Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

v2http: set 'ClientCertAuthEnabled' in client.go

Browse Source
This commit is contained in:
Gyu-Ho Lee 2016-07-20 16:24:15 -07:00
parent 68ece954fb
commit 25aeeb35c3
1 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etcdserver/api/v2http/client.go
View File

@ -70,6 +70,7 @@ func NewClientHandler(server *etcdserver.EtcdServer, timeout time.Duration) http
cluster: server.Cluster(), cluster: server.Cluster(),
timer: server, timer: server,
timeout: timeout, timeout: timeout,
clientCertAuthEnabled: server.Cfg.ClientCertAuthEnabled,
} }
sh := &statsHandler{ sh := &statsHandler{
@ -82,6 +83,7 @@ func NewClientHandler(server *etcdserver.EtcdServer, timeout time.Duration) http
cluster: server.Cluster(), cluster: server.Cluster(),
timeout: timeout, timeout: timeout,
clock: clockwork.NewRealClock(), clock: clockwork.NewRealClock(),
clientCertAuthEnabled: server.Cfg.ClientCertAuthEnabled,
} }
dmh := &deprecatedMachinesHandler{ dmh := &deprecatedMachinesHandler{
@ -91,6 +93,7 @@ func NewClientHandler(server *etcdserver.EtcdServer, timeout time.Duration) http
sech := &authHandler{ sech := &authHandler{
sec: sec, sec: sec,
cluster: server.Cluster(), cluster: server.Cluster(),
clientCertAuthEnabled: server.Cfg.ClientCertAuthEnabled,
} }
mux := http.NewServeMux() mux := http.NewServeMux()
@ -137,6 +140,7 @@ type keysHandler struct {
cluster api.Cluster cluster api.Cluster
timer etcdserver.RaftTimer timer etcdserver.RaftTimer
timeout time.Duration timeout time.Duration
clientCertAuthEnabled bool
} }
func (h *keysHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *keysHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@ -156,7 +160,7 @@ func (h *keysHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
// The path must be valid at this point (we've parsed the request successfully). // The path must be valid at this point (we've parsed the request successfully).
if !hasKeyPrefixAccess(h.sec, r, r.URL.Path[len(keysPrefix):], rr.Recursive) { if !hasKeyPrefixAccess(h.sec, r, r.URL.Path[len(keysPrefix):], rr.Recursive, h.clientCertAuthEnabled) {
writeKeyNoAuth(w) writeKeyNoAuth(w)
return return
} }
@ -204,13 +208,14 @@ type membersHandler struct {
cluster api.Cluster cluster api.Cluster
timeout time.Duration timeout time.Duration
clock clockwork.Clock clock clockwork.Clock
clientCertAuthEnabled bool
} }
func (h *membersHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *membersHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if !allowMethod(w, r.Method, "GET", "POST", "DELETE", "PUT") { if !allowMethod(w, r.Method, "GET", "POST", "DELETE", "PUT") {
return return
} }
if !hasWriteRootAccess(h.sec, r) { if !hasWriteRootAccess(h.sec, r, h.clientCertAuthEnabled) {
writeNoAuth(w, r) writeNoAuth(w, r)
return return
} }