vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
15,314 Commits
21 Branches
406 Tags
79 MiB
Commit Graph

47 Commits (8a2a951d793a1d1a0673f88c9f18a325a9a71ab3)

Author SHA1 Message Date
John Millikin 95f3138b5f
tests: Use more deterministic error message in TestEtcdPeerNameAuth 2019-07-10 14:24:20 +09:00
John Millikin c6686734b1
tests: Use 'localhost' to match SAN of `integration/fixtures/server.crt` 2019-07-10 13:33:14 +09:00
John Millikin 5824421f8b
etcdman, pkg: Rename new flags to 'hostname' 2019-07-10 09:30:02 +09:00
John Millikin 9a53601a18
etcdmain, pkg: Support peer and client TLS auth based on SAN fields. 
Etcd currently supports validating peers based on their TLS certificate's
CN field. The current best practice for creation and validation of TLS
certs is to use the Subject Alternative Name (SAN) fields instead, so that
a certificate might be issued with a unique CN and its logical
identities in the SANs.

This commit extends the peer validation logic to use Go's
`(*"crypto/x509".Certificate).ValidateHostname` function for name
validation, which allows SANs to be used for peer access control.

In addition, it allows name validation to be enabled on clients as well.
This is used when running Etcd behind an authenticating proxy, or as
an internal component in a larger system (like a Kubernetes master).
 2019-07-10 09:30:02 +09:00
Hitoshi Mitake 7bbc536e1c tests/e2e: initialize UserAddOptions{} field in testV3CurlAuth() 2019-06-06 23:07:41 +09:00
Gyuho Lee 1caaa9ed4a test: test update for Go 1.12.5 and related changes 
Update to Go 1.12.5 testing. Remove deprecated unused and gosimple
pacakges, and mask staticcheck 1006. Also, fix unconvert errors related
to unnecessary type conversions and following staticcheck errors:
- remove redundant return statements
- use for range instead of for select
- use time.Since instead of time.Now().Sub
- omit comparison to bool constant
- replace T.Fatal and T.Fatalf in tests with T.Error and T.Fatalf respectively because the goroutine calls T.Fatal must be called in the same goroutine as the test
- fix error strings that should not be capitalized
- use sort.Strings(...) instead of sort.Sort(sort.StringSlice(...))
- use he status code of Canceled instead of grpc.ErrClientConnClosing which is deprecated
- use use status.Errorf instead of grpc.Errorf which is deprecated

Related #10528 #10438
 2019-06-05 17:02:05 -04:00
Hitoshi Mitake 8257dfdb51 e2e: add test cases for a user without password 2019-05-30 21:59:30 +09:00
Hitoshi Mitake 5a67dd788d *: support creating a user without password 
This commit adds a feature for creating a user without password. The
purpose of the feature is reducing attack surface by configuring bad
passwords (CN based auth will be allowed for the user).

The feature can be used with `--no-password` of `etcdctl user add`
command.

Fix https://github.com/coreos/etcd/issues/9590
 2019-05-30 21:59:30 +09:00
Gyuho Lee 34bd797e67 *: revert module import paths 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-05-28 15:39:35 -07:00
Jingyi Hu e4296bbad9 tests/e2e: Add test for learner member add 
Added an e2e test to exercise "etcdctl member add --learner".
 2019-05-14 13:10:22 -07:00
shivaramr 9150bf52d6 go modules: Fix module path version to include version number 2019-04-26 15:29:50 -07:00
Gyuho Lee 5877763990 tests/e2e: fix "authLeaseTestLeaseRevoke" 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-02-15 09:39:03 -08:00
Hitoshi Mitake a1f964afd3 tests: add a new e2e test case for the combination of non empty CN and grpc proxy 2019-01-25 00:43:57 +09:00
Hitoshi Mitake 69e2faec00 tests: update TestV3CurlAuthClientTLSCertAuth for using cert with empty CN 2019-01-23 03:26:34 +09:00
johncming fffb982f1a tests/e2e: add missing return error. 2019-01-09 13:47:09 +08:00
Sam Batschelet 577d7c0df2 e2e: update test to reflect (ST1005) update. 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2019-01-08 21:04:20 -05:00
Sam Batschelet 99704e2a97 e2e: add ClientTLSCertAuth coverage for curl v3 auth tests 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2019-01-08 12:31:20 -05:00
Gyuho Lee 0226481584 tests/e2e: test cluster version 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2018-11-13 21:49:33 -08:00
Gyuho Lee 8db439d693 *: use "go.etcd.io/bbolt" 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2018-08-29 12:31:28 -07:00
Gyuho Lee d37f1521b7 *: update import paths to "go.etcd.io/etcd" 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2018-08-28 17:47:55 -07:00
Joe Betz b3b06a862a
clientv3: Fix maintenance APIs to directly dial grpc endpoints correctly. 2018-07-23 11:20:15 -07:00
Gyuho Lee 42bef8460c *: clean up code format 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-07-21 16:34:56 -07:00
Gyuho Lee 6a16c7974a tests/e2e: handle cipher suite mismatch error in ubuntu 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-07-05 10:50:07 -07:00
Gyuho Lee b01d560be0 tests/e2e: remove unnessary type conversion 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-07-05 10:10:30 -07:00
Gyuho Lee 08474ed5bd tests/e2e: do not run cipher suite tests for gRPC proxy 
```
../../bin/etcd-30074: 2018-06-19 11:49:12.052662 I | etcdmain: v2 proxy started listening on client requests on "https://localhost:20002"
../../bin/etcd-30083: Error: unknown flag: --cipher-suites
../../bin/etcd-30083: Usage:
../../bin/etcd-30083:   etcd grpc-proxy start [flags]
```

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-06-19 11:49:59 -07:00
Gyuho Lee 0d13176c99 tests/e2e: do not run cipher suite tests in coverage tests 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-06-13 14:32:27 -07:00
Gyuho Lee 52ae578922
Merge pull request #9807 from gyuho/move-leader 
ctlv3: support TLS endpoints for move-leader command
 2018-06-05 15:46:49 -07:00
Gyuho Lee 6d9cb7ac9a tests/e2e: test move-leader command with TLS 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-06-05 13:45:14 -07:00
Gyuho Lee d82f726da8 tests/e2e: test client-side cipher suites with curl 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-06-05 12:59:29 -07:00
Gyuho Lee b153be2acb tests/e2e: fix "testCtlV2Backup" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-31 14:25:24 -07:00
Vimal K 25bc65794f etcdctl/ctlv3: etcd v3.4 makes ETCDCTL_API=3 by default 2018-05-29 06:27:20 +05:30
Sam Batschelet b30a1166e0 auth: fix panic using WithRoot and improve JWT coverage 2018-05-22 12:53:27 -04:00
Gyuho Lee 7dabd6c255 *: rename internal packages in tools/testing 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-21 07:45:34 -07:00
Gyuho Lee 31094e5616 tests/e2e: rename to "snapshotCount" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-18 15:27:48 -07:00
Gyuho Lee 4ce10157ff tests/e2e: rename "SnapshotCount" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-18 14:40:02 -07:00
Gyuho Lee df87dba218 tests/e2e: use different parameters 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-09 15:42:45 -07:00
Gyuho Lee 03bf62f569 tests/e2e: update v2 proxy ready message 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-04 20:04:01 -07:00
Gyuho Lee acf671a94c tests/e2e: separate coverage tests for exec commands 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-05-03 17:22:34 -07:00
Gyuho Lee 1c44293f7e tests/e2e: comment out TestEtcdCorruptHash debugging lines 
No need

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-16 19:04:34 -07:00
Gyuho Lee a3b9d828ed tests/e2e: fix gateway tests 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-16 18:25:30 -07:00
Gyuho Lee 92c32743c9 tests/e2e: fix TestIssue6361 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-16 18:01:12 -07:00
Gyuho Lee ae9ccd883d etcdctl/ctlv3: fix snapshot command e2e tests 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-16 17:36:00 -07:00
Gyuho Lee 89c58b6f7a tests/e2e: fix "configJWT" path 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-09 13:41:46 -07:00
Gyuho Lee 824982d1eb tests/e2e: fix TestEtcdExampleConfig 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-09 13:12:55 -07:00
Gyuho Lee 422acc9018 tests/e2e: fix COVERDIR path 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-09 12:46:55 -07:00
Gyuho Lee a8a5176f1d tests/e2e: fix exec paths 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-09 11:12:42 -07:00
Gyuho Lee 72211db7cf tests: move internal "e2e" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-09 10:37:28 -07:00