Wei Fu 
							
						 
					 
					
						
						
						
						
							
						
						
							4704a5af3a 
							
						 
					 
					
						
						
							
							*: fix unused issue  
						
						... 
						
						
						
						Signed-off-by: Wei Fu <fuweid89@gmail.com> 
						
						
					 
					
						2023-09-25 19:37:18 +08:00 
						 
				 
			
				
					
						
							
							
								Wei Fu 
							
						 
					 
					
						
						
						
						
							
						
						
							aa97484166 
							
						 
					 
					
						
						
							
							*: enable goimports in verify-lint  
						
						... 
						
						
						
						Signed-off-by: Wei Fu <fuweid89@gmail.com> 
						
						
					 
					
						2023-09-21 21:14:09 +08:00 
						 
				 
			
				
					
						
							
							
								Wei Fu 
							
						 
					 
					
						
						
						
						
							
						
						
							9c3edfa0af 
							
						 
					 
					
						
						
							
							*: fix staticcheck lint  
						
						... 
						
						
						
						Changed TraceKey/StartTimeKey/TokenFieldNameGRPCKey to struct{} to
follow the correct usage of context. Similar patch to #8901 .
Signed-off-by: Wei Fu <fuweid89@gmail.com> 
						
						
					 
					
						2023-09-21 11:24:26 +08:00 
						 
				 
			
				
					
						
							
							
								chenyahui 
							
						 
					 
					
						
						
						
						
							
						
						
							c0aa3b613b 
							
						 
					 
					
						
						
							
							Use any instead of interface{}  
						
						... 
						
						
						
						Signed-off-by: chenyahui <cyhone@qq.com> 
						
						
					 
					
						2023-09-17 17:41:58 +08:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							53cbd81009 
							
						 
					 
					
						
						
							
							Separate Writer interface from BatchTx interfaces  
						
						... 
						
						
						
						Signed-off-by: Marek Siarkowicz <siarkowicz@google.com> 
						
						
					 
					
						2023-07-31 10:18:01 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							29769984e6 
							
						 
					 
					
						
						
							
							Remove RLock/RUnlock from BatchTx  
						
						... 
						
						
						
						Signed-off-by: Marek Siarkowicz <siarkowicz@google.com> 
						
						
					 
					
						2023-07-28 11:39:50 +02:00 
						 
				 
			
				
					
						
							
							
								Tom Wieczorek 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a8a9ebd281 
							
						 
					 
					
						
						
							
							auth: Support for EdDSA JWT algorithm  
						
						... 
						
						
						
						The golang-jwt library supports this already, so supporting it is just a
matter of wiring things up.
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com> 
						
						
					 
					
						2023-07-05 11:33:08 +02:00 
						 
				 
			
				
					
						
							
							
								Owayss Kabtoul 
							
						 
					 
					
						
						
						
						
							
						
						
							1c18c86e18 
							
						 
					 
					
						
						
							
							tests: increases unit test coverage for etcd/server/auth isRangeOpPermitted  
						
						... 
						
						
						
						Signed-off-by: Owayss Kabtoul <owayssk@gmail.com> 
						
						
					 
					
						2023-04-20 13:39:08 +02:00 
						 
				 
			
				
					
						
							
							
								ArkaSaha30 
							
						 
					 
					
						
						
						
						
							
						
						
							a1fa3bfe51 
							
						 
					 
					
						
						
							
							Add test cases for malformed jwt fix  
						
						... 
						
						
						
						Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com> 
						
						
					 
					
						2023-04-10 09:38:49 +05:30 
						 
				 
			
				
					
						
							
							
								Lanre Adelowo 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							386aedef51 
							
						 
					 
					
						
						
							
							[WIP]server/auth:fix panic on identical JWT token generation and auth  
						
						... 
						
						
						
						Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com> 
						
						
					 
					
						2023-04-04 18:01:55 +05:30 
						 
				 
			
				
					
						
							
							
								Hitoshi Mitake 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							4da39e4b1e 
							
						 
					 
					
						
						
							
							Merge pull request  #15294  from mitake/range-check  
						
						... 
						
						
						
						server/auth: disallow creating empty permission ranges 
						
						
					 
					
						2023-04-03 09:03:50 +09:00 
						 
				 
			
				
					
						
							
							
								tangcong 
							
						 
					 
					
						
						
						
						
							
						
						
							ad72900dad 
							
						 
					 
					
						
						
							
							server/auth: fix auth panic bug when user changes password  
						
						... 
						
						
						
						Signed-off-by: tangcong <tangcong506@foxmail.com> 
						
						
					 
					
						2023-03-12 20:49:09 +08:00 
						 
				 
			
				
					
						
							
							
								Hitoshi Mitake 
							
						 
					 
					
						
						
						
						
							
						
						
							65eeb7ff17 
							
						 
					 
					
						
						
							
							server/auth: disallow creating empty permission ranges  
						
						... 
						
						
						
						Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com>
Co-authored-by: Benjamin Wang <wachao@vmware.com> 
						
						
					 
					
						2023-02-27 22:55:36 +09:00 
						 
				 
			
				
					
						
							
							
								Piotr Tabor 
							
						 
					 
					
						
						
						
						
							
						
						
							9abc895122 
							
						 
					 
					
						
						
							
							Goimports: Apply automated fixing to test files as well.  
						
						... 
						
						
						
						Signed-off-by: Piotr Tabor <ptab@google.com> 
						
						
					 
					
						2022-12-29 13:04:45 +01:00 
						 
				 
			
				
					
						
							
							
								Piotr Tabor 
							
						 
					 
					
						
						
						
						
							
						
						
							9e1abbab6e 
							
						 
					 
					
						
						
							
							Fix goimports in all existing files. Execution of ./scripts/fix.sh  
						
						... 
						
						
						
						Signed-off-by: Piotr Tabor <ptab@google.com> 
						
						
					 
					
						2022-12-29 09:41:31 +01:00 
						 
				 
			
				
					
						
							
							
								Bhargav Ravuri 
							
						 
					 
					
						
						
						
						
							
						
						
							2feec4fe68 
							
						 
					 
					
						
						
							
							comments: fix comments as per goword in go test files  
						
						... 
						
						
						
						Comments fixed as per goword in go test files that shell
function go_srcs_in_module lists as per changes on #14827 
Helps in #14827 
Signed-off-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io> 
						
						
					 
					
						2022-11-23 23:05:42 +05:30 
						 
				 
			
				
					
						
							
							
								Hitoshi Mitake 
							
						 
					 
					
						
						
						
						
							
						
						
							b7146f8f33 
							
						 
					 
					
						
						
							
							server: add a unit test case for authStore.Reocver() with empty rangePermCache  
						
						... 
						
						
						
						Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com> 
						
						
					 
					
						2022-10-29 12:54:34 +09:00 
						 
				 
			
				
					
						
							
							
								Oleg Guba 
							
						 
					 
					
						
						
						
						
							
						
						
							fbed8cb645 
							
						 
					 
					
						
						
							
							etcdserver: call refreshRangePermCache on Recover() in AuthStore  
						
						... 
						
						
						
						Signed-off-by: Oleg Guba <oleg@dropbox.com> 
						
						
					 
					
						2022-10-27 15:05:05 -07:00 
						 
				 
			
				
					
						
							
							
								Benjamin Wang 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5344085338 
							
						 
					 
					
						
						
							
							Merge pull request  #14491  from ahrtr/bump_jwt_4.4.2  
						
						... 
						
						
						
						etcd: Bump golang-jwt/jwt/ version to 4.4.2 
						
						
					 
					
						2022-09-20 10:18:44 +08:00 
						 
				 
			
				
					
						
							
							
								Benjamin Wang 
							
						 
					 
					
						
						
						
						
							
						
						
							09db6ec1d7 
							
						 
					 
					
						
						
							
							etcd: Bump golang-jwt/jwt/ version to 4.4.2  
						
						... 
						
						
						
						github.com/golang-jwt/jwt adds go mod support startig from 4.0.0,
and it's backwards-compatible with existing v3.x.y tags.
Signed-off-by: Benjamin Wang <wachao@vmware.com> 
						
						
					 
					
						2022-09-20 04:06:47 +08:00 
						 
				 
			
				
					
						
							
							
								demoManito 
							
						 
					 
					
						
						
						
						
							
						
						
							72cf0cc04a 
							
						 
					 
					
						
						
							
							etcd: modify declaring empty slices  
						
						... 
						
						
						
						declare an empty slice to var s []int replace  s :=[]int{}, https://github.com/golang/go/wiki/CodeReviewComments#declaring-empty-slices 
Signed-off-by: demoManito <1430482733@qq.com> 
						
						
					 
					
						2022-09-16 14:41:14 +08:00 
						 
				 
			
				
					
						
							
							
								vivekpatani 
							
						 
					 
					
						
						
						
						
							
						
						
							ae608da7e6 
							
						 
					 
					
						
						
							
							server,test: refresh cache on each NewAuthStore  
						
						... 
						
						
						
						- permissions were incorrectly loaded on restarts.
- https://github.com/etcd-io/etcd/issues/14355 
Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com> 
						
						
					 
					
						2022-08-23 20:11:47 -07:00 
						 
				 
			
				
					
						
							
							
								Chao Chen 
							
						 
					 
					
						
						
						
						
							
						
						
							ccd4efc3b3 
							
						 
					 
					
						
						
							
							logging RoleGrantPermission key and range end  
						
						... 
						
						
						
						Signed-off-by: Chao Chen <chaochn@amazon.com> 
						
						
					 
					
						2022-08-10 14:51:25 -07:00 
						 
				 
			
				
					
						
							
							
								jianfei.zhang 
							
						 
					 
					
						
						
						
						
							
						
						
							c26d7f5389 
							
						 
					 
					
						
						
							
							fix: code cleanup  
						
						... 
						
						
						
						Signed-off-by: jianfei.zhang <jianfei.zhang@daocloud.io> 
						
						
					 
					
						2022-07-26 22:07:22 +08:00 
						 
				 
			
				
					
						
							
							
								Hitoshi Mitake 
							
						 
					 
					
						
						
						
						
							
						
						
							de09174a3f 
							
						 
					 
					
						
						
							
							server/auth: protect rangePermCache with a RW lock  
						
						... 
						
						
						
						Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com> 
						
						
					 
					
						2022-07-02 23:23:13 +09:00 
						 
				 
			
				
					
						
							
							
								ahrtr 
							
						 
					 
					
						
						
						
						
							
						
						
							e155e50886 
							
						 
					 
					
						
						
							
							rename LockWithoutHook to LockOutsideApply and add LockInsideApply  
						
						
						
						
					 
					
						2022-04-07 05:35:13 +08:00 
						 
				 
			
				
					
						
							
							
								ahrtr 
							
						 
					 
					
						
						
						
						
							
						
						
							7ac995cdde 
							
						 
					 
					
						
						
							
							enhanced authBackend to support authReadTx  
						
						
						
						
					 
					
						2022-04-07 05:35:13 +08:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							804fddf921 
							
						 
					 
					
						
						
							
							tests: Use zaptest.NewLogger in tests  
						
						
						
						
					 
					
						2022-04-04 13:03:15 +02:00 
						 
				 
			
				
					
						
							
							
								Hitoshi Mitake 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							43e39d362d 
							
						 
					 
					
						
						
							
							Merge pull request  #13301  from mitake/jwt-exp-log  
						
						... 
						
						
						
						server/auth: avoid logging for JWT token 
						
						
					 
					
						2022-03-23 22:39:28 +09:00 
						 
				 
			
				
					
						
							
							
								AdamKorcz 
							
						 
					 
					
						
						
						
						
							
						
						
							9d83325db8 
							
						 
					 
					
						
						
							
							server/auth: fix oss-fuzz issue 44478  
						
						
						
						
					 
					
						2022-02-11 10:51:01 +00:00 
						 
				 
			
				
					
						
							
							
								Hitoshi Mitake 
							
						 
					 
					
						
						
						
						
							
						
						
							2e74e4d636 
							
						 
					 
					
						
						
							
							server/auth: avoid logging for JWT token for a case of failed parsing  
						
						
						
						
					 
					
						2022-01-27 22:33:03 +09:00 
						 
				 
			
				
					
						
							
							
								Piotr Tabor 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b8c5d44a1d 
							
						 
					 
					
						
						
							
							Merge pull request  #13382  from ahrtr/public_key_match_issue  
						
						... 
						
						
						
						The public key doesn't match if any field doesn't match 
						
						
					 
					
						2022-01-15 17:14:02 +01:00 
						 
				 
			
				
					
						
							
							
								Piotr Tabor 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0285f74aea 
							
						 
					 
					
						
						
							
							Merge pull request  #13558  from gfuzz-asplos/main  
						
						... 
						
						
						
						fixing goroutine leaks 
						
						
					 
					
						2022-01-15 16:58:19 +01:00 
						 
				 
			
				
					
						
							
							
								Yap Sok Ann 
							
						 
					 
					
						
						
						
						
							
						
						
							17fd2e7282 
							
						 
					 
					
						
						
							
							Disable auth gracefully without impacting existing watchers  
						
						... 
						
						
						
						This attempts to fix a special case of the problem described in #12385 ,
where trying to do `clientv3.Watch` with an expired token would result
in `ErrGRPCPermissionDenied`, due to the failing authorization check in
`isWatchPermitted`. Furthermore, the client can't auto recover, since
`shouldRefreshToken` rightly returns false for the permission denied
error.
In this case, we would like to have a runbook to dynamically disable
auth, without causing any disruption. Doing so would immediately expire
all existing tokens, which would then cause the behavior described
above. This means existing watchers would still work for a period of
time after disabling auth, until they have to reconnect, e.g. due to a
rolling restart of server nodes.
This commit adds a client-side fix and a server-side fix, either of
which is sufficient to get the added test case to pass. Note that it is
an e2e test case instead of an integration one, as the reconnect only
happens if the server node is stopped via SIGINT or SIGTERM.
A generic fix for the problem described in #12385  would be better, as
that shall also fix this special case. However, the fix would likely be
a lot more involved, as some untangling of authn/authz is required. 
						
						
					 
					
						2021-12-31 14:39:46 +07:00 
						 
				 
			
				
					
						
							
							
								Linhai 
							
						 
					 
					
						
						
						
						
							
						
						
							98b0d901e8 
							
						 
					 
					
						
						
							
							fixing goroutine leaks  
						
						
						
						
					 
					
						2021-12-24 15:57:38 -05:00 
						 
				 
			
				
					
						
							
							
								ahrtr 
							
						 
					 
					
						
						
						
						
							
						
						
							63ff6d403d 
							
						 
					 
					
						
						
							
							correct the public key comparison logic  
						
						
						
						
					 
					
						2021-11-25 05:57:55 +08:00 
						 
				 
			
				
					
						
							
							
								Eng Zer Jun 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2a151c8982 
							
						 
					 
					
						
						
							
							*: move from io/ioutil to io and os packages  
						
						... 
						
						
						
						The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil . This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 
						
						
					 
					
						2021-10-28 00:05:28 +08:00 
						 
				 
			
				
					
						
							
							
								Haimantika Mitra 
							
						 
					 
					
						
						
						
						
							
						
						
							c10d50c4b3 
							
						 
					 
					
						
						
							
							Replace github.com/form3tech-oss/jwt-go with  https://github.com/golang-jwt/jwt  
						
						... 
						
						
						
						Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>
Made required adjustments to the go.sum file
Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>
Changed go.sum file in the server directory
Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>
Removed the white space
Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>
Made required changes
Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>
Trying to fix the fails
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Removed error
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Fixed bill-of-materials.json file
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Changed go.mod with recent version
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Newer version changes
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Changes to etcdutl directory
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com> 
						
						
					 
					
						2021-08-03 13:49:47 +05:30 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							bc16461995 
							
						 
					 
					
						
						
							
							server: Use zaptest in bucket tests and move backendMock to separate file  
						
						
						
						
					 
					
						2021-07-20 18:12:02 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							a0554a6bd3 
							
						 
					 
					
						
						
							
							etcdserver: Create AuthBackend interface  
						
						
						
						
					 
					
						2021-07-20 18:09:53 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							a97e48e08d 
							
						 
					 
					
						
						
							
							Cleanup references to bucket module  
						
						
						
						
					 
					
						2021-07-20 17:50:47 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							5b6f4579fb 
							
						 
					 
					
						
						
							
							server: Rename buckets to schema  
						
						
						
						
					 
					
						2021-07-12 15:37:21 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							5e40a8b00c 
							
						 
					 
					
						
						
							
							server: Create storage package and move mvcc files to it  
						
						
						
						
					 
					
						2021-07-12 15:37:21 +02:00 
						 
				 
			
				
					
						
							
							
								cfz 
							
						 
					 
					
						
						
						
						
							
						
						
							b12f8c12ce 
							
						 
					 
					
						
						
							
							server/auth: enable tokenProvider if recoved store enables auth  
						
						... 
						
						
						
						we found a lease leak issue:
if a new member(by member add) is recovered by snapshot, and then
become leader, the lease will never expire afterwards. leader will
log the revoke failure caused by "invalid auth token", since the
token provider is not functional, and drops all generated token
from upper layer, which in this case, is the lease revoking
routine. 
						
						
					 
					
						2021-07-11 01:17:08 +08:00 
						 
				 
			
				
					
						
							
							
								Piotr Tabor 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							33b2cdb957 
							
						 
					 
					
						
						
							
							Merge pull request  #13162  from serathius/auth  
						
						... 
						
						
						
						etcdserver: Move read/update methods on Auth bucket to one place 
						
						
					 
					
						2021-07-03 11:33:07 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							0c701fb9f3 
							
						 
					 
					
						
						
							
							etcdserver: Move all get/put/delete on AuthUsers and AuthRoles to buckets module  
						
						
						
						
					 
					
						2021-07-01 12:12:15 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							b2e08fbfd4 
							
						 
					 
					
						
						
							
							etcdserver: Move read/update methods on Auth bucket to one place  
						
						
						
						
					 
					
						2021-06-29 18:02:11 +02:00 
						 
				 
			
				
					
						
							
							
								Marek Siarkowicz 
							
						 
					 
					
						
						
						
						
							
						
						
							f79d09d48b 
							
						 
					 
					
						
						
							
							etcdserver: Move all named keys to buckets module  
						
						
						
						
					 
					
						2021-06-28 16:40:50 +02:00 
						 
				 
			
				
					
						
							
							
								J. David Lowe 
							
						 
					 
					
						
						
						
						
							
						
						
							115c694af6 
							
						 
					 
					
						
						
							
							etcdserver: don't attempt to grant nil permission to a role  
						
						... 
						
						
						
						Prevent etcd from crashing when given a bad grant payload, e.g.:
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add 
{"header":{"cluster_id":"14841639068965178418", ...
$ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant 
curl: (52) Empty reply from server 
						
						
					 
					
						2021-06-04 14:20:02 -07:00 
						 
				 
			
				
					
						
							
							
								赵延 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							64b01a7a8d 
							
						 
					 
					
						
						
							
							Enhance the root permission, when root role exist, it always return rootPerm. ( #13006 )  
						
						... 
						
						
						
						etcdctl role grant-permission root readwrite foo.
see etcdctl role get root output.
Before:
Role root
KV Read:
        foo
KV Write:
        foo
After:
Role root
KV Read:
        [, <open ended>
KV Write:
        [, <open ended> 
						
						
					 
					
						2021-05-24 14:58:00 -07:00