de55bb6331
pkg: Rename imports after making 'pkg' a module
...
find -name '*.go' | xargs sed --follow-symlinks -i 's|go.etcd.io/etcd/v3/pkg/|go.etcd.io/etcd/pkg/v3/|g'
go fmt ./...
2020-10-13 00:09:27 +02:00
be4e8b7013
integration/fixtures: Move the 'tests/integration/fixtures' directory up and update references.
...
I moved the files up as they are shared between e2e & integrational tests.
2020-10-07 15:38:28 +02:00
28f2b07623
*: Update references to code moved to the api/ dir.
...
Follow up to file-moves done in the previous commit.
The commit contains purely mechanical consequences of execution (apart
of scripts/genproto.sh):
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/v3rpc/rpctypes|v3/api/v3rpc/rpctypes|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/version|v3/api/version|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/mvcc/mvccpb|v3/api/mvccpb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/etcdserverpb|v3/api/etcdserverpb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/membership/membershippb|v3/api/membershippb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/auth/authpb|v3/api/authpb|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/mvcc/mvccpb/kv.proto|/api/mvccpb/kv.proto|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/auth/authpb/auth.proto|/api/authpb/auth.proto|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/etcdserver/api/membership/membershippb/membership.proto|/api/membershippb/membership.proto|g'
I also modified manually paths in scripts/genproto.sh.
% go fmt ./...
2020-10-06 11:56:16 +02:00
389642dd16
client: Move client specific code (protos, version) to api/
...
client: Move client specific code (protos, version) to the api/
directory. Thanks to this change /client directory will not need to depend on
the server code. In next commits we make "/api" a module on its own.
Mechanical consequences of execution:
% git mv version/version.go api/version
% git mv etcdserver/api/v3rpc/rpctypes api/v3rpc
% git mv mvcc/mvccpb api/
% git mv etcdserver/etcdserverpb api/
% git mv auth/authpb api/
% git mv etcdserver/api/membership/membershippb api/
2020-10-06 11:53:36 +02:00
528f5315d6
auth: Fix "race" - auth unit tests leaking goroutines
...
- We were leaking goroutines in auth-test
- The go-routines were depending / modifying global test environment
variables (simpleTokenTTLDefault) leading to races
Removed the leaked go-routines, and expanded 'auth' package to
be covered we leaked go-routines detection.
2020-10-03 19:38:30 +02:00
ef866a6d8b
Merge pull request #11943 from mitake/bcrypt-in-api
...
auth, etcdserver: hash password in the API layer
2020-07-20 10:52:24 -04:00
5a3da48cdf
auth, etcdserver: hash password in the API layer
2020-07-14 00:15:19 +09:00
ebdccedbde
Merge pull request #11980 from cfc4n/simple-token-ttl
...
auth: Customize the settings of simpleTokenTTL.
2020-06-21 23:23:45 -07:00
b6d1987ccd
auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. ( #12005 )
...
Fiexs https://github.com/etcd-io/etcd/issues/12004 .
2020-06-12 16:10:19 -07:00
d507ab4aad
auth: Customize simpleTokenTTL settings.
...
see https://github.com/etcd-io/etcd/issues/11978 for more detail.
2020-06-11 17:15:42 +08:00
96cce208c2
go.mod: use go.etcd.io/etcd/v3 versioning
...
This change makes the etcd package compatible with the existing Go
ecosystem for module versioning.
Used this tool to update package imports:
https://github.com/KSubedi/gomove
2020-04-28 00:57:35 +00:00
b6032eb7d2
auth: a new error code for the case of password auth against no password user
2020-04-22 23:25:24 +09:00
9cf3162d11
auth: optimize lock scope for CheckPassword
...
to improve authentication performance in concurrent scenarios when enable auth and using authentication based password
2020-04-01 02:21:26 +08:00
3ac7a11515
Merge pull request #11699 from tangcong/refactor-consistentindex
...
*: refactor consistentindex
2020-03-25 18:07:44 -07:00
7b2018683a
*: refactor consistent index
2020-03-25 10:59:15 +08:00
d70600feca
auth: ensure RoleGrantPermission is compatible with older versions
2020-03-25 09:50:07 +08:00
0d084d3a08
auth: cleanup saveConsistentIndex in NewAuthStore
2020-03-10 10:04:58 +08:00
ebe256d61c
auth: print warning log when error is ErrAuthOldRevision
2020-03-03 23:21:25 +08:00
f14d2a087f
auth: add new metric 'etcd_debugging_auth_revision'
2020-02-29 13:31:44 +08:00
06ad53321e
*: fix auth revision corruption bug
2020-02-29 13:31:37 +08:00
cc5999db3a
auth: parse to uint instead of int
...
The strconv.Atoi is equivalent to ParseInt. The index is later used as
uint so we should use strconv.ParseUint.
2020-02-08 20:28:44 -05:00
84fe23d530
auth: remove capnslog ( #11596 )
2020-02-06 12:28:14 -08:00
071e70cdc4
*: add a new API and command for checking auth status ( #11536 )
...
This changes have started at etcdctl under auth.go, and make changes to stub out everything down into the internal raft. Made changes to the .proto files and regenerated them so that the local version would build successfully.
2020-02-05 19:27:42 -08:00
081d5f5797
auth: correct logging level
2020-02-03 22:54:39 -08:00
aea34c14ca
auth: fix NoPassWord check when add user
2019-12-09 14:10:54 -08:00
c8ffd921d4
auth: fix user.Options nil pointer
2019-12-02 14:09:07 -08:00
ade5337b92
etcdserver: add check for nil options
2019-08-26 17:43:05 +07:00
6a0811a949
*: use new adt.IntervalTree interface
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2019-07-31 22:23:13 -07:00
1cef112a79
etcdserver: do not allow creating empty role
...
Like user, we should not allow creating empty role.
Related #10905
2019-07-24 17:41:24 -04:00
1caaa9ed4a
test: test update for Go 1.12.5 and related changes
...
Update to Go 1.12.5 testing. Remove deprecated unused and gosimple
pacakges, and mask staticcheck 1006. Also, fix unconvert errors related
to unnecessary type conversions and following staticcheck errors:
- remove redundant return statements
- use for range instead of for select
- use time.Since instead of time.Now().Sub
- omit comparison to bool constant
- replace T.Fatal and T.Fatalf in tests with T.Error and T.Fatalf respectively because the goroutine calls T.Fatal must be called in the same goroutine as the test
- fix error strings that should not be capitalized
- use sort.Strings(...) instead of sort.Sort(sort.StringSlice(...))
- use he status code of Canceled instead of grpc.ErrClientConnClosing which is deprecated
- use use status.Errorf instead of grpc.Errorf which is deprecated
Related #10528 #10438
2019-06-05 17:02:05 -04:00
54b09d4f87
auth: add a unit test for creating a user with no password
2019-05-30 21:59:30 +09:00
5a67dd788d
*: support creating a user without password
...
This commit adds a feature for creating a user without password. The
purpose of the feature is reducing attack surface by configuring bad
passwords (CN based auth will be allowed for the user).
The feature can be used with `--no-password` of `etcdctl user add`
command.
Fix https://github.com/coreos/etcd/issues/9590
2019-05-30 21:59:30 +09:00
34bd797e67
*: revert module import paths
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2019-05-28 15:39:35 -07:00
9150bf52d6
go modules: Fix module path version to include version number
2019-04-26 15:29:50 -07:00
5effa154b4
auth/simple_token.go: fix plog.Panicf error message
...
Signed-off-by: zhoulin xie <zhoulin.xie@daocloud.io>
2019-02-24 19:34:02 -05:00
bf9d0d8291
auth: disable CommonName auth for gRPC-gateway
...
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
2019-01-08 12:31:20 -05:00
c58f5cfeda
test: disable "unparam" for now
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2018-12-17 11:30:28 -08:00
ffbdb458a4
Auth: improve auth coverage
...
adds tests for uncovered auth funcs
Issue #9734
2018-10-01 10:25:38 +02:00
fced933294
auth: update Go import paths to "go.etcd.io"
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2018-08-28 17:47:55 -07:00
a6ddb51c8a
auth: Support all JWT algorithms
...
This change adds support to etcd for all of the JWT algorithms included
in the underlying JWT library.
2018-06-26 16:31:01 -04:00
b30a1166e0
auth: fix panic using WithRoot and improve JWT coverage
2018-05-22 12:53:27 -04:00
bf432648ae
*: make bcrypt-cost configurable
2018-05-03 11:43:32 -07:00
200401248a
Merge pull request #9665 from gyuho/unconvert
...
test: integrate github.com/mdempsky/unconvert
2018-05-01 09:52:44 -07:00
ae71076579
auth: fix "unconvert" warnings
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 15:32:16 -07:00
e9d5789dd4
auth: remove "strings.Compare == 0"
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 15:10:56 -07:00
d398d41ff0
auth: break TLS VerifiedChains for-loop early
...
Fix "auth/store.go:1147:4: the surrounding loop is unconditionally terminated (SA4004)"
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 10:34:59 -07:00
da4a982b1c
auth: support structured logging
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-27 14:19:48 -07:00
f57fa6abaf
auth: support structured logger
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-16 17:36:00 -07:00
b1dd19a7aa
*: don't use string literals directly in grpc metadata
...
Current etcd code uses the string literals ("token", "authorization")
as field names of grpc and swappger metadata for passing token. It is
difficult to maintain so this commit introduces new constants for the
purpose.
2018-03-15 14:17:34 +09:00
752963beea
*: unify type of key and rangeEnd in AuthRoleRevokePermissionRequest
...
Fix https://github.com/coreos/etcd/issues/9424
2018-03-14 14:38:20 +09:00
Piotr Tabor