vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,986 Commits
21 Branches
406 Tags
79 MiB
Commit Graph

216 Commits (fded83f1112b40a5c3d12f94c767abfd4152dff1)

Author SHA1 Message Date
Hitoshi Mitake c40b86bcde auth, etcdserver: forbid invalid auth management 
If auth is enabled,
1. deleting the user root
2. revoking the role root from the user root
must not be allowed. This commit forbids them.
 2017-03-23 16:47:58 +09:00
Anthony Romano dea2516177 v3client: fix doc to use e.Server 
Was passing embed.Etcd instead of etcdserver.EtcdServer.
 2017-03-15 09:17:17 -07:00
Anthony Romano 01d1a579bc v3client: add example and godoc New 2017-03-14 10:50:41 -07:00
Anthony Romano 47cd9d0277 v3lock: server-side api for locking 2017-03-13 15:23:26 -07:00
Anthony Romano 763a37d3f1 v3client: a bridge between an etcdserver and a clientv3 2017-03-13 15:23:26 -07:00
Anthony Romano 5da5b834e5 api: default to V3 capability 
Fixes #7154
 2017-03-02 14:02:09 -08:00
fanmin shi 2ca1823a96 v3rpc: LeaseTimeToLive returns TTL=-1 resp on lease not found 2017-02-10 16:33:31 -08:00
Hitoshi Mitake 0191509637 auth, etcdserver: authenticate clients based on certificate CommonName 
This commit lets v3 auth mechanism authenticate clients based on
CommonName of certificate like v2 auth.
 2017-01-31 17:22:12 +09:00
sharat 5ac4e4255a v3rpc: error for non empty lease with 'ignore_lease' 2017-01-25 03:04:07 +05:30
Xiang Li 26d99269c0 Merge pull request #6898 from mitake/auth-maintain 
RFC, WIP: etcdserver: let maintenance services require root role
 2017-01-14 11:22:14 -08:00
Hitoshi Mitake 9886e9448e auth, etcdserver: let maintenance services require root role 
This commit lets maintenance services require root privilege. It also
moves AuthInfoFromCtx() from etcdserver to auth pkg for cleaning purpose.
 2017-01-14 19:36:24 +09:00
Gyu-Ho Lee e655420d33 v3rpc: error for non-empty value with ignore_value 2017-01-13 15:13:18 -08:00
Gyu-Ho Lee ea94aea136 etcdserver/api: add 3.2 in capability 2017-01-13 14:00:03 -08:00
Hitoshi Mitake d431b64d97 etcdserver, clientv3: handle a case of expired auth token 
This commit adds a mechanism of handling a case of expired auth token
to clientv3. If a server returns an error code
grpc.codes.Unauthenticated, newRetryWrapper() tries to get a new token
and use it as an option of PerRPCCredential.

Fixes https://github.com/coreos/etcd/issues/7012
 2017-01-12 11:49:02 +09:00
Gyu-Ho Lee 2b5f9e1c6b etcdserver: expose ErrNotEnoughStartedMembers 
Fix https://github.com/coreos/etcd/issues/7072.
 2017-01-03 15:23:06 -08:00
Anthony Romano e2463569e7 v2http: submit QGET in health endpoint if no progress 
Removing the periodic SYNC calls broke the health endpoint since the
raft index stops updating. Instead, don't bother monitoring the
raft index; issue a QGET directly to get a consensus response.

Fixes #6985
 2016-12-28 12:20:56 -08:00
fanmin shi 89b18ff1af Merge pull request #7015 from fanminshi/fix_lease_expired_too_soon 
lease: force leader to apply its pending committed index for lease op…
 2016-12-27 11:26:15 -08:00
fanmin shi fef4a79528 lease: force leader to apply its pending committed index for lease operations 
suppose a lease granting request from a follower goes through and followed by a lease look up or renewal, the leader might not apply the lease grant request locally. So the leader might not find the lease from the lease look up or renewal request which will result lease not found error. To fix this issue, we force the leader to apply its pending commited index before looking up lease.

FIX #6978
 2016-12-22 14:24:38 -08:00
Anthony Romano 87b1d9571f v3api, rpctypes: add ErrTimeoutDueToConnectionLost 
Lack of GRPC code was causing this to look like a halting error to the client.
 2016-12-16 10:25:35 -08:00
Gyu-Ho Lee eb8646a381 v3rpc: remove unused 'splitMethodName' function 2016-12-12 10:07:14 -08:00
Anthony Romano 2c06def8ca etcdserver, embed, v2http: move pprof setup to embed 
Seems like a better place for prof setup since it's not specific to v2.
 2016-12-09 12:37:35 -08:00
Anthony Romano be1f36d97c v3rpc, etcdserver, leasehttp: ctxize Renew with request timeout 
Would retry a few times before returning a not primary error that
the client should never see. Instead, use proper timeouts and
then return a request timeout error on failure.

Fixes #6922
 2016-12-06 14:09:57 -08:00
Anthony Romano 9a20743190 v3rpc: don't close watcher if client closes send 
grpc-gateway will CloseSend but still want to receive updates.
 2016-11-17 15:33:37 -08:00
Gyu-Ho Lee 5e810e30cc v3rpc: replace grpc metrics w/ go-grpc-prometheus 
And disable histogram
 2016-11-14 15:20:09 -08:00
Gyu-Ho Lee 67082e5bd1 v3rpc: add gRPC active streamsGauge 2016-11-04 11:09:20 -07:00
Hitoshi Mitake f85701a46f auth, etcdserver: forbid adding a user with empty name 2016-11-03 13:45:39 +09:00
fanmin shi ea9e857eb9 Merge pull request #6599 from fanminshi/lease_error_type_fix 
Lease: Add lease errors to togRPCError()
 2016-10-06 15:47:51 -07:00
fanmin shi a862fd9f0f Lease: Add lease errors to togRPCError() 
This allows lease's function to convert lease error to appropriate GRPC errors
 2016-10-06 14:29:31 -07:00
Xiang Li 10cafe56b8 v3rpc: return nil as error explicitly 2016-10-06 14:14:43 -07:00
Xiang Li 962433c17f *: set repo correctly for logging 2016-10-03 17:03:22 +08:00
Xiang Li c6feb695dc api: update capability map 2016-09-16 14:34:55 +08:00
Liam Haworth 5cfa9e2384 etcdserver, api, v2http, client: Added support for semicolons 
Added support into the v2 API to fix an issue (6433) where if there is a semicolon
and fields after it the API would return an "invalid Content-type" message even
if the content type was actually correct
 2016-09-15 13:54:22 +10:00
Gyu-Ho Lee 63b0cd470d etcdserver: implement 'LeaseTimeToLive' 2016-09-09 08:14:14 +09:00
Gyu-Ho Lee 0712ebc9b5 v2http: handle '/leases/internal' 2016-09-09 08:12:31 +09:00
Anthony Romano 1defeda792 v3api, rpctypes: add ErrUnhealthy 2016-09-07 16:51:49 -07:00
Gyu-Ho Lee 2da7b63809 v2http: change to 'NoValueOnSuccess' 2016-08-30 10:53:02 -07:00
Gyu-Ho Lee 572bfd99ff v2http: update function returns 2016-08-30 10:29:37 -07:00
Michael Fraenkel 82053f04b2 client: do not send previous node data (optional) 
- Do not send back node data when specified
- remove node and prevNode when noDataOnSuccess is set
 2016-08-30 10:04:09 -07:00
Anthony Romano 64ac631863 rpctypes: set unknown codes to Unknown instead of internal 
An unrecognized error code isn't "very broken".
 2016-08-28 19:37:35 -07:00
Anthony Romano df54ad2208 v3rpc, rpctypes: add error types for timeouts 2016-08-26 09:22:09 -07:00
Gyu-Ho Lee f91f7dfb91 v2http: fix tests to use new clockwork 2016-08-16 16:36:24 -07:00
Gyu-Ho Lee 4d3b281369 etcdserver: fix spell errors 2016-08-13 20:54:48 -07:00
Anthony Romano 9063ce5e3f etcdserver, embed: stricter reconfig checking 
Make --strict-reconfig-check a default and check if cluster is healthy when
adding a member.
 2016-08-05 16:59:25 -07:00
Gyu-Ho Lee 87498e0209 v2http: use guest access in non-TLS mode 
Fix https://github.com/coreos/etcd/issues/6075.
 2016-08-01 14:00:38 -07:00
Anthony Romano de2c3ec3db etcdserver, api, membership: don't race on setting version 
Fixes #6029
 2016-07-26 18:21:40 -07:00
Gyu-Ho Lee 5066981cc7 v2http: test with 'ClientCertAuthEnabled' 2016-07-20 16:24:33 -07:00
Gyu-Ho Lee 25aeeb35c3 v2http: set 'ClientCertAuthEnabled' in client.go 2016-07-20 16:24:15 -07:00
Gyu-Ho Lee 68ece954fb v2http: add 'ClientCertAuthEnabled' in handlers 2016-07-20 16:23:41 -07:00
Gyu-Ho Lee 0f0d32b073 v2http: move 'testdata' from 'etcdhttp' 2016-07-20 16:20:42 -07:00
rob boll ff5709bb41 v2http: client cert cn authentication 
introduce client certificate authentication using certificate cn.
 2016-07-20 16:20:13 -07:00