Piotr Tabor
de55bb6331
pkg: Rename imports after making 'pkg' a module
...
find -name '*.go' | xargs sed --follow-symlinks -i 's|go.etcd.io/etcd/v3/pkg/|go.etcd.io/etcd/pkg/v3/|g'
go fmt ./...
2020-10-13 00:09:27 +02:00
Piotr Tabor
be4e8b7013
integration/fixtures: Move the 'tests/integration/fixtures' directory up and update references.
...
I moved the files up as they are shared between e2e & integrational tests.
2020-10-07 15:38:28 +02:00
Piotr Tabor
28f2b07623
*: Update references to code moved to the api/ dir.
...
Follow up to file-moves done in the previous commit.
The commit contains purely mechanical consequences of execution (apart
of scripts/genproto.sh):
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/v3rpc/rpctypes|v3/api/v3rpc/rpctypes|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/version|v3/api/version|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/mvcc/mvccpb|v3/api/mvccpb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/etcdserverpb|v3/api/etcdserverpb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/etcdserver/api/membership/membershippb|v3/api/membershippb|g'
% find ./ -name '*.go' | xargs sed --follow-symlinks -i 's|v3/auth/authpb|v3/api/authpb|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/mvcc/mvccpb/kv.proto|/api/mvccpb/kv.proto|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/auth/authpb/auth.proto|/api/authpb/auth.proto|g'
% find ./ -name '*.proto' -o -name '*.md' | xargs -L 1 sed --follow-symlinks -i 's|/etcdserver/api/membership/membershippb/membership.proto|/api/membershippb/membership.proto|g'
I also modified manually paths in scripts/genproto.sh.
% go fmt ./...
2020-10-06 11:56:16 +02:00
Piotr Tabor
389642dd16
client: Move client specific code (protos, version) to api/
...
client: Move client specific code (protos, version) to the api/
directory. Thanks to this change /client directory will not need to depend on
the server code. In next commits we make "/api" a module on its own.
Mechanical consequences of execution:
% git mv version/version.go api/version
% git mv etcdserver/api/v3rpc/rpctypes api/v3rpc
% git mv mvcc/mvccpb api/
% git mv etcdserver/etcdserverpb api/
% git mv auth/authpb api/
% git mv etcdserver/api/membership/membershippb api/
2020-10-06 11:53:36 +02:00
Piotr Tabor
528f5315d6
auth: Fix "race" - auth unit tests leaking goroutines
...
- We were leaking goroutines in auth-test
- The go-routines were depending / modifying global test environment
variables (simpleTokenTTLDefault) leading to races
Removed the leaked go-routines, and expanded 'auth' package to
be covered we leaked go-routines detection.
2020-10-03 19:38:30 +02:00
Sahdev Zala
ef866a6d8b
Merge pull request #11943 from mitake/bcrypt-in-api
...
auth, etcdserver: hash password in the API layer
2020-07-20 10:52:24 -04:00
Hitoshi Mitake
5a3da48cdf
auth, etcdserver: hash password in the API layer
2020-07-14 00:15:19 +09:00
Gyuho Lee
ebdccedbde
Merge pull request #11980 from cfc4n/simple-token-ttl
...
auth: Customize the settings of simpleTokenTTL.
2020-06-21 23:23:45 -07:00
CFC4N
b6d1987ccd
auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. ( #12005 )
...
Fiexs https://github.com/etcd-io/etcd/issues/12004 .
2020-06-12 16:10:19 -07:00
cfc4n
d507ab4aad
auth: Customize simpleTokenTTL settings.
...
see https://github.com/etcd-io/etcd/issues/11978 for more detail.
2020-06-11 17:15:42 +08:00
Brandon Philips
96cce208c2
go.mod: use go.etcd.io/etcd/v3 versioning
...
This change makes the etcd package compatible with the existing Go
ecosystem for module versioning.
Used this tool to update package imports:
https://github.com/KSubedi/gomove
2020-04-28 00:57:35 +00:00
Hitoshi Mitake
b6032eb7d2
auth: a new error code for the case of password auth against no password user
2020-04-22 23:25:24 +09:00
shawwang
9cf3162d11
auth: optimize lock scope for CheckPassword
...
to improve authentication performance in concurrent scenarios when enable auth and using authentication based password
2020-04-01 02:21:26 +08:00
Gyuho Lee
3ac7a11515
Merge pull request #11699 from tangcong/refactor-consistentindex
...
*: refactor consistentindex
2020-03-25 18:07:44 -07:00
tangcong
7b2018683a
*: refactor consistent index
2020-03-25 10:59:15 +08:00
tangcong
d70600feca
auth: ensure RoleGrantPermission is compatible with older versions
2020-03-25 09:50:07 +08:00
tangcong
0d084d3a08
auth: cleanup saveConsistentIndex in NewAuthStore
2020-03-10 10:04:58 +08:00
tangcong
ebe256d61c
auth: print warning log when error is ErrAuthOldRevision
2020-03-03 23:21:25 +08:00
shawwang
f14d2a087f
auth: add new metric 'etcd_debugging_auth_revision'
2020-02-29 13:31:44 +08:00
tangcong
06ad53321e
*: fix auth revision corruption bug
2020-02-29 13:31:37 +08:00
Sahdev P. Zala
cc5999db3a
auth: parse to uint instead of int
...
The strconv.Atoi is equivalent to ParseInt. The index is later used as
uint so we should use strconv.ParseUint.
2020-02-08 20:28:44 -05:00
Jingyi Hu
84fe23d530
auth: remove capnslog ( #11596 )
2020-02-06 12:28:14 -08:00
Vern Burton
071e70cdc4
*: add a new API and command for checking auth status ( #11536 )
...
This changes have started at etcdctl under auth.go, and make changes to stub out everything down into the internal raft. Made changes to the .proto files and regenerated them so that the local version would build successfully.
2020-02-05 19:27:42 -08:00
jingyih
081d5f5797
auth: correct logging level
2020-02-03 22:54:39 -08:00
yoyinzyc
aea34c14ca
auth: fix NoPassWord check when add user
2019-12-09 14:10:54 -08:00
yoyinzyc
c8ffd921d4
auth: fix user.Options nil pointer
2019-12-02 14:09:07 -08:00
Raphael Westphal
ade5337b92
etcdserver: add check for nil options
2019-08-26 17:43:05 +07:00
Gyuho Lee
6a0811a949
*: use new adt.IntervalTree interface
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2019-07-31 22:23:13 -07:00
Sahdev P. Zala
1cef112a79
etcdserver: do not allow creating empty role
...
Like user, we should not allow creating empty role.
Related #10905
2019-07-24 17:41:24 -04:00
Gyuho Lee
1caaa9ed4a
test: test update for Go 1.12.5 and related changes
...
Update to Go 1.12.5 testing. Remove deprecated unused and gosimple
pacakges, and mask staticcheck 1006. Also, fix unconvert errors related
to unnecessary type conversions and following staticcheck errors:
- remove redundant return statements
- use for range instead of for select
- use time.Since instead of time.Now().Sub
- omit comparison to bool constant
- replace T.Fatal and T.Fatalf in tests with T.Error and T.Fatalf respectively because the goroutine calls T.Fatal must be called in the same goroutine as the test
- fix error strings that should not be capitalized
- use sort.Strings(...) instead of sort.Sort(sort.StringSlice(...))
- use he status code of Canceled instead of grpc.ErrClientConnClosing which is deprecated
- use use status.Errorf instead of grpc.Errorf which is deprecated
Related #10528 #10438
2019-06-05 17:02:05 -04:00
Hitoshi Mitake
54b09d4f87
auth: add a unit test for creating a user with no password
2019-05-30 21:59:30 +09:00
Hitoshi Mitake
5a67dd788d
*: support creating a user without password
...
This commit adds a feature for creating a user without password. The
purpose of the feature is reducing attack surface by configuring bad
passwords (CN based auth will be allowed for the user).
The feature can be used with `--no-password` of `etcdctl user add`
command.
Fix https://github.com/coreos/etcd/issues/9590
2019-05-30 21:59:30 +09:00
Gyuho Lee
34bd797e67
*: revert module import paths
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2019-05-28 15:39:35 -07:00
shivaramr
9150bf52d6
go modules: Fix module path version to include version number
2019-04-26 15:29:50 -07:00
zhoulin xie
5effa154b4
auth/simple_token.go: fix plog.Panicf error message
...
Signed-off-by: zhoulin xie <zhoulin.xie@daocloud.io>
2019-02-24 19:34:02 -05:00
Sam Batschelet
bf9d0d8291
auth: disable CommonName auth for gRPC-gateway
...
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
2019-01-08 12:31:20 -05:00
Gyuho Lee
c58f5cfeda
test: disable "unparam" for now
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2018-12-17 11:30:28 -08:00
Essam A. Hassan
ffbdb458a4
Auth: improve auth coverage
...
adds tests for uncovered auth funcs
Issue #9734
2018-10-01 10:25:38 +02:00
Gyuho Lee
fced933294
auth: update Go import paths to "go.etcd.io"
...
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2018-08-28 17:47:55 -07:00
Joe LeGasse
a6ddb51c8a
auth: Support all JWT algorithms
...
This change adds support to etcd for all of the JWT algorithms included
in the underlying JWT library.
2018-06-26 16:31:01 -04:00
Sam Batschelet
b30a1166e0
auth: fix panic using WithRoot and improve JWT coverage
2018-05-22 12:53:27 -04:00
Jiang Xuan
bf432648ae
*: make bcrypt-cost configurable
2018-05-03 11:43:32 -07:00
Gyuho Lee
200401248a
Merge pull request #9665 from gyuho/unconvert
...
test: integrate github.com/mdempsky/unconvert
2018-05-01 09:52:44 -07:00
Gyuho Lee
ae71076579
auth: fix "unconvert" warnings
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 15:32:16 -07:00
Gyuho Lee
e9d5789dd4
auth: remove "strings.Compare == 0"
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 15:10:56 -07:00
Gyuho Lee
d398d41ff0
auth: break TLS VerifiedChains for-loop early
...
Fix "auth/store.go:1147:4: the surrounding loop is unconditionally terminated (SA4004)"
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-30 10:34:59 -07:00
Gyuho Lee
da4a982b1c
auth: support structured logging
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-27 14:19:48 -07:00
Gyuho Lee
f57fa6abaf
auth: support structured logger
...
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2018-04-16 17:36:00 -07:00
Hitoshi Mitake
b1dd19a7aa
*: don't use string literals directly in grpc metadata
...
Current etcd code uses the string literals ("token", "authorization")
as field names of grpc and swappger metadata for passing token. It is
difficult to maintain so this commit introduces new constants for the
purpose.
2018-03-15 14:17:34 +09:00
Hitoshi Mitake
752963beea
*: unify type of key and rangeEnd in AuthRoleRevokePermissionRequest
...
Fix https://github.com/coreos/etcd/issues/9424
2018-03-14 14:38:20 +09:00