mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
Move CheckTxnAuth to txn.
This commit is contained in:
parent
c78bf655a7
commit
c62f01e5fe
@ -22,6 +22,7 @@ import (
|
|||||||
"go.etcd.io/etcd/pkg/v3/traceutil"
|
"go.etcd.io/etcd/pkg/v3/traceutil"
|
||||||
"go.etcd.io/etcd/server/v3/auth"
|
"go.etcd.io/etcd/server/v3/auth"
|
||||||
"go.etcd.io/etcd/server/v3/etcdserver/api/membership"
|
"go.etcd.io/etcd/server/v3/etcdserver/api/membership"
|
||||||
|
"go.etcd.io/etcd/server/v3/etcdserver/txn"
|
||||||
"go.etcd.io/etcd/server/v3/lease"
|
"go.etcd.io/etcd/server/v3/lease"
|
||||||
"go.etcd.io/etcd/server/v3/storage/mvcc"
|
"go.etcd.io/etcd/server/v3/storage/mvcc"
|
||||||
)
|
)
|
||||||
@ -150,20 +151,8 @@ func checkTxnReqsPermission(as auth.AuthStore, ai *auth.AuthInfo, reqs []*pb.Req
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func CheckTxnAuth(as auth.AuthStore, ai *auth.AuthInfo, rt *pb.TxnRequest) error {
|
|
||||||
for _, c := range rt.Compare {
|
|
||||||
if err := as.IsRangePermitted(ai, c.Key, c.RangeEnd); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if err := checkTxnReqsPermission(as, ai, rt.Success); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return checkTxnReqsPermission(as, ai, rt.Failure)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (aa *authApplierV3) Txn(ctx context.Context, rt *pb.TxnRequest) (*pb.TxnResponse, *traceutil.Trace, error) {
|
func (aa *authApplierV3) Txn(ctx context.Context, rt *pb.TxnRequest) (*pb.TxnResponse, *traceutil.Trace, error) {
|
||||||
if err := CheckTxnAuth(aa.as, &aa.authInfo, rt); err != nil {
|
if err := txn.CheckTxnAuth(aa.as, &aa.authInfo, rt); err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
return aa.applierV3.Txn(ctx, rt)
|
return aa.applierV3.Txn(ctx, rt)
|
||||||
|
@ -22,6 +22,7 @@ import (
|
|||||||
pb "go.etcd.io/etcd/api/v3/etcdserverpb"
|
pb "go.etcd.io/etcd/api/v3/etcdserverpb"
|
||||||
"go.etcd.io/etcd/api/v3/mvccpb"
|
"go.etcd.io/etcd/api/v3/mvccpb"
|
||||||
"go.etcd.io/etcd/pkg/v3/traceutil"
|
"go.etcd.io/etcd/pkg/v3/traceutil"
|
||||||
|
"go.etcd.io/etcd/server/v3/auth"
|
||||||
"go.etcd.io/etcd/server/v3/etcdserver/etcderrors"
|
"go.etcd.io/etcd/server/v3/etcdserver/etcderrors"
|
||||||
"go.etcd.io/etcd/server/v3/lease"
|
"go.etcd.io/etcd/server/v3/lease"
|
||||||
"go.etcd.io/etcd/server/v3/storage/mvcc"
|
"go.etcd.io/etcd/server/v3/storage/mvcc"
|
||||||
@ -624,3 +625,58 @@ func IsTxnReadonly(r *pb.TxnRequest) bool {
|
|||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func CheckTxnAuth(as auth.AuthStore, ai *auth.AuthInfo, rt *pb.TxnRequest) error {
|
||||||
|
for _, c := range rt.Compare {
|
||||||
|
if err := as.IsRangePermitted(ai, c.Key, c.RangeEnd); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := checkTxnReqsPermission(as, ai, rt.Success); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return checkTxnReqsPermission(as, ai, rt.Failure)
|
||||||
|
}
|
||||||
|
|
||||||
|
func checkTxnReqsPermission(as auth.AuthStore, ai *auth.AuthInfo, reqs []*pb.RequestOp) error {
|
||||||
|
for _, requ := range reqs {
|
||||||
|
switch tv := requ.Request.(type) {
|
||||||
|
case *pb.RequestOp_RequestRange:
|
||||||
|
if tv.RequestRange == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := as.IsRangePermitted(ai, tv.RequestRange.Key, tv.RequestRange.RangeEnd); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
case *pb.RequestOp_RequestPut:
|
||||||
|
if tv.RequestPut == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := as.IsPutPermitted(ai, tv.RequestPut.Key); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
case *pb.RequestOp_RequestDeleteRange:
|
||||||
|
if tv.RequestDeleteRange == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if tv.RequestDeleteRange.PrevKv {
|
||||||
|
err := as.IsRangePermitted(ai, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
err := as.IsDeleteRangePermitted(ai, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
@ -173,7 +173,7 @@ func (s *EtcdServer) Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse
|
|||||||
var resp *pb.TxnResponse
|
var resp *pb.TxnResponse
|
||||||
var err error
|
var err error
|
||||||
chk := func(ai *auth.AuthInfo) error {
|
chk := func(ai *auth.AuthInfo) error {
|
||||||
return apply2.CheckTxnAuth(s.authStore, ai, r)
|
return txn.CheckTxnAuth(s.authStore, ai, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
defer func(start time.Time) {
|
defer func(start time.Time) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user