cfz
b12f8c12ce
server/auth: enable tokenProvider if recoved store enables auth
...
we found a lease leak issue:
if a new member(by member add) is recovered by snapshot, and then
become leader, the lease will never expire afterwards. leader will
log the revoke failure caused by "invalid auth token", since the
token provider is not functional, and drops all generated token
from upper layer, which in this case, is the lease revoking
routine.
2021-07-11 01:17:08 +08:00
Piotr Tabor
33b2cdb957
Merge pull request #13162 from serathius/auth
...
etcdserver: Move read/update methods on Auth bucket to one place
2021-07-03 11:33:07 +02:00
Marek Siarkowicz
0c701fb9f3
etcdserver: Move all get/put/delete on AuthUsers and AuthRoles to buckets module
2021-07-01 12:12:15 +02:00
Marek Siarkowicz
b2e08fbfd4
etcdserver: Move read/update methods on Auth bucket to one place
2021-06-29 18:02:11 +02:00
Marek Siarkowicz
f79d09d48b
etcdserver: Move all named keys to buckets module
2021-06-28 16:40:50 +02:00
J. David Lowe
115c694af6
etcdserver: don't attempt to grant nil permission to a role
...
Prevent etcd from crashing when given a bad grant payload, e.g.:
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add
{"header":{"cluster_id":"14841639068965178418", ...
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant
curl: (52) Empty reply from server
2021-06-04 14:20:02 -07:00
赵延
64b01a7a8d
Enhance the root permission, when root role exist, it always return rootPerm. ( #13006 )
...
etcdctl role grant-permission root readwrite foo.
see etcdctl role get root output.
Before:
Role root
KV Read:
foo
KV Write:
foo
After:
Role root
KV Read:
[, <open ended>
KV Write:
[, <open ended>
2021-05-24 14:58:00 -07:00
Piotr Tabor
66752fef2f
Represent bucket as object instead of []byte name.
...
Thanks to this change:
- all the maps bucket -> buffer are indexed by int's instead of
string. No need to do: byte[] -> string -> hash conversion on each
access.
- buckets are strongly typed in backend/mvcc API.
2021-05-18 18:58:53 +02:00
Piotr Tabor
fe3254aee3
Remove explicit authStore->ConsistencyIndex updates, as they are taken care by hook.
2021-05-04 15:38:23 +02:00
Piotr Tabor
aaf423e962
server: Update imports.
...
find -name '*.go' | xargs sed -i --follow-symlinks 's|etcd/v3/|etcd/server/v3/|g'
2020-10-26 13:02:32 +01:00
Piotr Tabor
4a5e9d1261
server: Move server files to 'server' directory.
...
26 git mv mvcc wal auth etcdserver etcdmain proxy embed/ lease/ server
36 git mv go.mod go.sum server
2020-10-26 12:57:19 +01:00
