Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,198 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
cfz
b12f8c12ce server/auth: enable tokenProvider if recoved store enables auth 
we found a lease leak issue:
if a new member(by member add) is recovered by snapshot, and then
become leader, the lease will never expire afterwards. leader will
log the revoke failure caused by "invalid auth token", since the
token provider is not functional, and drops all generated token
from upper layer, which in this case, is the lease revoking
routine.
 2021-07-11 01:17:08 +08:00
Piotr Tabor
33b2cdb957
Merge pull request #13162 from serathius/auth 
etcdserver: Move read/update methods on Auth bucket to one place
 2021-07-03 11:33:07 +02:00
Marek Siarkowicz
0c701fb9f3 etcdserver: Move all get/put/delete on AuthUsers and AuthRoles to buckets module 2021-07-01 12:12:15 +02:00
Marek Siarkowicz
b2e08fbfd4 etcdserver: Move read/update methods on Auth bucket to one place 2021-06-29 18:02:11 +02:00
Marek Siarkowicz
f79d09d48b etcdserver: Move all named keys to buckets module 2021-06-28 16:40:50 +02:00
J. David Lowe
115c694af6 etcdserver: don't attempt to grant nil permission to a role 
Prevent etcd from crashing when given a bad grant payload, e.g.:

$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add
{"header":{"cluster_id":"14841639068965178418", ...
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant
curl: (52) Empty reply from server
 2021-06-04 14:20:02 -07:00
赵延
64b01a7a8d
Enhance the root permission, when root role exist, it always return rootPerm. (#13006) 
etcdctl role grant-permission root readwrite foo.
see etcdctl role get root output.
Before:
Role root
KV Read:
        foo
KV Write:
        foo
After:
Role root
KV Read:
        [, <open ended>
KV Write:
        [, <open ended>
 2021-05-24 14:58:00 -07:00
Piotr Tabor
66752fef2f Represent bucket as object instead of []byte name. 
Thanks to this change:
  - all the maps bucket -> buffer are indexed by int's instead of
string. No need to do: byte[] -> string -> hash conversion on each
access.
  - buckets are strongly typed in backend/mvcc API.
 2021-05-18 18:58:53 +02:00
Piotr Tabor
fe3254aee3 Remove explicit authStore->ConsistencyIndex updates, as they are taken care by hook. 2021-05-04 15:38:23 +02:00
Piotr Tabor
ffea1537d4 ClientV3 tests use integration.NewClient that configures proper logger. 2021-04-29 18:18:34 +02:00
Piotr Tabor
d7d110b5a8 mvcc/backend tests: Refactor: Do not mix testing&prod code. 2021-04-21 09:43:13 +02:00
Piotr Tabor
3bb7acc8cf Migrate dependencies pkg/foo -> client/pkg/foo 2021-04-07 00:38:47 +02:00
Piotr Tabor
03f55eeb2c Make NewTmpBackend use testing tmp location (so cleanup). 2021-03-26 13:54:55 +01:00
Dan Lorenc
5b90402082 Switch from dgrijalva/jwt-go to form3tech-oss/jwt-go. 
dgrijalva/jwt-go has been abandoned and contains several serious
security issues. Most projects are now switching to the form3tech fork.

See https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 for
info on the issues.

Signed-off-by: Dan Lorenc <dlorenc@google.com>
 2021-01-10 08:04:20 -06:00
Piotr Tabor
aaf423e962 server: Update imports. 
find -name '*.go' | xargs sed -i --follow-symlinks 's|etcd/v3/|etcd/server/v3/|g'
 2020-10-26 13:02:32 +01:00
Piotr Tabor
4a5e9d1261 server: Move server files to 'server' directory. 
26  git mv mvcc wal auth etcdserver etcdmain proxy embed/ lease/ server
   36  git mv go.mod go.sum server
 2020-10-26 12:57:19 +01:00