1194 Commits

Author SHA1 Message Date
Barak Michener
d5a0e3ac6a etcdhttp: Always strip password hash when returning users 2015-06-22 18:39:16 -04:00
Xiang Li
979f531261 auth: refactor updateRole
We will return error if revoke or grant fails to update the role.
No need to check if revoke or grant is nil or not.
2015-06-22 15:16:10 -07:00
Xiang Li
3f82e7b116 auth: do not allow to grant duplicate role or revoke ungranted role to a user 2015-06-22 15:11:09 -07:00
Barak Michener
51a65599dd Merge pull request #3021 from xiang90/auth_err
etcdserver: use correct http status code for auth error
2015-06-22 14:58:33 -04:00
Xiang Li
c39aad0e92 etcdserver: use correct http status code for auth error 2015-06-22 09:28:47 -07:00
Xiang Li
3e4479b0cd Merge pull request #3022 from xiang90/aut_type
etcdhttp: fix the response type for auth
2015-06-21 15:06:35 -07:00
Xiang Li
d295d21349 etcdserver: better log message for url mismatch 2015-06-19 19:36:26 -07:00
Xiang Li
cad757efa0 etcdhttp: fix the response type for auth 2015-06-19 15:19:00 -07:00
Barak Michener
64ec8af91b *: Rename security to auth 2015-06-15 18:18:50 -04:00
Antoine Grondin
270487d340 etcdserver: use Infof to print formatted argument 2015-06-14 20:22:21 +07:00
Xiang Li
8ad7ed321e *:godep log pkg 2015-06-11 14:22:14 -07:00
Xiang Li
f013a627a4 etcdserver/stats: use leveled log 2015-06-11 14:22:14 -07:00
Xiang Li
cf7cb2b8a9 etcdserver/security: use leveled log 2015-06-11 14:22:14 -07:00
Xiang Li
2f795e42d0 httptypes: use leveled log 2015-06-11 14:19:53 -07:00
Barak Michener
7bf0479e66 Merge pull request #2882 from barakmich/security_client_new
*: Add security/authorization to etcd/client and etcdctl
2015-06-11 13:40:32 -04:00
Yicheng Qin
1af2b4cad7 rafthttp: fix TestUpdateMember
Before this PR, it may error like this:

```
--- FAIL: TestUpdateMember-2 (0.00s)
		server_test.go:950: action =
		[{ApplyConfChange:ConfChangeUpdateNode []}
{ProposeConfChange:ConfChangeUpdateNode []}], want
[{ProposeConfChange:ConfChangeUpdateNode []}
{ApplyConfChange:ConfChangeUpdateNode []}]
```

This fixes the test by recording the proposal event in time.
2015-06-11 09:45:34 -07:00
Yicheng Qin
cd629c9b44 Merge pull request #2939 from yichengq/fix-update-attr
etcdserver: allow to update attributes of removed member
2015-06-10 16:53:39 -07:00
Yicheng Qin
8725e69cf7 etcdserver: allow to update attributes of removed member
There exist the possiblity to update attributes of removed member in
reasonable workflow:
1. start member A
2. leader receives the proposal to remove member A
2. member A sends the proposal of update its attribute to the leader
3. leader commits the two proposals
So etcdserver should allow to update attributes of removed member.
2015-06-10 16:52:18 -07:00
Yicheng Qin
4e79abcfeb Merge pull request #2944 from yichengq/fix-2procs
pkg/testutil: ForceGosched -> WaitSchedule
2015-06-10 14:44:32 -07:00
Yicheng Qin
018fb8e6d9 pkg/testutil: ForceGosched -> WaitSchedule
ForceGosched() performs bad when GOMAXPROCS>1. When GOMAXPROCS=1, it
could promise that other goroutines run long enough
because it always yield the processor to other goroutines. But it cannot
yield processor to goroutine running on other processors. So when
GOMAXPROCS>1, the yield may finish when goroutine on the other
processor just runs for little time.

Here is a test to confirm the case:

```
package main

import (
	"fmt"
	"runtime"
	"testing"
)

func ForceGosched() {
	// possibility enough to sched up to 10 go routines.
	for i := 0; i < 10000; i++ {
		runtime.Gosched()
	}
}

var d int

func loop(c chan struct{}) {
	for {
		select {
		case <-c:
			for i := 0; i < 1000; i++ {
				fmt.Sprintf("come to time %d", i)
			}
			d++
		}
	}
}

func TestLoop(t *testing.T) {
	c := make(chan struct{}, 1)
	go loop(c)
	c <- struct{}{}
	ForceGosched()
	if d != 1 {
		t.Fatal("d is not incremented")
	}
}
```

`go test -v -race` runs well, but `GOMAXPROCS=2 go test -v -race` fails.

Change the functionality to waiting for schedule to happen.
2015-06-10 14:37:41 -07:00
Barak Michener
a4d1a5a6e5 *: Add security/auth support to etcdctl and etcd/client
add godep for speakeasy and auth entry parsing
add security_user to client
add role to client
add role commands
add auth support to etcdclient and etcdctl(member/user)
add enable/disable to etcdctl
better error messages, read/write/readwrite
Bump go-etcd to include codec changes, add new dependency
verify the error for revoke/add if nothing changed, remove security-merging prefix
2015-06-10 16:58:10 -04:00
Xiang Li
19ef3a0982 Merge pull request #2934 from xiang90/etcdserver_log
etcdserver: use leveled logging
2015-06-09 15:53:52 -07:00
Xiang Li
e0f9796653 etcdserver: use leveled logging
Leveled logging for etcdserver pkg.
2015-06-09 13:53:07 -07:00
Yicheng Qin
9fbd2599ad Merge pull request #2940 from yichengq/improve-raft-loop
etcdserver: stop raft loop when receiving stop signal
2015-06-09 11:24:53 -07:00
Yicheng Qin
0814966ca2 etcdserver: stop raft loop when receiving stop signal
When it waits for apply to be done, it should stop the loop if it
receives stop signal.

This helps to print out panic information. Before this PR, if the panic
happens when server loop is applying entries, server loop will wait for
raft loop to stop forever.
2015-06-09 11:11:53 -07:00
Brian Akins
d8a836e618 Simple debug HTTP request logging 2015-06-09 13:40:37 -04:00
Xiang Li
0adeee2965 etcdhttp: use leveled logging 2015-06-09 09:26:57 -07:00
Xiang Li
3af4a45d7b etcdserver: make raft use leveled logger 2015-06-02 12:50:42 -07:00
Xiang Li
42fe370b35 Merge pull request #2848 from xiang90/metrics
*: use namespace and subsystem in metrics
2015-05-26 14:44:54 -07:00
Xiang Li
34ac145b38 *: use namespace and subsystem in metrics
Fix #2841.

From Prometheus developer:
```
the recommended way for etcd as an open source project and under
consideration of its size would be etcd_<subsystem>_<name>.
```

We made the naming change accordingly.
2015-05-26 14:39:04 -07:00
Xiang Li
3028edd7dc Merge pull request #2856 from xiang90/mrefactor
etcdserver: refactore member.go
2015-05-26 14:37:37 -07:00
Barak Michener
9ef098c5ed etcdserver: fix go vet. Fixes #2859 2015-05-22 13:54:54 -04:00
Xiang Li
58eefda72d Merge pull request #2840 from yichengq/revert-url-equal
Revert "Treat URLs have same IP address as same"
2015-05-21 19:27:19 -07:00
Xiang Li
4a72d3a8bb etcdserver: refactore member.go 2015-05-21 09:19:29 -07:00
Xiang Li
260aad5468 Merge pull request #2830 from xiang90/join_checking
checking cluster version compatibility before joining the existing cluster
2015-05-20 12:25:50 -07:00
Xiang Li
aa417ab644 etcdserver: log the per endpoint error in getVersion 2015-05-20 12:10:10 -07:00
Xiang Li
db7db689a6 etcdserver: check cluster version compability when joining 2015-05-19 10:19:41 -07:00
Barak Michener
a88a53274f security: Lazily create the security directories. Fixes #2755, may find new instances for #2741
revert the kv integration test

fix nits

amend security mention of GUEST
2015-05-18 17:28:04 -04:00
Yicheng Qin
3153e635d5 Revert "Treat URLs have same IP address as same"
This reverts commit f8ce5996b0566619fde8cca431890a49c52cf3d6.

etcd no longer resolves TCP addresses passed in through flags,
so there is no need to compare hostname and IP slices anymore.
(for more details: a3892221eea4804f58ce83934c91964e83f4f30c)

Conflicts:
	etcdserver/cluster.go
	etcdserver/config.go
	pkg/netutil/netutil.go
	pkg/netutil/netutil_test.go
2015-05-16 03:21:10 -07:00
Xiang Li
9f8342dba4 etcdserver: do not get local version via HTTP 2015-05-13 17:19:32 -07:00
Xiang Li
988c30bfba etcdserver: getVersion returns both server and cluster version 2015-05-13 17:04:46 -07:00
Xiang Li
6296054ff6 etcdhttp: version endpoint also returns cluster version. 2015-05-13 15:48:10 -07:00
Yicheng Qin
75ee7f4aa1 Merge pull request #2821 from yichengq/private-cluster
etcdserver: stop exposing Cluster struct
2015-05-13 10:26:48 -07:00
Xiang Li
2690535f8a Merge pull request #2820 from xiang90/cap
version capability checking
2015-05-13 10:16:49 -07:00
Xiang Li
d3b1d5c008 etcdhttp: support capability checking
etcdhttp will check the cluster version and update its
capability version periodically.

Any new handler's after 2.0 needs to wrap by capability handler
to ensure it is not accessable until rolling upgrade finished.
2015-05-13 10:11:35 -07:00
Yicheng Qin
a6a649f1c3 etcdserver: stop exposing Cluster struct
After this PR, only cluster's interface Cluster is exposed, which makes
code much cleaner. And it avoids external packages to rely on cluster
struct in the future.
2015-05-13 10:01:25 -07:00
Xiang Li
f2905f2828 etcdserver: remove unnecessary around detect datadir
The log is super unhelpful. When I have a 2.1.0 etcd, it prints out
`2.0.1 vaild dir`. I have no idea why the data dir of a 2.1.0 etcd is
2.0.1.
2015-05-12 22:06:42 -07:00
Yicheng Qin
032db5e396 *: extract types.Cluster from etcdserver.Cluster
The PR extracts types.Cluster from etcdserver.Cluster. types.Cluster
is used for flag parsing and etcdserver config.

There is no need to expose etcdserver.Cluster public, which contains
lots of etcdserver internal details and methods. This is the first step
for it.
2015-05-12 14:53:11 -07:00
Xiang Li
e866314b94 etcdserver: support update cluster version through raft
1. Persist the cluster version change through raft. When the member is restarted, it can recover
the previous known decided cluster version.

2. When there is a new leader, it is forced to do a version checking immediately. This helps to
update the first cluster version fast.
2015-05-12 11:44:34 -07:00
Xiang Li
94ffd72c7e etcdserver: rename StoreAdminPrefix to StoreClusterPrefix
We store cluster related key in StoreAdminPrefix for some
historical reason. The previous API is called admin. But now,
the admin name is gone and `cluster` is a more clear and correct
name.
2015-04-29 12:05:51 -07:00