Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,681 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

813 Commits

Author SHA1 Message Date
Benjamin Wang
643e6e1993 etcdserver: verify field 'username' and 'revision' present when decoding a JWT token 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-10 08:21:43 +08:00
Benjamin Wang
5872b80ed5
Merge pull request #15512 from engow/automated-cherry-pick-of-#15432-origin-release-3.5 
[3.5] server/auth: fix auth panic bug when user changes password
 2023-04-08 06:22:37 +08:00
Marek Siarkowicz
4501fd88c7
Merge pull request #15619 from mitake/3.5-backport-15294 
[3.5] backport 15294
 2023-04-07 17:47:23 +02:00
Benjamin Wang
b31caa3f12 set zap logging to wsproxy 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-07 13:33:39 +08:00
Benjamin Wang
e6c2e380a9 security: remove password after authenticating the user 
fix https://nvd.nist.gov/vuln/detail/CVE-2021-28235

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-04-06 20:12:02 +09:00
Hitoshi Mitake
e6eeca6885 server/auth: disallow creating empty permission ranges 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com>
 2023-04-03 22:55:55 +09:00
Marek Siarkowicz
073c530989 server: Fix defer function closure escape 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-30 16:01:29 +02:00
Marek Siarkowicz
c0421c7330 server: Add --listen-client-http-urls flag to allow running grpc server separate from http server 
Difference in load configuration for watch delay tests show how huge the
impact is. Even with random write scheduler grpc under http
server can only handle 500 KB with 2 seconds delay. On the other hand,
separate grpc server easily hits 10, 100 or even 1000 MB within 100 miliseconds.

Priority write scheduler that was used in most previous releases
is far worse than random one.

Tests configured to only 5 MB to avoid flakes and taking too long to fill
etcd.

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-30 15:53:11 +02:00
Marek Siarkowicz
2d5f48a7ef server: Pick one address that all grpc gateways connect to 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-30 15:11:59 +02:00
Marek Siarkowicz
a9e0a04c9a server: Extract resolveUrl helper function 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-30 15:11:59 +02:00
Marek Siarkowicz
245067b15d server: Separate client listener grouping from serving 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-30 15:11:59 +02:00
Marek Siarkowicz
63576a25f5 refactor: Use proper variable names for urls 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-30 15:11:58 +02:00
engow
f7ac9dfcd6 sever/auth: fix addUserWithNoOption of store_test 
Signed-off-by: engow <engow@hotmail.com>
 2023-03-30 19:13:33 +08:00
tangcong
dcb1bf6078 server/auth: fix auth panic bug when user changes password 
Signed-off-by: tangcong <tangcong506@foxmail.com>
Signed-off-by: engow <engow@hotmail.com>
 2023-03-30 19:13:33 +08:00
Wei Fu
9e974792f9 server/embed: fix data race when start insecure grpc 
There are two goroutines accessing the `gs` grpc server var. Before
insecure `gs` server start, the `gs` can be changed to secure server and
then the client will fail to connect to etcd with insecure request. It
is data-race. We should use argument for reference in the new goroutine.

fix: #15495

Signed-off-by: Wei Fu <fuweid89@gmail.com>
(cherry picked from commit a9988e2625eede1af81d189b5f2ecf7d4af3edf1)
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-20 20:41:49 +08:00
Marek Siarkowicz
92e56ab61e server: Test watch restore 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-20 12:04:43 +01:00
Bogdan Kanivets
dafdaaedf2 mvcc: update minRev when watcher stays synced 
Problem: during restore in watchableStore.Restore, synced watchers are moved to unsynced.
minRev will be behind since it's not updated when watcher stays synced.

Solution: update minRev

fixes: https://github.com/etcd-io/etcd/issues/15271
Signed-off-by: Bogdan Kanivets <bkanivets@apple.com>
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-20 12:02:49 +01:00
Benjamin Wang
11ca1d356a
Merge pull request #15483 from jmhbnz/release-3.5-backport 
[3.5] Backport tls 1.3 support
 2023-03-16 06:06:45 +08:00
James Blair
358bcf3fb6
Backport tls 1.3 support. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-03-15 14:10:14 +13:00
Marek Siarkowicz
55bfad950c server: Switch back to random scheduler to improve resilience to watch starvation 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-14 09:16:46 +01:00
James Blair
1ea808b5ba
Backport go_srcs_in_module changes and fix goword failures. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-24 22:01:41 +13:00
James Blair
183af509f6
Formatted source code for go 1.19.6. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 21:33:59 +13:00
James Blair
1bd835383b
Bump to go 1.19.6 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 12:52:43 +13:00
James Blair
5996b5faa3
Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 12:51:17 +13:00
Benjamin Wang
452164a1c7 etcdserver: add failpoints walBeforeSync and walAfterSync 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-02-09 07:03:04 +08:00
Paco Xu
2a0ecd4078 upgrade cockroachdb/datadriven to v1.0.2 to remove archived dependencies 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-01-31 14:42:15 +08:00
Benjamin Wang
747de58414 bump bbolt to v1.3.7 for release-3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-31 07:12:46 +08:00
Marek Siarkowicz
215b53cf3b version: bump up to 3.5.7 2023-01-20 11:15:12 +01:00
Benjamin Wang
53300ece3b etcdserver: return membership.ErrIDNotFound when the memberID not found 
Backport https://github.com/etcd-io/etcd/pull/15095.

When promoting a learner, we need to wait until the leader's applied ID
catches up to the commitId. Afterwards, check whether the learner ID
exist or not, and return `membership.ErrIDNotFound` directly in the API
if the member ID not found, to avoid the request being unnecessarily
delivered to raft.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-17 06:24:27 +08:00
Benjamin Wang
e1fc545d8a etcdserver: process the scenaro of the last WAL record being partially synced to disk 
We need to return io.ErrUnexpectedEOF in the error chain, so that
etcdserver can repair it automatically.

Backport https://github.com/etcd-io/etcd/pull/15068

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-08 05:30:01 +08:00
Benjamin Wang
a612b9285f format the source code and tidy the dependencies using go 1.17.13 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 13:26:59 +08:00
Benjamin Wang
69ee8a83ab bump go version to 1.17.13 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 13:23:16 +08:00
Benjamin Wang
3337f35f17 deps: bump golang.org/x/net to v0.4.0 to address CVEs 
CVE-2021-44716
CVE-2022-27664

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 09:28:07 +08:00
Benjamin Wang
c1a89973f0 etcdserver: fix nil pointer panic for readonly txn 
Backporting https://github.com/etcd-io/etcd/pull/14895

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-06 18:16:49 +08:00
Chao Chen
378ad6b517 [3.5] Backport: non mutating requests pass through quotaKVServer when NOSPACE 
Signed-off-by: Vaibhav Mehta <mehvaibh@amazon.com>
 2022-12-05 21:04:09 +00:00
Benjamin Wang
ba122c9d56 etcdserver: intentionally set the memberID as 0 in corruption alarm 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-25 16:23:37 +08:00
Marek Siarkowicz
cecbe35ce0 version: bump up to 3.5.6 2022-11-21 15:54:14 +01:00
Aleksandr Razumov
c91978077b client/pkg/fileutil: add missing logger to {Create,Touch}DirAll 
Also populate it to every invocation.

Signed-off-by: WangXiaoxiao <1141195807@qq.com>
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-11-17 14:08:30 +01:00
Benjamin Wang
563713e128 etcdserver: call the OnPreCommitUnsafe in unsafeCommit 
`unsafeCommit` is called by both `(*batchTxBuffered) commit` and
`(*backend) defrag`. When users perform the defragmentation
operation, etcd doesn't update the consistent index. If etcd
crashes(e.g. panicking) in the process for whatever reason, then
etcd replays the WAL entries starting from the latest snapshot,
accordingly it may re-apply entries which might have already been
applied, eventually the revision isn't consistent with other members.

Refer to discussion in https://github.com/etcd-io/etcd/pull/14685

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-11 17:35:26 +08:00
Cenk Alti
be4adc0c55
server: add more context to panic message 
Signed-off-by: Cenk Alti <cenkalti@gmail.com>
 2022-11-01 19:02:32 -04:00
Hitoshi Mitake
1e96e0be38 etcdserver: call refreshRangePermCache on Recover() in AuthStore. #14574 
Signed-off-by: Oleg Guba <oleg@dropbox.com>
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
 2022-10-29 13:56:08 +09:00
Hitoshi Mitake
efb9480b96 server: add a unit test case for authStore.Reocver() with empty rangePermCache 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
 2022-10-29 13:26:31 +09:00
Benjamin Wang
ec6f0a74ba
Merge pull request #14500 from dusk125/release-3.5 
Release-3.5: server/etcdmain: add configurable cipher list to gRPC proxy listener
 2022-10-16 06:35:17 +08:00
Benjamin Wang
f6c4c84da3 etcdserver: added more debug log for the purgeFile goroutine 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-10-12 19:28:32 +08:00
Kafuu Chino
dd983c662b *: avoid closing a watch with ID 0 incorrectly 
Signed-off-by: Kafuu Chino <KafuuChinoQ@gmail.com>

add test

1

1

1

1

1

1
 2022-10-08 20:06:19 +08:00
Hitoshi Mitake
7b568f23ab *: handle auth invalid token and old revision errors in watch 
Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
 2022-10-03 23:00:13 +09:00
Sahdev Zala
db55011d7c server/etcdmain: add configurable cipher list to gRPC proxy listener 
Signed-off-by: Allen Ray <alray@redhat.com>
 2022-09-29 11:41:57 -04:00
Haimantika Mitra
653d6e18c3
Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt/v4 
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-09-19 15:35:08 -04:00
Marek Siarkowicz
19002cfc68 version: bump up to 3.5.5 2022-09-15 14:02:30 +02:00
Benjamin Wang
6c26693ebe
Merge pull request #14178 from lavacat/release-3.5-txn-panic 
[3.5] server: don't panic in readonly serializable txn
 2022-09-13 14:44:38 +08:00