.mod: use go.etcd.io/etcd/v3 versioning
...
This change makes the etcd package compatible with the existing Go
ecosystem for module versioning.
Used this tool to update package imports:
https://github.com/KSubedi/gomove
2020-04-28 00:57:35 +00:00
Hitoshi Mitake
b6032eb7d2
auth: a new error code for the case of password auth against no password user
2020-04-22 23:25:24 +09:00
shawwang
9cf3162d11
auth: optimize lock scope for CheckPassword
...
to improve authentication performance in concurrent scenarios when enable auth and using authentication based password
2020-04-01 02:21:26 +08:00
Gyuho Lee
3ac7a11515
Merge pull request #11699 from tangcong/refactor-consistentindex
...
*: refactor consistentindex
2020-03-25 18:07:44 -07:00
tangcong
7b2018683a
*: refactor consistent index
2020-03-25 10:59:15 +08:00
tangcong
d70600feca
auth: ensure RoleGrantPermission is compatible with older versions
2020-03-25 09:50:07 +08:00
tangcong
0d084d3a08
auth: cleanup saveConsistentIndex in NewAuthStore
2020-03-10 10:04:58 +08:00
tangcong
ebe256d61c
auth: print warning log when error is ErrAuthOldRevision
2020-03-03 23:21:25 +08:00
shawwang
f14d2a087f
auth: add new metric 'etcd_debugging_auth_revision'
2020-02-29 13:31:44 +08:00
tangcong
06ad53321e
*: fix auth revision corruption bug
2020-02-29 13:31:37 +08:00
Jingyi Hu
84fe23d530
auth: remove capnslog ( #11596 )
2020-02-06 12:28:14 -08:00
yoyinzyc
aea34c14ca
auth: fix NoPassWord check when add user
2019-12-09 14:10:54 -08:00
yoyinzyc
c8ffd921d4
auth: fix user.Options nil pointer
2019-12-02 14:09:07 -08:00
Raphael Westphal
ade5337b92
etcdserver: add check for nil options
2019-08-26 17:43:05 +07:00
Sahdev P. Zala
1cef112a79
etcdserver: do not allow creating empty role
...
Like user, we should not allow creating empty role.
Related #10905
2019-07-24 17:41:24 -04:00
Hitoshi Mitake
5a67dd788d
*: support creating a user without password
...
This commit adds a feature for creating a user without password. The
purpose of the feature is reducing attack surface by configuring bad
passwords (CN based auth will be allowed for the user).
The feature can be used with `--no-password` of `etcdctl user add`
command.
Fix https://github.com/coreos/etcd/issues/9590
2019-05-30 21:59:30 +09:00
Gyuho Lee
34bd797e67
*: revert module import paths
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2019-05-28 15:39:35 -07:00
shivaramr
9150bf52d6
go modules: Fix module path version to include version number
2019-04-26 15:29:50 -07:00
Sam Batschelet
bf9d0d8291
auth: disable CommonName auth for gRPC-gateway
...
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
2019-01-08 12:31:20 -05:00
Gyuho Lee
fced933294
auth: update Go import paths to "go.etcd.io"
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2018-08-28 17:47:55 -07:00
Joe LeGasse
a6ddb51c8a
auth: Support all JWT algorithms
...
This change adds support to etcd for all of the JWT algorithms included
in the underlying JWT library.
2018-06-26 16:31:01 -04:00
Sam Batschelet
b30a1166e0
auth: fix panic using WithRoot and improve JWT coverage
2018-05-22 12:53:27 -04:00
Jiang Xuan
bf432648ae
*: make bcrypt-cost configurable
2018-05-03 11:43:32 -07:00
Gyuho Lee
200401248a
Merge pull request #9665 from gyuho/unconvert
...
test: integrate github.com/mdempsky/unconvert
2018-05-01 09:52:44 -07:00
Gyuho Lee
ae71076579
auth: fix "unconvert" warnings
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 15:32:16 -07:00
Gyuho Lee
e9d5789dd4
auth: remove "strings.Compare == 0"
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 15:10:56 -07:00
Gyuho Lee
d398d41ff0
auth: break TLS VerifiedChains for-loop early
...
Fix "auth/store.go:1147:4: the surrounding loop is unconditionally terminated (SA4004)"
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 10:34:59 -07:00
Gyuho Lee
da4a982b1c
auth: support structured logging
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-27 14:19:48 -07:00
Gyuho Lee
f57fa6abaf
auth: support structured logger
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-16 17:36:00 -07:00
Hitoshi Mitake
b1dd19a7aa
*: don't use string literals directly in grpc metadata
...
Current etcd code uses the string literals ("token", "authorization")
as field names of grpc and swappger metadata for passing token. It is
difficult to maintain so this commit introduces new constants for the
purpose.
2018-03-15 14:17:34 +09:00
Gyuho Lee
f0eb772963
auth: add "IsAuthEnabled" method
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-02-28 11:16:35 -08:00
Hitoshi Mitake
8eb7cfb296
auth: a new auth token provider nop
...
This commit adds a new auth token provider named nop. The nop provider
refuses every Authenticate() request so CN based authentication can
only be allowed. If the tokenOpts parameter of auth.NewTokenProvider()
is empty, the provider will be used.
2018-02-27 16:21:14 +09:00
Gyuho Lee
8a518b01c4
*: revert "internal/mvcc" change
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-02-26 17:11:40 -08:00
Gyuho Lee
bb95d190c1
*: revert "internal/auth" change
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-02-26 17:11:40 -08:00
Hitoshi Mitake
6c91766490
*: move "auth" to "internal/auth"
2018-01-29 14:57:35 +09:00
Gyuho Lee
80d15948bc
*: move "mvcc" to "internal/mvcc"
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-01-26 11:14:41 -08:00
Gyuho Lee
1f191a0e34
auth: use NewIncomingContext for "WithRoot"
...
"WithRoot" is only used within local node, and
"AuthInfoFromCtx" expects token from incoming context.
Embed token with "NewIncomingContext" so that token
can be found in "AuthInfoFromCtx".
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2017-12-14 21:45:16 -08:00
Gyuho Lee
645c7c9a92
auth: use "sort.Strings" instead of StringSlice
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2017-12-04 14:09:27 -08:00
Hitoshi Mitake
f649132a5a
auth, etcdserver: follow the correct usage of context
...
The keys of context shouldn't be string. They should be a struct of
their own type.
Fix https://github.com/coreos/etcd/issues/8826
2017-11-21 15:31:19 +09:00
Gyu-Ho Lee
38942a2a51
auth: clean up mutex lock/unlocks
...
Only hold locks when needed.
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
2017-11-06 13:17:29 -08:00
Gyu-Ho Lee
568b856be8
auth: pre-allocate slices in store
...
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
2017-11-06 09:16:15 -08:00
Hitoshi Mitake
da0a387aac
auth: use binary search for checking root permission
...
authpb.User.Roles is sorted so we don't need a linear search for
checking the user has a root role or not.
2017-10-25 13:16:37 +09:00
Gyu-Ho Lee
f65aee0759
*: replace 'golang.org/x/net/context' with 'context'
...
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
2017-09-07 13:39:42 -07:00
Gyu-Ho Lee
35b11bf438
auth: replace NewContext with NewOutgoingContext
...
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
2017-08-17 19:46:19 -07:00