Marek Siarkowicz
f836291efa
Merge pull request #16195 from fuweid/fix-panic-for-http-only
...
[3.4] embed: fix nil pointer dereference when stopServer
2023-07-11 09:02:39 +02:00
zhangwenkang
30426eb755
clientv3: create keepAliveCtxCloser goroutine only if ctx can be canceled
...
Signed-off-by: zhangwenkang <zwenkang@vmware.com>
2023-07-10 23:08:23 +08:00
Wei Fu
15efc55905
tests/e2e: allow to use SIGTERM to verify graceful-stop
...
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2023-07-07 21:28:51 +08:00
Wei Fu
66713f69af
embed: fix nil pointer dereference when stopServer
...
Since v3.4.25, ETCD server introduces http-only urls flag to expose
gRPC-only endpoints. When user enables this feature, the stopServer will
panic during terminating. If the server is leader, it won't have chance
to transfer the leadership.
```
Jul 07 14:43:04 etcd[11502]: received terminated signal, shutting down...
Jul 07 14:43:04 etcd[11502]: WARNING: 2023/07/07 14:43:04 grpc: addrConn.createTransport failed to connect to {0.0.0.0:2379 <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 0.0.0.0:2379: connect: connection refused". Reconnecting...Jul 07 14:43:04 etcd[11502]: WARNING: 2023/07/07 14:43:04 grpc: addrConn.createTransport failed to connect to {0.0.0.0:2379 <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 0.0.0.0:2379: connect: connection refused". Reconnecting...
Jul 07 14:43:04 etcd[11502]: panic: runtime error: invalid memory address or nil pointer dereference Jul 07 14:43:04 etcd[11502]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x130 pc=0x9ccd45]
Jul 07 14:43:04 etcd[11502]: goroutine 225 [running]:
Jul 07 14:43:04 etcd[11502]: google.golang.org/grpc.(*Server).Stop(0x0)
Jul 07 14:43:04 etcd[11502]: /home/fuwei/go/pkg/mod/google.golang.org/grpc@v1.26.0/server.go:1390 +0x45
Jul 07 14:43:04 etcd[11502]: go.etcd.io/etcd/embed.stopServers.func1()
Jul 07 14:43:04 etcd[11502]: /home/fuwei/go/src/go.etcd.io/etcd/embed/etcd.go:431 +0x3c
Jul 07 14:43:04 etcd[11502]: go.etcd.io/etcd/embed.stopServers({0x115a558, 0xc000278b70}, 0xc00024f248)
Jul 07 14:43:04 etcd[11502]: /home/fuwei/go/src/go.etcd.io/etcd/embed/etcd.go:438 +0x7d
Jul 07 14:43:04 etcd[11502]: go.etcd.io/etcd/embed.(*Etcd).Close(0xc0004d6600)
Jul 07 14:43:04 etcd[11502]: /home/fuwei/go/src/go.etcd.io/etcd/embed/etcd.go:392 +0x835
Jul 07 14:43:04 etcd[11502]: go.etcd.io/etcd/pkg/osutil.HandleInterrupts.func1()
Jul 07 14:43:04 etcd[11502]: /home/fuwei/go/src/go.etcd.io/etcd/pkg/osutil/interrupt_unix.go:70 +0x284
Jul 07 14:43:04 etcd[11502]: created by go.etcd.io/etcd/pkg/osutil.HandleInterrupts
Jul 07 14:43:04 etcd[11502]: /home/fuwei/go/src/go.etcd.io/etcd/pkg/osutil/interrupt_unix.go:53 +0xce
Jul 07 14:43:04 systemd[1]: etcd.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
```
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2023-07-07 21:28:06 +08:00
Marek Siarkowicz
4e800bdc66
Merge pull request #16193 from wenjiaswe/cp
...
[3.4] Adding optional revision bump and mark compacted to snapshot restore
2023-07-07 09:36:53 +02:00
Wenjia
44e59b18a6
Update clientv3/snapshot/v3_snapshot.go
...
Co-authored-by: Benjamin Wang <wachao@vmware.com>
Signed-off-by: Wenjia Zhang <wenjiazhang@google.com>
2023-07-06 23:46:17 -07:00
Wenjia Zhang
1130bf7f84
Adding optional revision bump and mark compacted to snapshot restore
...
Signed-off-by: Wenjia Zhang <wenjiazhang@google.com>
2023-07-06 23:08:38 -07:00
Benjamin Wang
fee612d900
Merge pull request #16020 from tjungblu/putauthshort_3.4
...
[3.4] Early exit auth check on lease puts
2023-06-21 11:06:17 +01:00
Benjamin Wang
d897e4f555
Merge pull request #16047 from kkkkun/cp-14457-to-3.4
...
[3.4] etcdserver: fix corruption check when server has just been compacted
2023-06-19 09:36:34 +01:00
Benjamin Wang
a8d4009a94
Merge pull request #16089 from jmhbnz/release-3.4
...
[3.4] Backport .github/workflows: Read .go-version as a step and not separate workflow
2023-06-19 09:35:49 +01:00
James Blair
f0a1499ce9
Backport .github/workflows: Read .go-version as a step and not separate workflow.
...
Signed-off-by: James Blair <mail@jamesblair.net>
2023-06-16 20:45:14 +12:00
Thomas Jungblut
afa0167538
Add first unit test for authApplierV3
...
This contains a slight refactoring to expose enough information
to write meaningful tests for auth applier v3.
Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
2023-06-16 10:08:47 +02:00
kkkkun
bce0d0b799
etcdserver: fix corruption check when server has just been compacted
...
Signed-off-by: kkkkun <scuzk373x@gmail.com>
2023-06-11 22:01:36 +08:00
Benjamin Wang
ca4a717def
Merge pull request #16038 from daljitdokal/release-3.4
...
[3.4] Backport updating go to latest patch release 1.19.10
2023-06-10 20:36:04 +08:00
Daljit Singh
7b7140bd51
[3.4] Backport updating go to latest patch release 1.19.10
...
Signed-off-by: Daljit Singh <daljit.dokal@yahoo.co.nz>
2023-06-09 10:21:27 +12:00
Thomas Jungblut
96d0831770
Early exit auth check on lease puts
...
Mitigates #15993 by not checking each key individually for permission
when auth is entirely disabled or admin user is calling the method.
Backport of #16005
Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
2023-06-06 11:45:28 +02:00
Benjamin Wang
a603c07989
bump version to 3.4.26
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
v3.4.26
2023-05-12 09:40:47 +08:00
Benjamin Wang
3f78c423b5
Merge pull request #15814 from mitake/backport-15656-3.4
...
Backport 15656 to release-3.4
2023-05-10 08:16:41 +08:00
Benjamin Wang
2db96e817f
Merge pull request #15861 from serathius/go-version-release-3.4
...
[release-3.4] Move go version to dedicated .go-version file
2023-05-10 04:50:42 +08:00
Marek Siarkowicz
6796a50397
Move go version to dedicated .go-version file
...
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2023-05-09 14:56:34 +02:00
Hitoshi Mitake
c62b5db79d
tests: e2e and integration test for timetolive
...
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
2023-05-08 22:54:54 +09:00
Hitoshi Mitake
71e85e9ded
etcdserver: protect lease timetilive with auth
...
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
2023-05-08 22:54:54 +09:00
Benjamin Wang
27d362ae94
Merge pull request #15823 from jmhbnz/release-3.4-backport
...
[3.4] Backport updating go to latest patch release 1.19.9
2023-05-05 08:16:53 +08:00
James Blair
9925f90161
Backport go update to latest patch release 1.19.9.
...
Signed-off-by: James Blair <mail@jamesblair.net>
2023-05-04 15:20:32 +12:00
James Blair
2ce1c37160
Backport centralising go version for actions workflows.
...
Signed-off-by: James Blair <mail@jamesblair.net>
2023-05-04 15:19:39 +12:00
Benjamin Wang
392144d73a
Merge pull request #15788 from sharathsivakumar/release-3.4
...
[3.4] server: backport 15743, improved description of --initial-cluster-state
2023-04-27 04:12:48 +08:00
sharathsivakumar
7fa519fa24
server: backport 15743, improved description of --initial-cluster-state
...
Signed-off-by: sharathsivakumar <mailssr9@gmail.com>
2023-04-26 17:08:29 +02:00
Benjamin Wang
94593e63d4
Merge pull request #15715 from ahrtr/fix_release_20230414
...
[3.4] fix release.sh: git_assert_branch_in_sync not exist in 3.4
v3.4.25
2023-04-14 15:19:34 +08:00
Benjamin Wang
46c6ea552e
fix release.sh: git_assert_branch_in_sync not exist in 3.4
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-14 14:48:34 +08:00
Benjamin Wang
bc19b67f16
bump version to 3.4.25
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-14 14:21:15 +08:00
Benjamin Wang
b56268ac48
Merge pull request #15677 from ahrtr/jwt_panic_3.4_20230410
...
[3.4] etcdserver: verify field 'username' and 'revision' present when decoding a JWT token
2023-04-11 18:44:43 +08:00
Marek Siarkowicz
1d759fc8bd
Merge pull request #15697 from ahrtr/3.4_request_progress_20230411
...
[3.4] etcdserver: guarantee order of requested progress notification
2023-04-11 10:49:21 +02:00
Benjamin Wang
90e4d04c8e
etcdserver: guarantee order of requested progress notification
...
Progress notifications requested using ProgressRequest were sent
directly using the ctrlStream, which means that they could race
against watch responses in the watchStream.
This would especially happen when the stream was not synced - e.g. if
you requested a progress notification on a freshly created unsynced
watcher, the notification would typically arrive indicating a revision
for which not all watch responses had been sent.
This changes the behaviour so that v3rpc always goes through the watch
stream, using a new RequestProgressAll function that closely matches
the behaviour of the v3rpc code - i.e.
1. Generate a message with WatchId -1, indicating the revision for
*all* watchers in the stream
2. Guarantee that a response is (eventually) sent
The latter might require us to defer the response until all watchers
are synced, which is likely as it should be. Note that we do *not*
guarantee that the number of progress notifications matches the number
of requests, only that eventually at least one gets sent.
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-11 12:47:09 +08:00
Benjamin Wang
881147f5d8
Merge pull request #15681 from jmhbnz/release-3.4
...
[3.4] Backport fix for all docker images showing amd64 architecture
2023-04-10 19:31:43 +08:00
James Blair
8f0a8a1271
Backport fix for all docker images showing amd64 architecture.
...
Signed-off-by: James Blair <mail@jamesblair.net>
2023-04-10 22:43:10 +12:00
Benjamin Wang
abdc3cc41f
Merge pull request #15609 from pchan/automated-cherry-pick-of-#15505-upstream-release-3.4
...
[3.4] Add testing of etcd in local image in release workflow
2023-04-10 16:37:01 +08:00
Prasad Chandrasekaran
4a826042f1
scripts: Add testing of etcd in local image in release workflow.
...
Signed-off-by: Prasad Chandrasekaran <prasadc@vmware.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
2023-04-10 13:25:57 +05:30
Benjamin Wang
b000f15049
etcdserver: verify field 'username' and 'revision' present when decoding a JWT token
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-10 08:26:12 +08:00
Marek Siarkowicz
4b91b6d800
Merge pull request #15662 from ahrtr/backport_15447_3.4_20230407
...
[3.4] etcdserver: set zap logging to wsproxy
2023-04-07 10:55:55 +02:00
Benjamin Wang
b48cf63488
Merge pull request #15655 from mitake/3.4-backport-15648
...
[3.4] backport 15648
2023-04-07 16:49:24 +08:00
Benjamin Wang
b364b48475
etcdserver: set zap logging to wsproxy
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-07 13:38:25 +08:00
Benjamin Wang
3618ab4b07
security: remove password after authenticating the user
...
fix https://nvd.nist.gov/vuln/detail/CVE-2021-28235
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-06 22:42:29 +09:00
Benjamin Wang
1f746597ea
test: add an e2e test to reproduce https://nvd.nist.gov/vuln/detail/CVE-2021-28235
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-06 22:17:20 +09:00
Benjamin Wang
584576d672
Merge pull request #15652 from ahrtr/bump_go_20230406_3.4
...
[3.4] Bump golang to 1.19.8 to fix CVEs
2023-04-06 15:48:41 +08:00
Benjamin Wang
78a898a903
bump golang to 1.19.8 to fix CVEs
...
https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-04-06 14:31:15 +08:00
Benjamin Wang
ab64d49a13
Merge pull request #15621 from mitake/3.4-backport-15294
...
[3.4] backport 15294
2023-04-05 08:25:01 +08:00
Hitoshi Mitake
442de314a2
server/auth: disallow creating empty permission ranges
...
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
2023-04-04 21:41:04 +09:00
J. David Lowe
cee78aca75
etcdserver: don't attempt to grant nil permission to a role
...
Prevent etcd from crashing when given a bad grant payload, e.g.:
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add
{"header":{"cluster_id":"14841639068965178418", ...
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant
curl: (52) Empty reply from server
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
Signed-off-by: J. David Lowe <j.david.lowe@gmail.com>
2023-04-04 21:40:54 +09:00
Marek Siarkowicz
a1a37492f5
Merge pull request #15620 from serathius/separate-grpc-server-3.4
...
[3.4] Separate grpc server
2023-04-04 09:48:45 +02:00
Marek Siarkowicz
47d4ff2e36
server: Fix defer function closure escape
...
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2023-04-03 16:11:05 +02:00