Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,123 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

158 Commits

Author SHA1 Message Date
shivaramr
9150bf52d6 go modules: Fix module path version to include version number 2019-04-26 15:29:50 -07:00
zhoulin xie
5effa154b4 auth/simple_token.go: fix plog.Panicf error message 
Signed-off-by: zhoulin xie <zhoulin.xie@daocloud.io>
 2019-02-24 19:34:02 -05:00
Sam Batschelet
bf9d0d8291 auth: disable CommonName auth for gRPC-gateway 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2019-01-08 12:31:20 -05:00
Gyuho Lee
c58f5cfeda test: disable "unparam" for now 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2018-12-17 11:30:28 -08:00
Essam A. Hassan
ffbdb458a4 Auth: improve auth coverage 
adds tests for uncovered auth funcs

Issue #9734
 2018-10-01 10:25:38 +02:00
Gyuho Lee
fced933294 auth: update Go import paths to "go.etcd.io" 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2018-08-28 17:47:55 -07:00
Joe LeGasse
a6ddb51c8a auth: Support all JWT algorithms 
This change adds support to etcd for all of the JWT algorithms included
in the underlying JWT library.
 2018-06-26 16:31:01 -04:00
Sam Batschelet
b30a1166e0 auth: fix panic using WithRoot and improve JWT coverage 2018-05-22 12:53:27 -04:00
Jiang Xuan
bf432648ae *: make bcrypt-cost configurable 2018-05-03 11:43:32 -07:00
Gyuho Lee
200401248a
Merge pull request #9665 from gyuho/unconvert 
test: integrate github.com/mdempsky/unconvert
 2018-05-01 09:52:44 -07:00
Gyuho Lee
ae71076579 auth: fix "unconvert" warnings 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-30 15:32:16 -07:00
Gyuho Lee
e9d5789dd4 auth: remove "strings.Compare == 0" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-30 15:10:56 -07:00
Gyuho Lee
d398d41ff0 auth: break TLS VerifiedChains for-loop early 
Fix "auth/store.go:1147:4: the surrounding loop is unconditionally terminated (SA4004)"

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-30 10:34:59 -07:00
Gyuho Lee
da4a982b1c auth: support structured logging 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-27 14:19:48 -07:00
Gyuho Lee
f57fa6abaf auth: support structured logger 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-04-16 17:36:00 -07:00
Hitoshi Mitake
b1dd19a7aa *: don't use string literals directly in grpc metadata 
Current etcd code uses the string literals ("token", "authorization")
as field names of grpc and swappger metadata for passing token. It is
difficult to maintain so this commit introduces new constants for the
purpose.
 2018-03-15 14:17:34 +09:00
Hitoshi Mitake
752963beea *: unify type of key and rangeEnd in AuthRoleRevokePermissionRequest 
Fix https://github.com/coreos/etcd/issues/9424
 2018-03-14 14:38:20 +09:00
Gyuho Lee
f0eb772963 auth: add "IsAuthEnabled" method 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-02-28 11:16:35 -08:00
Gyuho Lee
ac50ef0812
Merge pull request #8302 from mitake/token-ttl 
auth: a new option for configuring TTL of jwt tokens
 2018-02-27 20:50:37 -08:00
Hitoshi Mitake
8fd01f56d6 auth: a new option for configuring TTL of jwt tokens 
This commit adds a new option of --auth-token, ttl, for configuring
TTL of jwt tokens. It can be specified like this:
```
--auth-token jwt,pub-key=<pub key path>,priv-key=<priv key path>,sign-method=<sign method>,ttl=5m
```

In the above case, TTL will be 5 minutes.
 2018-02-27 16:25:19 +09:00
Hitoshi Mitake
8eb7cfb296 auth: a new auth token provider nop 
This commit adds a new auth token provider named nop. The nop provider
refuses every Authenticate() request so CN based authentication can
only be allowed. If the tokenOpts parameter of auth.NewTokenProvider()
is empty, the provider will be used.
 2018-02-27 16:21:14 +09:00
Gyuho Lee
8a518b01c4 *: revert "internal/mvcc" change 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-02-26 17:11:40 -08:00
Gyuho Lee
bb95d190c1 *: revert "internal/auth" change 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-02-26 17:11:40 -08:00
Hitoshi Mitake
6c91766490 *: move "auth" to "internal/auth" 2018-01-29 14:57:35 +09:00
Gyuho Lee
80d15948bc *: move "mvcc" to "internal/mvcc" 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2018-01-26 11:14:41 -08:00
Manjunath A Kumatagi
86c086664c auth: Fix govet errors 2018-01-25 02:30:04 -05:00
Gyuho Lee
1f191a0e34 auth: use NewIncomingContext for "WithRoot" 
"WithRoot" is only used within local node, and
"AuthInfoFromCtx" expects token from incoming context.
Embed token with "NewIncomingContext" so that token
can be found in "AuthInfoFromCtx".

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2017-12-14 21:45:16 -08:00
Gyuho Lee
bcd5390b35 *: regenerate protobuf, grpc-gateway 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2017-12-07 21:31:13 -08:00
Gyuho Lee
645c7c9a92 auth: use "sort.Strings" instead of StringSlice 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
 2017-12-04 14:09:27 -08:00
Hitoshi Mitake
f649132a5a auth, etcdserver: follow the correct usage of context 
The keys of context shouldn't be string. They should be a struct of
their own type.

Fix https://github.com/coreos/etcd/issues/8826
 2017-11-21 15:31:19 +09:00
Gyu-Ho Lee
38942a2a51 auth: clean up mutex lock/unlocks 
Only hold locks when needed.

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-11-06 13:17:29 -08:00
Gyu-Ho Lee
568b856be8 auth: pre-allocate slices in store 
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-11-06 09:16:15 -08:00
Hitoshi Mitake
da0a387aac auth: use binary search for checking root permission 
authpb.User.Roles is sorted so we don't need a linear search for
checking the user has a root role or not.
 2017-10-25 13:16:37 +09:00
Joe Betz
d3c9643761 auth: Fix simpleToken to respect disabled state for assign 2017-10-13 21:44:07 -07:00
Gyu-Ho Lee
f65aee0759 *: replace 'golang.org/x/net/context' with 'context' 
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-09-07 13:39:42 -07:00
Gyu-Ho Lee
35b11bf438 auth: replace NewContext with NewOutgoingContext 
Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-08-17 19:46:19 -07:00
Hitoshi Mitake
e0c33ef881 auth, etcdserver: allow users to know their roles and permissions 
Current UserGet() and RoleGet() RPCs require admin permission. It
means that users cannot know which roles they belong to and what
permissions the roles have. This commit change the semantics and now
users can know their roles and permissions.
 2017-06-26 22:20:41 -07:00
Xiang Li
44a6c2121b Merge pull request #7999 from hexfusion/grpc-gateway-auth 
auth: support "authorization" token for grpc-gateway
 2017-06-15 19:22:00 -07:00
Gyu-Ho Lee
5e059fd8dc *: use metadata Incoming/OutgoingContext 
Fix https://github.com/coreos/etcd/issues/7888.

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
 2017-06-15 16:41:23 -07:00
Sam Batschelet
0caab26310 auth: support "authorization" token for grpc-gateway 2017-06-14 20:11:39 -04:00
Hitoshi Mitake
fa4903c83c Merge pull request #8031 from mitake/lease-revoke-auth 
protecting lease revoking with auth
 2017-06-08 13:34:14 +09:00
Hitoshi Mitake
0c655902f2 auth, etcdserver: protect revoking lease with auth 
Currently clients can revoke any lease without permission. This commit
lets etcdserver protect revoking with write permission.

This commit adds a mechanism for generating internal token. It is used
for indicating that LeaseRevoke was issued internally so it should be
able to delete any attached keys.
 2017-06-07 17:46:14 -07:00
Anthony Romano
8d8d1d225a auth: add JWT tests 2017-06-07 16:49:02 -07:00
Anthony Romano
fe727f3106 auth: reject empty signing method for JWT token provider 2017-06-07 16:49:02 -07:00
Hitoshi Mitake
e1306bff8f *: simply ignore ErrAuthNotEnabled in clientv3 if auth is not enabled 
Fix https://github.com/coreos/etcd/issues/7724
 2017-04-19 11:27:14 +09:00
Anthony Romano
fdf7798137 auth: fix race on stopping simple token keeper 
run goroutine was resetting a field for no reason and without holding a lock.
This patch cleans up the run goroutine management to make the start/stop path
less racey in general.
 2017-04-14 09:50:33 -07:00
Anthony Romano
18bccb4285 auth: protect simpleToken with single mutex and check if enabled 
Dual locking doesn't really give a convincing performance improvement and
the lock ordering makes it impossible to safely check if the TTL keeper
is enabled or not.

Fixes #7722
 2017-04-12 13:40:09 -07:00
Anthony Romano
78a5eb79b5 *: add swagger and grpc-gateway assets for v3lock and v3election 2017-04-10 15:21:07 -07:00
Hitoshi Mitake
c4a45c5713 auth, adt: introduce a new type BytesAffineComparable 
It will be useful for avoiding a cost of casting from string to
[]byte. The permission checker is the first user of the type.
 2017-04-05 13:17:24 +09:00
Hitoshi Mitake
63355062dc Merge pull request #7649 from mitake/range-open-ended 
etcdctl: add a new option --open-ended for unlimited range permission
 2017-04-05 11:03:52 +09:00