4570eddc2c
wal: PrivateFileMode/DirMode as in pkg/fileutil
...
To make it consistent with pkg/fileutil
2016-06-10 15:20:57 -07:00
3210bb8181
Merge pull request #5632 from xiang90/auth_store_cleanup
...
auth: cleanup store.go
2016-06-10 14:49:56 -07:00
a92ea417b4
Merge pull request #5534 from gyuho/readme
...
README: minor fix in README
2016-06-10 14:46:15 -07:00
bb6102c00c
Merge pull request #5630 from xiang90/del_user
...
auth: add del functions for user/role
2016-06-10 14:28:36 -07:00
f8c1a50195
auth: cleanup store.go
2016-06-10 14:19:29 -07:00
2781553a9e
Merge pull request #5615 from mitake/auth-v3-consistent-token
...
auth, etcdserver: make auth tokens consistent for all nodes
2016-06-10 14:19:21 -07:00
8776962008
auth: add del functions for user/role
2016-06-10 14:11:00 -07:00
ead5096fa9
auth, etcdserver: make auth tokens consistent for all nodes
...
Currently auth tokens are generated in the replicated state machine
layer randomly. It means one auth token generated in node A cannot be
used for node B. It is problematic for load balancing and fail
over. This commit moves the token generation logic from the state
machine to API layer (before raft) and let all nodes share a single
token.
Log index of Raft is also added to a token for ensuring uniqueness of
the token and detecting activation of the token in the cluster (some
nodes can receive the token before generating and installing the token
in its state machine).
This commit also lets authStore have simple token related things. It
is required because of unit test. The test requires cleaning of the
state of the simple token things after one test (succeeding test can
create duplicated token and it causes panic).
2016-06-10 13:55:37 -07:00
65abcc1a59
Merge pull request #5629 from xiang90/put_role
...
auth: cleanup
2016-06-10 13:53:34 -07:00
cf99d596f5
auth: cleanup get user and get role usage
2016-06-10 13:34:40 -07:00
0914d65c1f
auth: add put role
2016-06-10 13:20:48 -07:00
e854fa1856
Merge pull request #5622 from heyitsanthony/e2e-auth-keys
...
e2e: auth key put test
2016-06-10 12:17:38 -07:00
cd569d640b
Merge pull request #5600 from lucab/to-upstream/armored-sigs
...
doc: sign release artifacts in armor mode
2016-06-10 12:11:53 -07:00
aa56e47712
Merge pull request #5625 from xiang90/put_user
...
auth: add put_user
2016-06-10 12:10:21 -07:00
1e22137a9a
e2e: test auth is respected for Puts
2016-06-10 11:43:06 -07:00
b3a0b0502c
etcdserver: respect auth on serialized Range
2016-06-10 11:43:05 -07:00
ae30ab7897
auth: add put_user
2016-06-10 11:27:42 -07:00
247103c40b
Merge pull request #5623 from xiang90/get_role
...
auth: add getRole
2016-06-10 11:17:59 -07:00
1958598a18
auth: add getRole
2016-06-10 10:59:34 -07:00
c459073c6d
Merge pull request #5620 from xiang90/auth_recover
...
auth: implement recover
2016-06-10 10:35:03 -07:00
05f9d1b716
Merge pull request #5610 from gyuho/handle_timeout_error
...
etcd-tester: do not exit for compaction timeout
2016-06-10 09:47:54 -07:00
5631acdb8f
etcd-tester: do not exit for compact timeout
...
Temporary fix for https://github.com/coreos/etcd/issues/5606 .
2016-06-10 09:44:45 -07:00
ca4e78687e
auth: implement recover
2016-06-10 09:37:37 -07:00
bdc7035c10
Merge pull request #5617 from liggitt/preallocation
...
fileutil: avoid double preallocation
2016-06-09 22:27:17 -07:00
4f7622fb9a
fileutil: avoid double preallocation
2016-06-10 00:27:59 -04:00
d4ac09de0f
Merge pull request #5612 from gyuho/index_bench
...
mvcc: add keyIndex, treeIndex Restore benchmark
2016-06-09 16:09:56 -07:00
6e32e8501a
Merge pull request #5613 from xiang90/rootrole
...
*: add admin permission checking
2016-06-09 16:00:37 -07:00
7da1940dce
Merge pull request #5607 from xiang90/raft_user
...
raft: add docker/swarmkit as notable raft users
2016-06-09 15:39:09 -07:00
f1c6fa48f5
*: add admin permission checking
2016-06-09 15:25:09 -07:00
6bbd8b7efb
mvcc: add keyIndex benchmark test
...
Useful later when trying to optimize our restore operations.
2016-06-09 14:13:18 -07:00
a7c5058953
Merge pull request #5608 from heyitsanthony/clientv3-auth-opts
...
clientv3: use separate dialopts for auth dial
2016-06-09 12:56:59 -07:00
349eaf117a
clientv3: use separate dialopts for auth dial
...
Needs to use a different balancer from the main client connection
because of the way grpc uses the Notify channel.
2016-06-09 10:38:57 -07:00
ab65d2b848
raft: add docker/swarmkit as notable raft users
2016-06-09 10:10:44 -07:00
78c957df41
Merge pull request #5603 from heyitsanthony/clientv3-close-keepalive
...
clientv3: close keepalive channel if TTL locally exceeded
2016-06-09 09:44:32 -07:00
0554ef9c39
clientv3/integration: tests for closing lease channel
2016-06-09 09:12:59 -07:00
e534532523
clientv3: close keep alive channel if no response within TTL
2016-06-09 09:12:59 -07:00
fb0df211f0
Merge pull request #5586 from xiang90/root
...
auth: add root user and root role
2016-06-09 00:23:45 -07:00
da2f2a5189
auth: add root user and root role
2016-06-08 19:55:08 -07:00
a548cab828
Merge pull request #5602 from gyuho/get_leader
...
clientv3/integration: WaitLeader to follower
2016-06-08 17:03:25 -07:00
753073198f
clientv3/integration: WaitLeader to follower
...
Fix https://github.com/coreos/etcd/issues/5601 .
2016-06-08 16:45:32 -07:00
77dee97c2f
Merge pull request #5578 from mitake/auth-v3-range
...
auth, etcdserver: permission of range requests
2016-06-08 16:33:25 -07:00
253e313c09
*: support granting and revoking range
...
This commit adds a feature for granting and revoking range of keys,
not a single key.
Example:
$ ETCDCTL_API=3 bin/etcdctl role grant r1 readwrite k1 k3
Role r1 updated
$ ETCDCTL_API=3 bin/etcdctl role get r1
Role r1
KV Read:
[a, b)
[k1, k3)
[k2, k4)
KV Write:
[a, b)
[k1, k3)
[k2, k4)
$ ETCDCTL_API=3 bin/etcdctl --user u1:p get k1 k4
k1
v1
$ ETCDCTL_API=3 bin/etcdctl --user u1:p get k1 k5
Error: etcdserver: permission denied
2016-06-08 14:58:25 -07:00
9dad78c68f
Merge pull request #5599 from gyuho/e2e_fix
...
e2e: fix race in ranging test tables
2016-06-08 14:46:02 -07:00
bd5e1ea1c0
e2e: fix race in ranging test tables
...
Fix https://github.com/coreos/etcd/issues/5598 .
race conditions were detected in iterating the test table
because the go func closure doesn't receive the 'puts' index
in the argument. This can cause the test to run wrong put
operations.
2016-06-08 13:44:05 -07:00
87d105c036
Merge pull request #5596 from heyitsanthony/wal-warn-slow-fsync
...
wal: warn if sync exceeds a second
2016-06-08 13:07:13 -07:00
6bb96074da
auth, etcdserver: permission of range requests
...
Currently the auth mechanism doesn't support permissions of range
request. It just checks exact matching of key names even for range
queries. This commit adds a mechanism for setting permission to range
queries. Range queries are allowed if a range of the query is [begin1,
end1) and the user has a permission of reading [begin2, range2) and
[begin1, end2) is a subset of [begin2, range2). Range delete requests
will follow the same rule.
2016-06-08 11:57:32 -07:00
35329a1674
Merge pull request #5597 from gyuho/btree_dep
...
*: update google/btree dependency
2016-06-08 11:39:29 -07:00
0b7e5c70a5
*: update google/btree dependency
2016-06-08 11:23:49 -07:00
39eaa37dcf
wal: warn if sync exceeds a second
2016-06-08 11:03:18 -07:00
ff2b24a8ac
Merge pull request #5583 from heyitsanthony/grpc-nuke-waitstate
...
clientv3: use grpc balancer
2016-06-08 09:45:44 -07:00
Gyu-Ho Lee