From adc981c53d36ebde4111e166f6ac145a83781a08 Mon Sep 17 00:00:00 2001 From: Ajit Yagaty Date: Sat, 7 May 2016 11:24:43 -0700 Subject: [PATCH] auth: Adding support for "auth disable" command. Added support for the auth disable command in the server, added the etcdctl command and a respective testcase. --- auth/store.go | 16 ++ clientv3/auth.go | 9 + e2e/ctl_v3_auth_test.go | 16 +- etcdctl/ctlv3/command/auth_command.go | 27 ++- etcdserver/api/v3rpc/auth.go | 7 +- etcdserver/apply.go | 8 + etcdserver/etcdserverpb/raft_internal.pb.go | 199 ++++++++++++-------- etcdserver/etcdserverpb/raft_internal.proto | 17 +- etcdserver/v3_server.go | 9 + 9 files changed, 220 insertions(+), 88 deletions(-) diff --git a/auth/store.go b/auth/store.go index 00a83a313..c99ba09d2 100644 --- a/auth/store.go +++ b/auth/store.go @@ -47,6 +47,9 @@ type AuthStore interface { // AuthEnable turns on the authentication feature AuthEnable() + // AuthDisable turns off the authentication feature + AuthDisable() + // Authenticate does authentication based on given user name and password, // and returns a token for successful case. // Note that the generated token is valid only for the member the client @@ -92,6 +95,19 @@ func (as *authStore) AuthEnable() { plog.Noticef("Authentication enabled") } +func (as *authStore) AuthDisable() { + value := []byte{0} + + b := as.be + tx := b.BatchTx() + tx.Lock() + tx.UnsafePut(authBucketName, enableFlagKey, value) + tx.Unlock() + b.ForceCommit() + + plog.Noticef("Authentication disabled") +} + func (as *authStore) Authenticate(name string, password string) (*pb.AuthenticateResponse, error) { tx := as.be.BatchTx() tx.Lock() diff --git a/clientv3/auth.go b/clientv3/auth.go index d72657edc..b55ca7f35 100644 --- a/clientv3/auth.go +++ b/clientv3/auth.go @@ -27,6 +27,7 @@ import ( type ( AuthEnableResponse pb.AuthEnableResponse + AuthDisableResponse pb.AuthDisableResponse AuthenticateResponse pb.AuthenticateResponse AuthUserAddResponse pb.AuthUserAddResponse AuthUserDeleteResponse pb.AuthUserDeleteResponse @@ -48,6 +49,9 @@ type Auth interface { // AuthEnable enables auth of an etcd cluster. AuthEnable(ctx context.Context) (*AuthEnableResponse, error) + // AuthDisable disables auth of an etcd cluster. + AuthDisable(ctx context.Context) (*AuthDisableResponse, error) + // Authenticate does authenticate with given user name and password. Authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) @@ -91,6 +95,11 @@ func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) { return (*AuthEnableResponse)(resp), rpctypes.Error(err) } +func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) { + resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}) + return (*AuthDisableResponse)(resp), rpctypes.Error(err) +} + func (auth *auth) Authenticate(ctx context.Context, name string, password string) (*AuthenticateResponse, error) { resp, err := auth.remote.Authenticate(ctx, &pb.AuthenticateRequest{Name: name, Password: password}) return (*AuthenticateResponse)(resp), rpctypes.Error(err) diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go index 5a0f9665a..d5a3f4d51 100644 --- a/e2e/ctl_v3_auth_test.go +++ b/e2e/ctl_v3_auth_test.go @@ -16,9 +16,8 @@ package e2e import "testing" -func TestCtlV3AuthEnable(t *testing.T) { testCtl(t, authEnableTest) } - -// TODO: test auth disable +func TestCtlV3AuthEnable(t *testing.T) { testCtl(t, authEnableTest) } +func TestCtlV3AuthDisable(t *testing.T) { testCtl(t, authDisableTest) } func authEnableTest(cx ctlCtx) { if err := ctlV3AuthEnable(cx); err != nil { @@ -30,3 +29,14 @@ func ctlV3AuthEnable(cx ctlCtx) error { cmdArgs := append(cx.PrefixArgs(), "auth", "enable") return spawnWithExpect(cmdArgs, "Authentication Enabled") } + +func authDisableTest(cx ctlCtx) { + if err := ctlV3AuthDisable(cx); err != nil { + cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err) + } +} + +func ctlV3AuthDisable(cx ctlCtx) error { + cmdArgs := append(cx.PrefixArgs(), "auth", "disable") + return spawnWithExpect(cmdArgs, "Authentication Disabled") +} diff --git a/etcdctl/ctlv3/command/auth_command.go b/etcdctl/ctlv3/command/auth_command.go index 757bfac72..1fa0f6d32 100644 --- a/etcdctl/ctlv3/command/auth_command.go +++ b/etcdctl/ctlv3/command/auth_command.go @@ -28,6 +28,7 @@ func NewAuthCommand() *cobra.Command { } ac.AddCommand(newAuthEnableCommand()) + ac.AddCommand(newAuthDisableCommand()) return ac } @@ -43,7 +44,7 @@ func newAuthEnableCommand() *cobra.Command { // authEnableCommandFunc executes the "auth enable" command. func authEnableCommandFunc(cmd *cobra.Command, args []string) { if len(args) != 0 { - ExitWithError(ExitBadArgs, fmt.Errorf("auth enable command does not accept argument.")) + ExitWithError(ExitBadArgs, fmt.Errorf("auth enable command does not accept any arguments.")) } ctx, cancel := commandCtx(cmd) @@ -55,3 +56,27 @@ func authEnableCommandFunc(cmd *cobra.Command, args []string) { fmt.Println("Authentication Enabled") } + +func newAuthDisableCommand() *cobra.Command { + return &cobra.Command{ + Use: "disable", + Short: "disable authentication", + Run: authDisableCommandFunc, + } +} + +// authDisableCommandFunc executes the "auth disable" command. +func authDisableCommandFunc(cmd *cobra.Command, args []string) { + if len(args) != 0 { + ExitWithError(ExitBadArgs, fmt.Errorf("auth disable command does not accept any arguments.")) + } + + ctx, cancel := commandCtx(cmd) + _, err := mustClientFromCmd(cmd).Auth.AuthDisable(ctx) + cancel() + if err != nil { + ExitWithError(ExitError, err) + } + + fmt.Println("Authentication Disabled") +} diff --git a/etcdserver/api/v3rpc/auth.go b/etcdserver/api/v3rpc/auth.go index daed48f1c..3b94b1eae 100644 --- a/etcdserver/api/v3rpc/auth.go +++ b/etcdserver/api/v3rpc/auth.go @@ -37,8 +37,11 @@ func (as *AuthServer) AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) ( } func (as *AuthServer) AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error) { - plog.Info("not implemented yet") - return nil, nil + resp, err := as.authenticator.AuthDisable(ctx, r) + if err != nil { + return nil, togRPCError(err) + } + return resp, nil } func (as *AuthServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) { diff --git a/etcdserver/apply.go b/etcdserver/apply.go index 7edfcc971..8fd8ffdc9 100644 --- a/etcdserver/apply.go +++ b/etcdserver/apply.go @@ -54,6 +54,7 @@ type applierV3 interface { LeaseRevoke(lc *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error) Alarm(*pb.AlarmRequest) (*pb.AlarmResponse, error) AuthEnable() (*pb.AuthEnableResponse, error) + AuthDisable() (*pb.AuthDisableResponse, error) Authenticate(r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) UserAdd(ua *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error) UserDelete(ua *pb.AuthUserDeleteRequest) (*pb.AuthUserDeleteResponse, error) @@ -88,6 +89,8 @@ func (s *EtcdServer) applyV3Request(r *pb.InternalRaftRequest) *applyResult { ar.resp, ar.err = s.applyV3.Alarm(r.Alarm) case r.AuthEnable != nil: ar.resp, ar.err = s.applyV3.AuthEnable() + case r.AuthDisable != nil: + ar.resp, ar.err = s.applyV3.AuthDisable() case r.Authenticate != nil: ar.resp, ar.err = s.applyV3.Authenticate(r.Authenticate) case r.AuthUserAdd != nil: @@ -495,6 +498,11 @@ func (a *applierV3backend) AuthEnable() (*pb.AuthEnableResponse, error) { return &pb.AuthEnableResponse{}, nil } +func (a *applierV3backend) AuthDisable() (*pb.AuthDisableResponse, error) { + a.s.AuthStore().AuthDisable() + return &pb.AuthDisableResponse{}, nil +} + func (a *applierV3backend) Authenticate(r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) { return a.s.AuthStore().Authenticate(r.Name, r.Password) } diff --git a/etcdserver/etcdserverpb/raft_internal.pb.go b/etcdserver/etcdserverpb/raft_internal.pb.go index 7771eac10..84a56ab14 100644 --- a/etcdserver/etcdserverpb/raft_internal.pb.go +++ b/etcdserver/etcdserverpb/raft_internal.pb.go @@ -32,14 +32,15 @@ type InternalRaftRequest struct { LeaseGrant *LeaseGrantRequest `protobuf:"bytes,8,opt,name=lease_grant,json=leaseGrant" json:"lease_grant,omitempty"` LeaseRevoke *LeaseRevokeRequest `protobuf:"bytes,9,opt,name=lease_revoke,json=leaseRevoke" json:"lease_revoke,omitempty"` AuthEnable *AuthEnableRequest `protobuf:"bytes,10,opt,name=auth_enable,json=authEnable" json:"auth_enable,omitempty"` - AuthUserAdd *AuthUserAddRequest `protobuf:"bytes,11,opt,name=auth_user_add,json=authUserAdd" json:"auth_user_add,omitempty"` - AuthUserDelete *AuthUserDeleteRequest `protobuf:"bytes,12,opt,name=auth_user_delete,json=authUserDelete" json:"auth_user_delete,omitempty"` - AuthUserChangePassword *AuthUserChangePasswordRequest `protobuf:"bytes,13,opt,name=auth_user_change_password,json=authUserChangePassword" json:"auth_user_change_password,omitempty"` - AuthUserGrant *AuthUserGrantRequest `protobuf:"bytes,14,opt,name=auth_user_grant,json=authUserGrant" json:"auth_user_grant,omitempty"` - AuthRoleAdd *AuthRoleAddRequest `protobuf:"bytes,15,opt,name=auth_role_add,json=authRoleAdd" json:"auth_role_add,omitempty"` - AuthRoleGrant *AuthRoleGrantRequest `protobuf:"bytes,16,opt,name=auth_role_grant,json=authRoleGrant" json:"auth_role_grant,omitempty"` - Authenticate *AuthenticateRequest `protobuf:"bytes,17,opt,name=authenticate" json:"authenticate,omitempty"` - Alarm *AlarmRequest `protobuf:"bytes,18,opt,name=alarm" json:"alarm,omitempty"` + AuthDisable *AuthDisableRequest `protobuf:"bytes,11,opt,name=auth_disable,json=authDisable" json:"auth_disable,omitempty"` + AuthUserAdd *AuthUserAddRequest `protobuf:"bytes,12,opt,name=auth_user_add,json=authUserAdd" json:"auth_user_add,omitempty"` + AuthUserDelete *AuthUserDeleteRequest `protobuf:"bytes,13,opt,name=auth_user_delete,json=authUserDelete" json:"auth_user_delete,omitempty"` + AuthUserChangePassword *AuthUserChangePasswordRequest `protobuf:"bytes,14,opt,name=auth_user_change_password,json=authUserChangePassword" json:"auth_user_change_password,omitempty"` + AuthUserGrant *AuthUserGrantRequest `protobuf:"bytes,15,opt,name=auth_user_grant,json=authUserGrant" json:"auth_user_grant,omitempty"` + AuthRoleAdd *AuthRoleAddRequest `protobuf:"bytes,16,opt,name=auth_role_add,json=authRoleAdd" json:"auth_role_add,omitempty"` + AuthRoleGrant *AuthRoleGrantRequest `protobuf:"bytes,17,opt,name=auth_role_grant,json=authRoleGrant" json:"auth_role_grant,omitempty"` + Authenticate *AuthenticateRequest `protobuf:"bytes,18,opt,name=authenticate" json:"authenticate,omitempty"` + Alarm *AlarmRequest `protobuf:"bytes,19,opt,name=alarm" json:"alarm,omitempty"` } func (m *InternalRaftRequest) Reset() { *m = InternalRaftRequest{} } @@ -169,92 +170,104 @@ func (m *InternalRaftRequest) MarshalTo(data []byte) (int, error) { } i += n9 } - if m.AuthUserAdd != nil { + if m.AuthDisable != nil { data[i] = 0x5a i++ - i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserAdd.Size())) - n10, err := m.AuthUserAdd.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthDisable.Size())) + n10, err := m.AuthDisable.MarshalTo(data[i:]) if err != nil { return 0, err } i += n10 } - if m.AuthUserDelete != nil { + if m.AuthUserAdd != nil { data[i] = 0x62 i++ - i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserDelete.Size())) - n11, err := m.AuthUserDelete.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserAdd.Size())) + n11, err := m.AuthUserAdd.MarshalTo(data[i:]) if err != nil { return 0, err } i += n11 } - if m.AuthUserChangePassword != nil { + if m.AuthUserDelete != nil { data[i] = 0x6a i++ - i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserChangePassword.Size())) - n12, err := m.AuthUserChangePassword.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserDelete.Size())) + n12, err := m.AuthUserDelete.MarshalTo(data[i:]) if err != nil { return 0, err } i += n12 } - if m.AuthUserGrant != nil { + if m.AuthUserChangePassword != nil { data[i] = 0x72 i++ - i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserGrant.Size())) - n13, err := m.AuthUserGrant.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserChangePassword.Size())) + n13, err := m.AuthUserChangePassword.MarshalTo(data[i:]) if err != nil { return 0, err } i += n13 } - if m.AuthRoleAdd != nil { + if m.AuthUserGrant != nil { data[i] = 0x7a i++ - i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleAdd.Size())) - n14, err := m.AuthRoleAdd.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthUserGrant.Size())) + n14, err := m.AuthUserGrant.MarshalTo(data[i:]) if err != nil { return 0, err } i += n14 } - if m.AuthRoleGrant != nil { + if m.AuthRoleAdd != nil { data[i] = 0x82 i++ data[i] = 0x1 i++ - i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleGrant.Size())) - n15, err := m.AuthRoleGrant.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleAdd.Size())) + n15, err := m.AuthRoleAdd.MarshalTo(data[i:]) if err != nil { return 0, err } i += n15 } - if m.Authenticate != nil { + if m.AuthRoleGrant != nil { data[i] = 0x8a i++ data[i] = 0x1 i++ - i = encodeVarintRaftInternal(data, i, uint64(m.Authenticate.Size())) - n16, err := m.Authenticate.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.AuthRoleGrant.Size())) + n16, err := m.AuthRoleGrant.MarshalTo(data[i:]) if err != nil { return 0, err } i += n16 } - if m.Alarm != nil { + if m.Authenticate != nil { data[i] = 0x92 i++ data[i] = 0x1 i++ - i = encodeVarintRaftInternal(data, i, uint64(m.Alarm.Size())) - n17, err := m.Alarm.MarshalTo(data[i:]) + i = encodeVarintRaftInternal(data, i, uint64(m.Authenticate.Size())) + n17, err := m.Authenticate.MarshalTo(data[i:]) if err != nil { return 0, err } i += n17 } + if m.Alarm != nil { + data[i] = 0x9a + i++ + data[i] = 0x1 + i++ + i = encodeVarintRaftInternal(data, i, uint64(m.Alarm.Size())) + n18, err := m.Alarm.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n18 + } return i, nil } @@ -345,6 +358,10 @@ func (m *InternalRaftRequest) Size() (n int) { l = m.AuthEnable.Size() n += 1 + l + sovRaftInternal(uint64(l)) } + if m.AuthDisable != nil { + l = m.AuthDisable.Size() + n += 1 + l + sovRaftInternal(uint64(l)) + } if m.AuthUserAdd != nil { l = m.AuthUserAdd.Size() n += 1 + l + sovRaftInternal(uint64(l)) @@ -363,7 +380,7 @@ func (m *InternalRaftRequest) Size() (n int) { } if m.AuthRoleAdd != nil { l = m.AuthRoleAdd.Size() - n += 1 + l + sovRaftInternal(uint64(l)) + n += 2 + l + sovRaftInternal(uint64(l)) } if m.AuthRoleGrant != nil { l = m.AuthRoleGrant.Size() @@ -745,6 +762,39 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { } iNdEx = postIndex case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AuthDisable", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRaftInternal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthRaftInternal + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.AuthDisable == nil { + m.AuthDisable = &AuthDisableRequest{} + } + if err := m.AuthDisable.Unmarshal(data[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 12: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field AuthUserAdd", wireType) } @@ -777,7 +827,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 12: + case 13: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field AuthUserDelete", wireType) } @@ -810,7 +860,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 13: + case 14: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field AuthUserChangePassword", wireType) } @@ -843,7 +893,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 14: + case 15: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field AuthUserGrant", wireType) } @@ -876,7 +926,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 15: + case 16: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field AuthRoleAdd", wireType) } @@ -909,7 +959,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 16: + case 17: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field AuthRoleGrant", wireType) } @@ -942,7 +992,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 17: + case 18: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Authenticate", wireType) } @@ -975,7 +1025,7 @@ func (m *InternalRaftRequest) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 18: + case 19: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Alarm", wireType) } @@ -1185,39 +1235,40 @@ var ( ) var fileDescriptorRaftInternal = []byte{ - // 534 bytes of a gzipped FileDescriptorProto + // 550 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x94, 0xdf, 0x6e, 0xd3, 0x30, - 0x14, 0xc6, 0x69, 0xf7, 0x87, 0xcd, 0xfd, 0x8b, 0x07, 0xc8, 0xf4, 0x62, 0x8c, 0x22, 0x24, 0x04, - 0x52, 0x41, 0xe3, 0x01, 0xa0, 0xb4, 0x15, 0x1a, 0x02, 0x69, 0x8a, 0xe0, 0x3a, 0x72, 0x93, 0xb3, - 0xae, 0x22, 0x8d, 0x83, 0xe3, 0x94, 0xf1, 0x86, 0xbb, 0xe4, 0x11, 0x80, 0xb7, 0xe0, 0x0e, 0xfb, - 0x24, 0x71, 0x9a, 0xcd, 0xbd, 0xa8, 0x94, 0x7c, 0xe7, 0x3b, 0xbf, 0xf3, 0xc5, 0x47, 0x2e, 0x39, - 0x92, 0xfc, 0x42, 0xf9, 0xcb, 0x58, 0x81, 0x8c, 0x79, 0x34, 0x4a, 0xa4, 0x50, 0x82, 0xb6, 0x41, - 0x05, 0x61, 0x0a, 0x72, 0x0d, 0x32, 0x99, 0x0f, 0xee, 0x2f, 0xc4, 0x42, 0x60, 0xe1, 0x95, 0x79, - 0xca, 0x3d, 0x83, 0x7e, 0xe5, 0x29, 0x94, 0x43, 0x99, 0x04, 0xf9, 0xe3, 0xf0, 0xdf, 0x01, 0x39, - 0x3a, 0x2b, 0x98, 0x9e, 0x1e, 0xe0, 0xc1, 0xf7, 0x0c, 0x52, 0x45, 0xbb, 0xa4, 0x79, 0x36, 0x65, - 0x8d, 0x93, 0xc6, 0xf3, 0x5d, 0xaf, 0xb9, 0x9c, 0xd2, 0x67, 0xa4, 0xb9, 0x3e, 0x65, 0x4d, 0xfd, - 0xde, 0x3a, 0x7d, 0x30, 0xda, 0x9c, 0x3a, 0x2a, 0x5a, 0x3c, 0x6d, 0xa0, 0xaf, 0xc9, 0x9e, 0xe4, - 0xf1, 0x02, 0xd8, 0x0e, 0x3a, 0x07, 0x37, 0x9c, 0xa6, 0x54, 0xda, 0x73, 0x23, 0x7d, 0x41, 0x76, - 0x92, 0x4c, 0xb1, 0x5d, 0xf4, 0xb3, 0xba, 0xff, 0x3c, 0x2b, 0xf3, 0x78, 0xc6, 0x44, 0x27, 0xa4, - 0x1d, 0x42, 0x04, 0x0a, 0xfc, 0x7c, 0xc8, 0x1e, 0x36, 0x9d, 0xd4, 0x9b, 0xa6, 0xe8, 0xa8, 0x8d, - 0x6a, 0x85, 0x95, 0x66, 0x06, 0xaa, 0xab, 0x98, 0xed, 0xbb, 0x06, 0x7e, 0xb9, 0x8a, 0xed, 0x40, - 0x6d, 0xa2, 0x6f, 0x09, 0x09, 0xc4, 0x2a, 0xe1, 0x81, 0x5a, 0x8a, 0x98, 0xdd, 0xc5, 0x96, 0xc7, - 0xf5, 0x96, 0x89, 0xad, 0x97, 0x9d, 0x1b, 0x2d, 0xf4, 0x1d, 0x69, 0x45, 0xc0, 0x53, 0xf0, 0x17, - 0x3a, 0xb1, 0x62, 0x07, 0x2e, 0xc2, 0x27, 0x63, 0xf8, 0x60, 0xea, 0x96, 0x10, 0x59, 0xc9, 0x7c, - 0x73, 0x4e, 0x90, 0xb0, 0x16, 0xdf, 0x80, 0x1d, 0xba, 0xbe, 0x19, 0x11, 0x1e, 0x1a, 0xec, 0x37, - 0x47, 0x95, 0x66, 0x62, 0xf0, 0x4c, 0x5d, 0xfa, 0x10, 0xf3, 0x79, 0x04, 0x8c, 0xb8, 0x62, 0x8c, - 0xb5, 0x61, 0x86, 0x75, 0x1b, 0x83, 0x5b, 0x89, 0x4e, 0x49, 0x07, 0x09, 0x99, 0xf6, 0xfb, 0x3c, - 0x0c, 0x59, 0xcb, 0x95, 0xc3, 0x30, 0xbe, 0xea, 0xb7, 0x71, 0x18, 0xda, 0x1c, 0xbc, 0xd2, 0xe8, - 0x67, 0xd2, 0xaf, 0x28, 0xf9, 0x52, 0x58, 0x1b, 0x41, 0x4f, 0xdd, 0xa0, 0x62, 0x99, 0x05, 0xab, - 0xcb, 0x6b, 0x32, 0xbd, 0x20, 0x8f, 0x2a, 0x5c, 0x70, 0x69, 0xd6, 0xeb, 0x27, 0x3c, 0x4d, 0x7f, - 0x08, 0x19, 0xb2, 0x0e, 0x72, 0x5f, 0xba, 0xb9, 0x13, 0x34, 0x9f, 0x17, 0xde, 0x92, 0xff, 0x90, - 0x3b, 0xcb, 0xf4, 0x23, 0xe9, 0x55, 0x73, 0xf2, 0x4d, 0x76, 0x91, 0x3e, 0x74, 0xd3, 0x6b, 0xcb, - 0xec, 0xf0, 0x4d, 0xd5, 0x1e, 0xa4, 0x14, 0x11, 0xe0, 0x41, 0xf6, 0xb6, 0x1d, 0xa4, 0xa7, 0x1d, - 0x37, 0x0f, 0xb2, 0xd0, 0x6c, 0x22, 0xa4, 0xe4, 0x89, 0xfa, 0xdb, 0x12, 0x99, 0x9e, 0xdb, 0x89, - 0xac, 0x4a, 0x67, 0xa4, 0x6d, 0x04, 0x88, 0xd5, 0x32, 0xe0, 0x7a, 0x21, 0xf7, 0x10, 0xf4, 0xe4, - 0x36, 0xa8, 0x74, 0x94, 0x9c, 0x5a, 0x9b, 0xb9, 0xfa, 0x3c, 0xe2, 0x72, 0xc5, 0xa8, 0xeb, 0xea, - 0x8f, 0x4d, 0xc9, 0x5e, 0x7d, 0x34, 0x0e, 0x7b, 0xa4, 0x33, 0x5b, 0x25, 0xea, 0xa7, 0x07, 0x69, - 0x22, 0xe2, 0x14, 0xde, 0xf7, 0xaf, 0xff, 0x1c, 0xdf, 0xb9, 0xfe, 0x7b, 0xdc, 0xf8, 0xa5, 0x7f, - 0xbf, 0xf5, 0x6f, 0xbe, 0x8f, 0xff, 0x52, 0x6f, 0xfe, 0x07, 0x00, 0x00, 0xff, 0xff, 0xee, 0xd7, - 0xc5, 0x26, 0xfd, 0x04, 0x00, 0x00, + 0x14, 0xc6, 0x69, 0xf7, 0x07, 0xea, 0xfe, 0xc5, 0x05, 0x64, 0x7a, 0x31, 0x46, 0x11, 0x12, 0x02, + 0xa9, 0xa0, 0xf1, 0x00, 0x50, 0xda, 0x0a, 0x0d, 0x81, 0x34, 0x45, 0x70, 0x1d, 0xb9, 0xc9, 0x59, + 0x57, 0x91, 0x26, 0xc1, 0x71, 0xcb, 0x78, 0x39, 0xae, 0x77, 0xc9, 0x23, 0x00, 0x4f, 0x32, 0xfb, + 0x38, 0x71, 0x9a, 0xcd, 0xbd, 0x88, 0x94, 0x7c, 0xe7, 0x3b, 0xbf, 0xf3, 0xd9, 0xb1, 0x4c, 0xfa, + 0x82, 0x9f, 0x4b, 0x7f, 0x19, 0x4b, 0x10, 0x31, 0x8f, 0x46, 0xa9, 0x48, 0x64, 0x42, 0x5b, 0x20, + 0x83, 0x30, 0x03, 0xb1, 0x01, 0x91, 0xce, 0x07, 0x0f, 0x16, 0xc9, 0x22, 0xc1, 0xc2, 0x6b, 0xfd, + 0x66, 0x3c, 0x83, 0x5e, 0xe9, 0xc9, 0x95, 0x86, 0x48, 0x03, 0xf3, 0x3a, 0xfc, 0xdd, 0x20, 0xfd, + 0xd3, 0x9c, 0xe9, 0xa9, 0x01, 0x1e, 0xfc, 0x58, 0x43, 0x26, 0x69, 0x87, 0xd4, 0x4f, 0xa7, 0xac, + 0x76, 0x5c, 0x7b, 0xb1, 0xef, 0xd5, 0x97, 0x53, 0xfa, 0x9c, 0xd4, 0x37, 0x27, 0xac, 0xae, 0xbe, + 0x9b, 0x27, 0x0f, 0x47, 0xdb, 0x53, 0x47, 0x79, 0x8b, 0xa7, 0x0c, 0xf4, 0x0d, 0x39, 0x10, 0x3c, + 0x5e, 0x00, 0xdb, 0x43, 0xe7, 0xe0, 0x86, 0x53, 0x97, 0x0a, 0xbb, 0x31, 0xd2, 0x97, 0x64, 0x2f, + 0x5d, 0x4b, 0xb6, 0x8f, 0x7e, 0x56, 0xf5, 0x9f, 0xad, 0x8b, 0x3c, 0x9e, 0x36, 0xd1, 0x09, 0x69, + 0x85, 0x10, 0x81, 0x04, 0xdf, 0x0c, 0x39, 0xc0, 0xa6, 0xe3, 0x6a, 0xd3, 0x14, 0x1d, 0x95, 0x51, + 0xcd, 0xb0, 0xd4, 0xf4, 0x40, 0x79, 0x19, 0xb3, 0x43, 0xd7, 0xc0, 0xaf, 0x97, 0xb1, 0x1d, 0xa8, + 0x4c, 0xf4, 0x1d, 0x21, 0x41, 0xb2, 0x4a, 0x79, 0x20, 0x97, 0x49, 0xcc, 0xee, 0x62, 0xcb, 0x93, + 0x6a, 0xcb, 0xc4, 0xd6, 0x8b, 0xce, 0xad, 0x16, 0xfa, 0x9e, 0x34, 0x23, 0xe0, 0x19, 0xf8, 0x0b, + 0x95, 0x58, 0xb2, 0x7b, 0x2e, 0xc2, 0x67, 0x6d, 0xf8, 0xa8, 0xeb, 0x96, 0x10, 0x59, 0x49, 0xaf, + 0xd9, 0x10, 0x04, 0x6c, 0x92, 0xef, 0xc0, 0x1a, 0xae, 0x35, 0x23, 0xc2, 0x43, 0x83, 0x5d, 0x73, + 0x54, 0x6a, 0x3a, 0x06, 0x5f, 0xcb, 0x0b, 0x1f, 0x62, 0x3e, 0x8f, 0x80, 0x11, 0x57, 0x8c, 0xb1, + 0x32, 0xcc, 0xb0, 0x6e, 0x63, 0x70, 0x2b, 0xe9, 0x18, 0x48, 0x08, 0x97, 0x19, 0x22, 0x9a, 0xae, + 0x18, 0x1a, 0x31, 0x35, 0x06, 0x1b, 0x83, 0x97, 0x1a, 0x9d, 0x92, 0x36, 0x42, 0xd6, 0xaa, 0xc3, + 0xe7, 0x61, 0xc8, 0x5a, 0xbb, 0x28, 0xdf, 0xd4, 0xd7, 0x38, 0x0c, 0x2b, 0x94, 0x5c, 0xa3, 0x5f, + 0x48, 0xaf, 0xa4, 0x98, 0x3f, 0xcb, 0xda, 0x08, 0x7a, 0xe6, 0x06, 0xe5, 0x27, 0x22, 0x67, 0x75, + 0x78, 0x45, 0xa6, 0xe7, 0xe4, 0x71, 0x89, 0x0b, 0x2e, 0xf4, 0x19, 0xf1, 0x53, 0x9e, 0x65, 0x3f, + 0x13, 0x11, 0xb2, 0x0e, 0x72, 0x5f, 0xb9, 0xb9, 0x13, 0x34, 0x9f, 0xe5, 0xde, 0x82, 0xff, 0x88, + 0x3b, 0xcb, 0xf4, 0x13, 0xe9, 0x96, 0x73, 0xcc, 0x71, 0xe8, 0x22, 0x7d, 0xe8, 0xa6, 0x57, 0x4e, + 0x44, 0x9b, 0x6f, 0xab, 0x76, 0x23, 0x45, 0x12, 0x01, 0x6e, 0x64, 0x6f, 0xd7, 0x46, 0x7a, 0xca, + 0x71, 0x73, 0x23, 0x73, 0xcd, 0x26, 0x42, 0x8a, 0x49, 0x74, 0x7f, 0x57, 0x22, 0xdd, 0x73, 0x3b, + 0x91, 0x55, 0xe9, 0xcc, 0x9c, 0x0f, 0x88, 0xe5, 0x32, 0xe0, 0xea, 0x87, 0x50, 0x04, 0x3d, 0xbd, + 0x0d, 0x2a, 0x1c, 0x05, 0xa7, 0xd2, 0xa6, 0xef, 0x0f, 0x1e, 0x71, 0xb1, 0x62, 0x7d, 0xd7, 0xfd, + 0x31, 0xd6, 0x25, 0x7b, 0x7f, 0xa0, 0x71, 0xd8, 0x25, 0xed, 0xd9, 0x2a, 0x95, 0xbf, 0x3c, 0xc8, + 0xd2, 0x24, 0xce, 0xe0, 0x43, 0xef, 0xea, 0xdf, 0xd1, 0x9d, 0xab, 0xff, 0x47, 0xb5, 0x3f, 0xea, + 0xf9, 0xab, 0x9e, 0xf9, 0x21, 0x5e, 0x75, 0x6f, 0xaf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xe8, 0x6d, + 0xd8, 0x5b, 0x42, 0x05, 0x00, 0x00, } diff --git a/etcdserver/etcdserverpb/raft_internal.proto b/etcdserver/etcdserverpb/raft_internal.proto index 2ea0c057a..042279efe 100644 --- a/etcdserver/etcdserverpb/raft_internal.proto +++ b/etcdserver/etcdserverpb/raft_internal.proto @@ -26,15 +26,16 @@ message InternalRaftRequest { LeaseRevokeRequest lease_revoke = 9; AuthEnableRequest auth_enable = 10; - AuthUserAddRequest auth_user_add = 11; - AuthUserDeleteRequest auth_user_delete = 12; - AuthUserChangePasswordRequest auth_user_change_password = 13; - AuthUserGrantRequest auth_user_grant = 14; - AuthRoleAddRequest auth_role_add = 15; - AuthRoleGrantRequest auth_role_grant = 16; - AuthenticateRequest authenticate = 17; + AuthDisableRequest auth_disable = 11; + AuthUserAddRequest auth_user_add = 12; + AuthUserDeleteRequest auth_user_delete = 13; + AuthUserChangePasswordRequest auth_user_change_password = 14; + AuthUserGrantRequest auth_user_grant = 15; + AuthRoleAddRequest auth_role_add = 16; + AuthRoleGrantRequest auth_role_grant = 17; + AuthenticateRequest authenticate = 18; - AlarmRequest alarm = 18; + AlarmRequest alarm = 19; } message EmptyResponse { diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go index e4517e9ef..1c31ab65c 100644 --- a/etcdserver/v3_server.go +++ b/etcdserver/v3_server.go @@ -56,6 +56,7 @@ type Lessor interface { type Authenticator interface { AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (*pb.AuthEnableResponse, error) + AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) UserAdd(ctx context.Context, r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error) UserDelete(ctx context.Context, r *pb.AuthUserDeleteRequest) (*pb.AuthUserDeleteResponse, error) @@ -216,6 +217,14 @@ func (s *EtcdServer) AuthEnable(ctx context.Context, r *pb.AuthEnableRequest) (* return result.resp.(*pb.AuthEnableResponse), result.err } +func (s *EtcdServer) AuthDisable(ctx context.Context, r *pb.AuthDisableRequest) (*pb.AuthDisableResponse, error) { + result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{AuthDisable: r}) + if err != nil { + return nil, err + } + return result.resp.(*pb.AuthDisableResponse), result.err +} + func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) { result, err := s.processInternalRaftRequest(ctx, pb.InternalRaftRequest{Authenticate: r}) if err != nil {