Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,048 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

16048 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Siarkowicz
f836291efa
Merge pull request #16195 from fuweid/fix-panic-for-http-only 
[3.4] embed: fix nil pointer dereference when stopServer
 2023-07-11 09:02:39 +02:00
zhangwenkang
30426eb755 clientv3: create keepAliveCtxCloser goroutine only if ctx can be canceled 
Signed-off-by: zhangwenkang <zwenkang@vmware.com>
 2023-07-10 23:08:23 +08:00
Wei Fu
15efc55905 tests/e2e: allow to use SIGTERM to verify graceful-stop 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-07-07 21:28:51 +08:00
Wei Fu
66713f69af embed: fix nil pointer dereference when stopServer 
Since v3.4.25, ETCD server introduces http-only urls flag to expose
gRPC-only endpoints. When user enables this feature, the stopServer will
panic during terminating. If the server is leader, it won't have chance
to transfer the leadership.

```
Jul 07 14:43:04  etcd[11502]: received terminated signal, shutting down...
Jul 07 14:43:04  etcd[11502]: WARNING: 2023/07/07 14:43:04 grpc: addrConn.createTransport failed to connect to {0.0.0.0:2379  <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 0.0.0.0:2379: connect: connection refused". Reconnecting...Jul 07 14:43:04  etcd[11502]: WARNING: 2023/07/07 14:43:04 grpc: addrConn.createTransport failed to connect to {0.0.0.0:2379  <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 0.0.0.0:2379: connect: connection refused". Reconnecting...
Jul 07 14:43:04  etcd[11502]: panic: runtime error: invalid memory address or nil pointer dereference                                                                                                                                                                           Jul 07 14:43:04  etcd[11502]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x130 pc=0x9ccd45]
Jul 07 14:43:04  etcd[11502]: goroutine 225 [running]:
Jul 07 14:43:04  etcd[11502]: google.golang.org/grpc.(*Server).Stop(0x0)
Jul 07 14:43:04  etcd[11502]:         /home/fuwei/go/pkg/mod/google.golang.org/grpc@v1.26.0/server.go:1390 +0x45
Jul 07 14:43:04  etcd[11502]: go.etcd.io/etcd/embed.stopServers.func1()
Jul 07 14:43:04  etcd[11502]:         /home/fuwei/go/src/go.etcd.io/etcd/embed/etcd.go:431 +0x3c
Jul 07 14:43:04  etcd[11502]: go.etcd.io/etcd/embed.stopServers({0x115a558, 0xc000278b70}, 0xc00024f248)
Jul 07 14:43:04  etcd[11502]:         /home/fuwei/go/src/go.etcd.io/etcd/embed/etcd.go:438 +0x7d
Jul 07 14:43:04  etcd[11502]: go.etcd.io/etcd/embed.(*Etcd).Close(0xc0004d6600)
Jul 07 14:43:04  etcd[11502]:         /home/fuwei/go/src/go.etcd.io/etcd/embed/etcd.go:392 +0x835
Jul 07 14:43:04  etcd[11502]: go.etcd.io/etcd/pkg/osutil.HandleInterrupts.func1()
Jul 07 14:43:04  etcd[11502]:         /home/fuwei/go/src/go.etcd.io/etcd/pkg/osutil/interrupt_unix.go:70 +0x284
Jul 07 14:43:04  etcd[11502]: created by go.etcd.io/etcd/pkg/osutil.HandleInterrupts
Jul 07 14:43:04  etcd[11502]:         /home/fuwei/go/src/go.etcd.io/etcd/pkg/osutil/interrupt_unix.go:53 +0xce
Jul 07 14:43:04  systemd[1]: etcd.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
```

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-07-07 21:28:06 +08:00
Marek Siarkowicz
4e800bdc66
Merge pull request #16193 from wenjiaswe/cp 
[3.4] Adding optional revision bump and mark compacted to snapshot restore
 2023-07-07 09:36:53 +02:00
Wenjia
44e59b18a6 Update clientv3/snapshot/v3_snapshot.go 
Co-authored-by: Benjamin Wang <wachao@vmware.com>
Signed-off-by: Wenjia Zhang <wenjiazhang@google.com>
 2023-07-06 23:46:17 -07:00
Wenjia Zhang
1130bf7f84 Adding optional revision bump and mark compacted to snapshot restore 
Signed-off-by: Wenjia Zhang <wenjiazhang@google.com>
 2023-07-06 23:08:38 -07:00
Benjamin Wang
fee612d900
Merge pull request #16020 from tjungblu/putauthshort_3.4 
[3.4] Early exit auth check on lease puts
 2023-06-21 11:06:17 +01:00
Benjamin Wang
d897e4f555
Merge pull request #16047 from kkkkun/cp-14457-to-3.4 
[3.4] etcdserver: fix corruption check when server has just been compacted
 2023-06-19 09:36:34 +01:00
Benjamin Wang
a8d4009a94
Merge pull request #16089 from jmhbnz/release-3.4 
[3.4] Backport .github/workflows: Read .go-version as a step and not separate workflow
 2023-06-19 09:35:49 +01:00
James Blair
f0a1499ce9
Backport .github/workflows: Read .go-version as a step and not separate workflow. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-06-16 20:45:14 +12:00
Thomas Jungblut
afa0167538 Add first unit test for authApplierV3 
This contains a slight refactoring to expose enough information
to write meaningful tests for auth applier v3.

Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
 2023-06-16 10:08:47 +02:00
kkkkun
bce0d0b799 etcdserver: fix corruption check when server has just been compacted 
Signed-off-by: kkkkun <scuzk373x@gmail.com>
 2023-06-11 22:01:36 +08:00
Benjamin Wang
ca4a717def
Merge pull request #16038 from daljitdokal/release-3.4 
[3.4] Backport updating go to latest patch release 1.19.10
 2023-06-10 20:36:04 +08:00
Daljit Singh
7b7140bd51 [3.4] Backport updating go to latest patch release 1.19.10 
Signed-off-by: Daljit Singh <daljit.dokal@yahoo.co.nz>
 2023-06-09 10:21:27 +12:00
Thomas Jungblut
96d0831770 Early exit auth check on lease puts 
Mitigates #15993 by not checking each key individually for permission
when auth is entirely disabled or admin user is calling the method.

Backport of #16005

Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
 2023-06-06 11:45:28 +02:00
Benjamin Wang
a603c07989 bump version to 3.4.26 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
v3.4.26 		2023-05-12 09:40:47 +08:00
Benjamin Wang
3f78c423b5
Merge pull request #15814 from mitake/backport-15656-3.4 
Backport 15656 to release-3.4
 2023-05-10 08:16:41 +08:00
Benjamin Wang
2db96e817f
Merge pull request #15861 from serathius/go-version-release-3.4 
[release-3.4] Move go version to dedicated .go-version file
 2023-05-10 04:50:42 +08:00
Marek Siarkowicz
6796a50397 Move go version to dedicated .go-version file 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-05-09 14:56:34 +02:00
Hitoshi Mitake
c62b5db79d tests: e2e and integration test for timetolive 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
 2023-05-08 22:54:54 +09:00
Hitoshi Mitake
71e85e9ded etcdserver: protect lease timetilive with auth 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
 2023-05-08 22:54:54 +09:00
Benjamin Wang
27d362ae94
Merge pull request #15823 from jmhbnz/release-3.4-backport 
[3.4] Backport updating go to latest patch release 1.19.9
 2023-05-05 08:16:53 +08:00
James Blair
9925f90161
Backport go update to latest patch release 1.19.9. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-05-04 15:20:32 +12:00
James Blair
2ce1c37160
Backport centralising go version for actions workflows. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-05-04 15:19:39 +12:00
Benjamin Wang
392144d73a
Merge pull request #15788 from sharathsivakumar/release-3.4 
[3.4] server: backport 15743, improved description of --initial-cluster-state
 2023-04-27 04:12:48 +08:00
sharathsivakumar
7fa519fa24
server: backport 15743, improved description of --initial-cluster-state 
Signed-off-by: sharathsivakumar <mailssr9@gmail.com>
 2023-04-26 17:08:29 +02:00
Benjamin Wang
94593e63d4
Merge pull request #15715 from ahrtr/fix_release_20230414 
[3.4] fix release.sh: git_assert_branch_in_sync not exist in 3.4
v3.4.25 		2023-04-14 15:19:34 +08:00
Benjamin Wang
46c6ea552e fix release.sh: git_assert_branch_in_sync not exist in 3.4 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-14 14:48:34 +08:00
Benjamin Wang
bc19b67f16 bump version to 3.4.25 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-14 14:21:15 +08:00
Benjamin Wang
b56268ac48
Merge pull request #15677 from ahrtr/jwt_panic_3.4_20230410 
[3.4] etcdserver: verify field 'username' and 'revision' present when decoding a JWT token
 2023-04-11 18:44:43 +08:00
Marek Siarkowicz
1d759fc8bd
Merge pull request #15697 from ahrtr/3.4_request_progress_20230411 
[3.4] etcdserver: guarantee order of requested progress notification
 2023-04-11 10:49:21 +02:00
Benjamin Wang
90e4d04c8e etcdserver: guarantee order of requested progress notification 
Progress notifications requested using ProgressRequest were sent
directly using the ctrlStream, which means that they could race
against watch responses in the watchStream.

This would especially happen when the stream was not synced - e.g. if
you requested a progress notification on a freshly created unsynced
watcher, the notification would typically arrive indicating a revision
for which not all watch responses had been sent.

This changes the behaviour so that v3rpc always goes through the watch
stream, using a new RequestProgressAll function that closely matches
the behaviour of the v3rpc code - i.e.

1. Generate a message with WatchId -1, indicating the revision for
   *all* watchers in the stream

2. Guarantee that a response is (eventually) sent

The latter might require us to defer the response until all watchers
are synced, which is likely as it should be. Note that we do *not*
guarantee that the number of progress notifications matches the number
of requests, only that eventually at least one gets sent.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-11 12:47:09 +08:00
Benjamin Wang
881147f5d8
Merge pull request #15681 from jmhbnz/release-3.4 
[3.4] Backport fix for all docker images showing amd64 architecture
 2023-04-10 19:31:43 +08:00
James Blair
8f0a8a1271
Backport fix for all docker images showing amd64 architecture. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-04-10 22:43:10 +12:00
Benjamin Wang
abdc3cc41f
Merge pull request #15609 from pchan/automated-cherry-pick-of-#15505-upstream-release-3.4 
[3.4] Add testing of etcd in local image in release workflow
 2023-04-10 16:37:01 +08:00
Prasad Chandrasekaran
4a826042f1 scripts: Add testing of etcd in local image in release workflow. 
Signed-off-by: Prasad Chandrasekaran <prasadc@vmware.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
 2023-04-10 13:25:57 +05:30
Benjamin Wang
b000f15049 etcdserver: verify field 'username' and 'revision' present when decoding a JWT token 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-10 08:26:12 +08:00
Marek Siarkowicz
4b91b6d800
Merge pull request #15662 from ahrtr/backport_15447_3.4_20230407 
[3.4] etcdserver: set zap logging to wsproxy
 2023-04-07 10:55:55 +02:00
Benjamin Wang
b48cf63488
Merge pull request #15655 from mitake/3.4-backport-15648 
[3.4] backport 15648
 2023-04-07 16:49:24 +08:00
Benjamin Wang
b364b48475 etcdserver: set zap logging to wsproxy 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-07 13:38:25 +08:00
Benjamin Wang
3618ab4b07 security: remove password after authenticating the user 
fix https://nvd.nist.gov/vuln/detail/CVE-2021-28235

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-06 22:42:29 +09:00
Benjamin Wang
1f746597ea test: add an e2e test to reproduce https://nvd.nist.gov/vuln/detail/CVE-2021-28235 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-06 22:17:20 +09:00
Benjamin Wang
584576d672
Merge pull request #15652 from ahrtr/bump_go_20230406_3.4 
[3.4] Bump golang to 1.19.8 to fix CVEs
 2023-04-06 15:48:41 +08:00
Benjamin Wang
78a898a903 bump golang to 1.19.8 to fix CVEs 
https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-06 14:31:15 +08:00
Benjamin Wang
ab64d49a13
Merge pull request #15621 from mitake/3.4-backport-15294 
[3.4] backport 15294
 2023-04-05 08:25:01 +08:00
Hitoshi Mitake
442de314a2 server/auth: disallow creating empty permission ranges 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
 2023-04-04 21:41:04 +09:00
J. David Lowe
cee78aca75 etcdserver: don't attempt to grant nil permission to a role 
Prevent etcd from crashing when given a bad grant payload, e.g.:

$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add
{"header":{"cluster_id":"14841639068965178418", ...
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant
curl: (52) Empty reply from server

Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
Signed-off-by: J. David Lowe <j.david.lowe@gmail.com>
 2023-04-04 21:40:54 +09:00
Marek Siarkowicz
a1a37492f5
Merge pull request #15620 from serathius/separate-grpc-server-3.4 
[3.4] Separate grpc server
 2023-04-04 09:48:45 +02:00
Marek Siarkowicz
47d4ff2e36 server: Fix defer function closure escape 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-04-03 16:11:05 +02:00