Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

etcdserver: move "etcdserver/auth" to "etcdserver/v2auth"

Browse Source 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
This commit is contained in:
Gyuho Lee 2018-02-02 15:05:56 -08:00
parent 6a265731e1
commit eecbba7927
8 changed files with 109 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG-3.4.md
View File

@ -35,6 +35,7 @@
- Move `"github.com/coreos/etcd/snap"` to [`"github.com/coreos/etcd/internal/raftsnap"`](https://github.com/coreos/etcd/pull/9211). - Move `"github.com/coreos/etcd/snap"` to [`"github.com/coreos/etcd/internal/raftsnap"`](https://github.com/coreos/etcd/pull/9211).
- Move `"github.com/coreos/etcd/store"` to [`"github.com/coreos/etcd/internal/store"`](https://github.com/coreos/etcd/pull/9238). - Move `"github.com/coreos/etcd/store"` to [`"github.com/coreos/etcd/internal/store"`](https://github.com/coreos/etcd/pull/9238).
- Move `"github.com/coreos/etcd/version"` to [`"github.com/coreos/etcd/internal/version"`](https://github.com/coreos/etcd/pull/9244). - Move `"github.com/coreos/etcd/version"` to [`"github.com/coreos/etcd/internal/version"`](https://github.com/coreos/etcd/pull/9244).
- Move `"github.com/coreos/etcd/etcdserver/auth"` to [`"github.com/coreos/etcd/etcdserver/v2auth"`](https://github.com/coreos/etcd/pull/9275).
### Added(`etcd`) ### Added(`etcd`)

8
etcdserver/api/v2http/client.go
View File

@ -32,10 +32,10 @@ import (
"github.com/coreos/etcd/etcdserver/api" "github.com/coreos/etcd/etcdserver/api"
"github.com/coreos/etcd/etcdserver/api/etcdhttp" "github.com/coreos/etcd/etcdserver/api/etcdhttp"
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes" "github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
"github.com/coreos/etcd/etcdserver/auth"
"github.com/coreos/etcd/etcdserver/etcdserverpb" "github.com/coreos/etcd/etcdserver/etcdserverpb"
"github.com/coreos/etcd/etcdserver/membership" "github.com/coreos/etcd/etcdserver/membership"
"github.com/coreos/etcd/etcdserver/stats" "github.com/coreos/etcd/etcdserver/stats"
"github.com/coreos/etcd/etcdserver/v2auth"
"github.com/coreos/etcd/internal/store" "github.com/coreos/etcd/internal/store"
"github.com/coreos/etcd/pkg/types" "github.com/coreos/etcd/pkg/types"
@ -59,7 +59,7 @@ func NewClientHandler(server etcdserver.ServerPeer, timeout time.Duration) http.
} }
func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Duration) { func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Duration) {
sec := auth.NewStore(server, timeout) sec := v2auth.NewStore(server, timeout)
kh := &keysHandler{ kh := &keysHandler{
sec: sec, sec: sec,
server: server, server: server,
@ -101,7 +101,7 @@ func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Durat
} }
type keysHandler struct { type keysHandler struct {
sec auth.Store sec v2auth.Store
server etcdserver.ServerV2 server etcdserver.ServerV2
cluster api.Cluster cluster api.Cluster
timeout time.Duration timeout time.Duration
@ -168,7 +168,7 @@ func (h *machinesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
type membersHandler struct { type membersHandler struct {
sec auth.Store sec v2auth.Store
server etcdserver.ServerV2 server etcdserver.ServerV2
cluster api.Cluster cluster api.Cluster
timeout time.Duration timeout time.Duration

46
etcdserver/api/v2http/client_auth.go
View File

@ -22,23 +22,23 @@ import (
"github.com/coreos/etcd/etcdserver/api" "github.com/coreos/etcd/etcdserver/api"
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes" "github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
"github.com/coreos/etcd/etcdserver/auth" "github.com/coreos/etcd/etcdserver/v2auth"
) )
type authHandler struct { type authHandler struct {
sec auth.Store sec v2auth.Store
cluster api.Cluster cluster api.Cluster
clientCertAuthEnabled bool clientCertAuthEnabled bool
} }
func hasWriteRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool { func hasWriteRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
if r.Method == "GET" || r.Method == "HEAD" { if r.Method == "GET" || r.Method == "HEAD" {
return true return true
} }
return hasRootAccess(sec, r, clientCertAuthEnabled) return hasRootAccess(sec, r, clientCertAuthEnabled)
} }
func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User { func userFromBasicAuth(sec v2auth.Store, r *http.Request) *v2auth.User {
username, password, ok := r.BasicAuth() username, password, ok := r.BasicAuth()
if !ok { if !ok {
plog.Warningf("auth: malformed basic auth encoding") plog.Warningf("auth: malformed basic auth encoding")
@ -57,7 +57,7 @@ func userFromBasicAuth(sec auth.Store, r *http.Request) *auth.User {
return &user return &user
} }
func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User { func userFromClientCertificate(sec v2auth.Store, r *http.Request) *v2auth.User {
if r.TLS == nil { if r.TLS == nil {
return nil return nil
} }
@ -75,7 +75,7 @@ func userFromClientCertificate(sec auth.Store, r *http.Request) *auth.User {
return nil return nil
} }
func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool) bool { func hasRootAccess(sec v2auth.Store, r *http.Request, clientCertAuthEnabled bool) bool {
if sec == nil { if sec == nil {
// No store means no auth available, eg, tests. // No store means no auth available, eg, tests.
return true return true
@ -84,7 +84,7 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool)
return true return true
} }
var rootUser *auth.User var rootUser *v2auth.User
if r.Header.Get("Authorization") == "" && clientCertAuthEnabled { if r.Header.Get("Authorization") == "" && clientCertAuthEnabled {
rootUser = userFromClientCertificate(sec, r) rootUser = userFromClientCertificate(sec, r)
if rootUser == nil { if rootUser == nil {
@ -98,15 +98,15 @@ func hasRootAccess(sec auth.Store, r *http.Request, clientCertAuthEnabled bool)
} }
for _, role := range rootUser.Roles { for _, role := range rootUser.Roles {
if role == auth.RootRoleName { if role == v2auth.RootRoleName {
return true return true
} }
} }
plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, auth.RootRoleName, r.URL.Path) plog.Warningf("auth: user %s does not have the %s role for resource %s.", rootUser.User, v2auth.RootRoleName, r.URL.Path)
return false return false
} }
func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool { func hasKeyPrefixAccess(sec v2auth.Store, r *http.Request, key string, recursive, clientCertAuthEnabled bool) bool {
if sec == nil { if sec == nil {
// No store means no auth available, eg, tests. // No store means no auth available, eg, tests.
return true return true
@ -115,7 +115,7 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive,
return true return true
} }
var user *auth.User var user *v2auth.User
if r.Header.Get("Authorization") == "" { if r.Header.Get("Authorization") == "" {
if clientCertAuthEnabled { if clientCertAuthEnabled {
user = userFromClientCertificate(sec, r) user = userFromClientCertificate(sec, r)
@ -148,9 +148,9 @@ func hasKeyPrefixAccess(sec auth.Store, r *http.Request, key string, recursive,
return false return false
} }
func hasGuestAccess(sec auth.Store, r *http.Request, key string) bool { func hasGuestAccess(sec v2auth.Store, r *http.Request, key string) bool {
writeAccess := r.Method != "GET" && r.Method != "HEAD" writeAccess := r.Method != "GET" && r.Method != "HEAD"
role, err := sec.GetRole(auth.GuestRoleName) role, err := sec.GetRole(v2auth.GuestRoleName)
if err != nil { if err != nil {
return false return false
} }
@ -204,10 +204,10 @@ func (sh *authHandler) baseRoles(w http.ResponseWriter, r *http.Request) {
} }
var rolesCollections struct { var rolesCollections struct {
Roles []auth.Role `json:"roles"` Roles []v2auth.Role `json:"roles"`
} }
for _, roleName := range roles { for _, roleName := range roles {
var role auth.Role var role v2auth.Role
role, err = sh.sec.GetRole(roleName) role, err = sh.sec.GetRole(roleName)
if err != nil { if err != nil {
writeError(w, r, err) writeError(w, r, err)
@ -265,7 +265,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
} }
return return
case "PUT": case "PUT":
var in auth.Role var in v2auth.Role
err := json.NewDecoder(r.Body).Decode(&in) err := json.NewDecoder(r.Body).Decode(&in)
if err != nil { if err != nil {
writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body.")) writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body."))
@ -276,7 +276,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
return return
} }
var out auth.Role var out v2auth.Role
// create // create
if in.Grant.IsEmpty() && in.Revoke.IsEmpty() { if in.Grant.IsEmpty() && in.Revoke.IsEmpty() {
@ -317,7 +317,7 @@ func (sh *authHandler) forRole(w http.ResponseWriter, r *http.Request, role stri
type userWithRoles struct { type userWithRoles struct {
User string `json:"user"` User string `json:"user"`
Roles []auth.Role `json:"roles,omitempty"` Roles []v2auth.Role `json:"roles,omitempty"`
} }
type usersCollections struct { type usersCollections struct {
@ -352,7 +352,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
ucs := usersCollections{} ucs := usersCollections{}
for _, userName := range users { for _, userName := range users {
var user auth.User var user v2auth.User
user, err = sh.sec.GetUser(userName) user, err = sh.sec.GetUser(userName)
if err != nil { if err != nil {
writeError(w, r, err) writeError(w, r, err)
@ -361,7 +361,7 @@ func (sh *authHandler) baseUsers(w http.ResponseWriter, r *http.Request) {
uwr := userWithRoles{User: user.User} uwr := userWithRoles{User: user.User}
for _, roleName := range user.Roles { for _, roleName := range user.Roles {
var role auth.Role var role v2auth.Role
role, err = sh.sec.GetRole(roleName) role, err = sh.sec.GetRole(roleName)
if err != nil { if err != nil {
continue continue
@ -423,7 +423,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
uwr := userWithRoles{User: u.User} uwr := userWithRoles{User: u.User}
for _, roleName := range u.Roles { for _, roleName := range u.Roles {
var role auth.Role var role v2auth.Role
role, err = sh.sec.GetRole(roleName) role, err = sh.sec.GetRole(roleName)
if err != nil { if err != nil {
writeError(w, r, err) writeError(w, r, err)
@ -439,7 +439,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
} }
return return
case "PUT": case "PUT":
var u auth.User var u v2auth.User
err := json.NewDecoder(r.Body).Decode(&u) err := json.NewDecoder(r.Body).Decode(&u)
if err != nil { if err != nil {
writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body.")) writeError(w, r, httptypes.NewHTTPError(http.StatusBadRequest, "Invalid JSON in request body."))
@ -451,7 +451,7 @@ func (sh *authHandler) forUser(w http.ResponseWriter, r *http.Request, user stri
} }
var ( var (
out auth.User out v2auth.User
created bool created bool
) )

144
etcdserver/api/v2http/client_auth_test.go
View File

@ -31,7 +31,7 @@ import (
"testing" "testing"
"github.com/coreos/etcd/etcdserver/api" "github.com/coreos/etcd/etcdserver/api"
"github.com/coreos/etcd/etcdserver/auth" "github.com/coreos/etcd/etcdserver/v2auth"
) )
const goodPassword = "good" const goodPassword = "good"
@ -46,8 +46,8 @@ func mustJSONRequest(t *testing.T, method string, p string, body string) *http.R
} }
type mockAuthStore struct { type mockAuthStore struct {
users map[string]*auth.User users map[string]*v2auth.User
roles map[string]*auth.Role roles map[string]*v2auth.Role
err error err error
enabled bool enabled bool
} }
@ -60,14 +60,14 @@ func (s *mockAuthStore) AllUsers() ([]string, error) {
sort.Strings(us) sort.Strings(us)
return us, s.err return us, s.err
} }
func (s *mockAuthStore) GetUser(name string) (auth.User, error) { func (s *mockAuthStore) GetUser(name string) (v2auth.User, error) {
u, ok := s.users[name] u, ok := s.users[name]
if !ok { if !ok {
return auth.User{}, s.err return v2auth.User{}, s.err
} }
return *u, s.err return *u, s.err
} }
func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, created bool, err error) { func (s *mockAuthStore) CreateOrUpdateUser(user v2auth.User) (out v2auth.User, created bool, err error) {
if s.users == nil { if s.users == nil {
out, err = s.CreateUser(user) out, err = s.CreateUser(user)
return out, true, err return out, true, err
@ -75,31 +75,31 @@ func (s *mockAuthStore) CreateOrUpdateUser(user auth.User) (out auth.User, creat
out, err = s.UpdateUser(user) out, err = s.UpdateUser(user)
return out, false, err return out, false, err
} }
func (s *mockAuthStore) CreateUser(user auth.User) (auth.User, error) { return user, s.err } func (s *mockAuthStore) CreateUser(user v2auth.User) (v2auth.User, error) { return user, s.err }
func (s *mockAuthStore) DeleteUser(name string) error { return s.err } func (s *mockAuthStore) DeleteUser(name string) error { return s.err }
func (s *mockAuthStore) UpdateUser(user auth.User) (auth.User, error) { func (s *mockAuthStore) UpdateUser(user v2auth.User) (v2auth.User, error) {
return *s.users[user.User], s.err return *s.users[user.User], s.err
} }
func (s *mockAuthStore) AllRoles() ([]string, error) { func (s *mockAuthStore) AllRoles() ([]string, error) {
return []string{"awesome", "guest", "root"}, s.err return []string{"awesome", "guest", "root"}, s.err
} }
func (s *mockAuthStore) GetRole(name string) (auth.Role, error) { func (s *mockAuthStore) GetRole(name string) (v2auth.Role, error) {
r, ok := s.roles[name] r, ok := s.roles[name]
if ok { if ok {
return *r, s.err return *r, s.err
} }
return auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err) return v2auth.Role{}, fmt.Errorf("%q does not exist (%v)", name, s.err)
} }
func (s *mockAuthStore) CreateRole(role auth.Role) error { return s.err } func (s *mockAuthStore) CreateRole(role v2auth.Role) error { return s.err }
func (s *mockAuthStore) DeleteRole(name string) error { return s.err } func (s *mockAuthStore) DeleteRole(name string) error { return s.err }
func (s *mockAuthStore) UpdateRole(role auth.Role) (auth.Role, error) { func (s *mockAuthStore) UpdateRole(role v2auth.Role) (v2auth.Role, error) {
return *s.roles[role.Role], s.err return *s.roles[role.Role], s.err
} }
func (s *mockAuthStore) AuthEnabled() bool { return s.enabled } func (s *mockAuthStore) AuthEnabled() bool { return s.enabled }
func (s *mockAuthStore) EnableAuth() error { return s.err } func (s *mockAuthStore) EnableAuth() error { return s.err }
func (s *mockAuthStore) DisableAuth() error { return s.err } func (s *mockAuthStore) DisableAuth() error { return s.err }
func (s *mockAuthStore) CheckPassword(user auth.User, password string) bool { func (s *mockAuthStore) CheckPassword(user v2auth.User, password string) bool {
return user.Password == password return user.Password == password
} }
@ -132,7 +132,7 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "GET", "users", ""), req: mustJSONRequest(t, "GET", "users", ""),
store: mockAuthStore{ store: mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"alice": { "alice": {
User: "alice", User: "alice",
Roles: []string{"alicerole", "guest"}, Roles: []string{"alicerole", "guest"},
@ -149,7 +149,7 @@ func TestAuthFlow(t *testing.T) {
Password: "wheeee", Password: "wheeee",
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"alicerole": { "alicerole": {
Role: "alicerole", Role: "alicerole",
}, },
@ -173,14 +173,14 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "GET", "users/alice", ""), req: mustJSONRequest(t, "GET", "users/alice", ""),
store: mockAuthStore{ store: mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"alice": { "alice": {
User: "alice", User: "alice",
Roles: []string{"alicerole"}, Roles: []string{"alicerole"},
Password: "wheeee", Password: "wheeee",
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"alicerole": { "alicerole": {
Role: "alicerole", Role: "alicerole",
}, },
@ -204,7 +204,7 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "password": "goodpassword"}`), req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "password": "goodpassword"}`),
store: mockAuthStore{ store: mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"alice": { "alice": {
User: "alice", User: "alice",
Roles: []string{"alicerole", "guest"}, Roles: []string{"alicerole", "guest"},
@ -218,7 +218,7 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "grant": ["alicerole"]}`), req: mustJSONRequest(t, "PUT", "users/alice", `{"user": "alice", "grant": ["alicerole"]}`),
store: mockAuthStore{ store: mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"alice": { "alice": {
User: "alice", User: "alice",
Roles: []string{"alicerole", "guest"}, Roles: []string{"alicerole", "guest"},
@ -232,8 +232,8 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "GET", "users/alice", ``), req: mustJSONRequest(t, "GET", "users/alice", ``),
store: mockAuthStore{ store: mockAuthStore{
users: map[string]*auth.User{}, users: map[string]*v2auth.User{},
err: auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."}, err: v2auth.Error{Status: http.StatusNotFound, Errmsg: "auth: User alice doesn't exist."},
}, },
wcode: http.StatusNotFound, wcode: http.StatusNotFound,
wbody: `{"message":"auth: User alice doesn't exist."}`, wbody: `{"message":"auth: User alice doesn't exist."}`,
@ -241,7 +241,7 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "GET", "roles/manager", ""), req: mustJSONRequest(t, "GET", "roles/manager", ""),
store: mockAuthStore{ store: mockAuthStore{
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"manager": { "manager": {
Role: "manager", Role: "manager",
}, },
@ -265,7 +265,7 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "PUT", "roles/manager", `{"role":"manager","revoke":{"kv":{"read":["foo"],"write":[]}}}`), req: mustJSONRequest(t, "PUT", "roles/manager", `{"role":"manager","revoke":{"kv":{"read":["foo"],"write":[]}}}`),
store: mockAuthStore{ store: mockAuthStore{
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"manager": { "manager": {
Role: "manager", Role: "manager",
}, },
@ -277,7 +277,7 @@ func TestAuthFlow(t *testing.T) {
{ {
req: mustJSONRequest(t, "GET", "roles", ""), req: mustJSONRequest(t, "GET", "roles", ""),
store: mockAuthStore{ store: mockAuthStore{
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"awesome": { "awesome": {
Role: "awesome", Role: "awesome",
}, },
@ -318,14 +318,14 @@ func TestAuthFlow(t *testing.T) {
})(), })(),
store: mockAuthStore{ store: mockAuthStore{
enabled: true, enabled: true,
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"root": { "root": {
User: "root", User: "root",
Password: goodPassword, Password: goodPassword,
Roles: []string{"root"}, Roles: []string{"root"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "root", Role: "root",
}, },
@ -342,14 +342,14 @@ func TestAuthFlow(t *testing.T) {
})(), })(),
store: mockAuthStore{ store: mockAuthStore{
enabled: true, enabled: true,
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"root": { "root": {
User: "root", User: "root",
Password: goodPassword, Password: goodPassword,
Roles: []string{"root"}, Roles: []string{"root"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "guest", Role: "guest",
}, },
@ -383,13 +383,13 @@ func TestAuthFlow(t *testing.T) {
func TestGetUserGrantedWithNonexistingRole(t *testing.T) { func TestGetUserGrantedWithNonexistingRole(t *testing.T) {
sh := &authHandler{ sh := &authHandler{
sec: &mockAuthStore{ sec: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"root": { "root": {
User: "root", User: "root",
Roles: []string{"root", "foo"}, Roles: []string{"root", "foo"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "root", Role: "root",
}, },
@ -483,14 +483,14 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustAuthRequest("GET", "root", "good"), req: mustAuthRequest("GET", "root", "good"),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"root": { "root": {
User: "root", User: "root",
Password: goodPassword, Password: goodPassword,
Roles: []string{"root"}, Roles: []string{"root"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "root", Role: "root",
}, },
@ -505,18 +505,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustAuthRequest("GET", "user", "good"), req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Password: goodPassword, Password: goodPassword,
Roles: []string{"foorole"}, Roles: []string{"foorole"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"foorole": { "foorole": {
Role: "foorole", Role: "foorole",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo"}, Read: []string{"/foo"},
Write: []string{"/foo"}, Write: []string{"/foo"},
}, },
@ -533,18 +533,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustAuthRequest("GET", "user", "good"), req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Password: goodPassword, Password: goodPassword,
Roles: []string{"foorole"}, Roles: []string{"foorole"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"foorole": { "foorole": {
Role: "foorole", Role: "foorole",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo*"}, Read: []string{"/foo*"},
Write: []string{"/foo*"}, Write: []string{"/foo*"},
}, },
@ -561,18 +561,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustAuthRequest("GET", "user", "bad"), req: mustAuthRequest("GET", "user", "bad"),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Password: goodPassword, Password: goodPassword,
Roles: []string{"foorole"}, Roles: []string{"foorole"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"foorole": { "foorole": {
Role: "foorole", Role: "foorole",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo*"}, Read: []string{"/foo*"},
Write: []string{"/foo*"}, Write: []string{"/foo*"},
}, },
@ -589,7 +589,7 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustAuthRequest("GET", "user", "good"), req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{}, users: map[string]*v2auth.User{},
err: errors.New("Not the user"), err: errors.New("Not the user"),
enabled: true, enabled: true,
}, },
@ -601,18 +601,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustJSONRequest(t, "GET", "somepath", ""), req: mustJSONRequest(t, "GET", "somepath", ""),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Password: goodPassword, Password: goodPassword,
Roles: []string{"foorole"}, Roles: []string{"foorole"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"guest": { "guest": {
Role: "guest", Role: "guest",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo*"}, Read: []string{"/foo*"},
Write: []string{"/foo*"}, Write: []string{"/foo*"},
}, },
@ -629,18 +629,18 @@ func TestPrefixAccess(t *testing.T) {
key: "/bar", key: "/bar",
req: mustJSONRequest(t, "GET", "somepath", ""), req: mustJSONRequest(t, "GET", "somepath", ""),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Password: goodPassword, Password: goodPassword,
Roles: []string{"foorole"}, Roles: []string{"foorole"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"guest": { "guest": {
Role: "guest", Role: "guest",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo*"}, Read: []string{"/foo*"},
Write: []string{"/foo*"}, Write: []string{"/foo*"},
}, },
@ -658,21 +658,21 @@ func TestPrefixAccess(t *testing.T) {
key: "/foo", key: "/foo",
req: mustAuthRequest("GET", "user", "good"), req: mustAuthRequest("GET", "user", "good"),
store: &mockAuthStore{ store: &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Password: goodPassword, Password: goodPassword,
Roles: []string{"role1", "role2"}, Roles: []string{"role1", "role2"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"role1": { "role1": {
Role: "role1", Role: "role1",
}, },
"role2": { "role2": {
Role: "role2", Role: "role2",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo"}, Read: []string{"/foo"},
Write: []string{"/foo"}, Write: []string{"/foo"},
}, },
@ -694,18 +694,18 @@ func TestPrefixAccess(t *testing.T) {
})(), })(),
store: &mockAuthStore{ store: &mockAuthStore{
enabled: true, enabled: true,
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"root": { "root": {
User: "root", User: "root",
Password: goodPassword, Password: goodPassword,
Roles: []string{"root"}, Roles: []string{"root"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"guest": { "guest": {
Role: "guest", Role: "guest",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo*"}, Read: []string{"/foo*"},
Write: []string{"/foo*"}, Write: []string{"/foo*"},
}, },
@ -724,18 +724,18 @@ func TestPrefixAccess(t *testing.T) {
})(), })(),
store: &mockAuthStore{ store: &mockAuthStore{
enabled: true, enabled: true,
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"root": { "root": {
User: "root", User: "root",
Password: goodPassword, Password: goodPassword,
Roles: []string{"root"}, Roles: []string{"root"},
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"guest": { "guest": {
Role: "guest", Role: "guest",
Permissions: auth.Permissions{ Permissions: v2auth.Permissions{
KV: auth.RWPermission{ KV: v2auth.RWPermission{
Read: []string{"/foo*"}, Read: []string{"/foo*"},
Write: []string{"/foo*"}, Write: []string{"/foo*"},
}, },
@ -764,7 +764,7 @@ func TestPrefixAccess(t *testing.T) {
func TestUserFromClientCertificate(t *testing.T) { func TestUserFromClientCertificate(t *testing.T) {
witherror := &mockAuthStore{ witherror := &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Roles: []string{"root"}, Roles: []string{"root"},
@ -776,7 +776,7 @@ func TestUserFromClientCertificate(t *testing.T) {
Password: "password", Password: "password",
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "root", Role: "root",
}, },
@ -785,7 +785,7 @@ func TestUserFromClientCertificate(t *testing.T) {
} }
noerror := &mockAuthStore{ noerror := &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Roles: []string{"root"}, Roles: []string{"root"},
@ -797,7 +797,7 @@ func TestUserFromClientCertificate(t *testing.T) {
Password: "password", Password: "password",
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "root", Role: "root",
}, },
@ -807,7 +807,7 @@ func TestUserFromClientCertificate(t *testing.T) {
var table = []struct { var table = []struct {
req *http.Request req *http.Request
userExists bool userExists bool
store auth.Store store v2auth.Store
username string username string
}{ }{
{ {
@ -846,14 +846,14 @@ func TestUserFromClientCertificate(t *testing.T) {
func TestUserFromBasicAuth(t *testing.T) { func TestUserFromBasicAuth(t *testing.T) {
sec := &mockAuthStore{ sec := &mockAuthStore{
users: map[string]*auth.User{ users: map[string]*v2auth.User{
"user": { "user": {
User: "user", User: "user",
Roles: []string{"root"}, Roles: []string{"root"},
Password: "password", Password: "password",
}, },
}, },
roles: map[string]*auth.Role{ roles: map[string]*v2auth.Role{
"root": { "root": {
Role: "root", Role: "root",
}, },

4
etcdserver/api/v2http/http.go
View File

@ -22,7 +22,7 @@ import (
"github.com/coreos/etcd/etcdserver/api/etcdhttp" "github.com/coreos/etcd/etcdserver/api/etcdhttp"
"github.com/coreos/etcd/etcdserver/api/v2http/httptypes" "github.com/coreos/etcd/etcdserver/api/v2http/httptypes"
"github.com/coreos/etcd/etcdserver/auth" "github.com/coreos/etcd/etcdserver/v2auth"
"github.com/coreos/etcd/pkg/logutil" "github.com/coreos/etcd/pkg/logutil"
"github.com/coreos/pkg/capnslog" "github.com/coreos/pkg/capnslog"
@ -42,7 +42,7 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) {
if err == nil { if err == nil {
return return
} }
if e, ok := err.(auth.Error); ok { if e, ok := err.(v2auth.Error); ok {
herr := httptypes.NewHTTPError(e.HTTPStatus(), e.Error()) herr := httptypes.NewHTTPError(e.HTTPStatus(), e.Error())
if et := herr.WriteTo(w); et != nil { if et := herr.WriteTo(w); et != nil {
plog.Debugf("error writing HTTPError (%v) to %s", et, r.RemoteAddr) plog.Debugf("error writing HTTPError (%v) to %s", et, r.RemoteAddr)

4
etcdserver/auth/auth.go → etcdserver/v2auth/auth.go
View File

@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
// Package auth implements etcd authentication. // Package v2auth implements etcd authentication.
package auth package v2auth
import ( import (
"context" "context"

2
etcdserver/auth/auth_requests.go → etcdserver/v2auth/auth_requests.go
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
package auth package v2auth
import ( import (
"context" "context"

2
etcdserver/auth/auth_test.go → etcdserver/v2auth/auth_test.go
View File

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
package auth package v2auth
import ( import (
"context" "context"