mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
5a67dd788d
This commit adds a feature for creating a user without password. The purpose of the feature is reducing attack surface by configuring bad passwords (CN based auth will be allowed for the user). The feature can be used with `--no-password` of `etcdctl user add` command. Fix https://github.com/coreos/etcd/issues/9590
43 lines
822 B
Protocol Buffer
43 lines
822 B
Protocol Buffer
syntax = "proto3";
|
|
package authpb;
|
|
|
|
import "gogoproto/gogo.proto";
|
|
|
|
option (gogoproto.marshaler_all) = true;
|
|
option (gogoproto.sizer_all) = true;
|
|
option (gogoproto.unmarshaler_all) = true;
|
|
option (gogoproto.goproto_getters_all) = false;
|
|
option (gogoproto.goproto_enum_prefix_all) = false;
|
|
|
|
message UserAddOptions {
|
|
bool no_password = 1;
|
|
};
|
|
|
|
// User is a single entry in the bucket authUsers
|
|
message User {
|
|
bytes name = 1;
|
|
bytes password = 2;
|
|
repeated string roles = 3;
|
|
UserAddOptions options = 4;
|
|
}
|
|
|
|
// Permission is a single entity
|
|
message Permission {
|
|
enum Type {
|
|
READ = 0;
|
|
WRITE = 1;
|
|
READWRITE = 2;
|
|
}
|
|
Type permType = 1;
|
|
|
|
bytes key = 2;
|
|
bytes range_end = 3;
|
|
}
|
|
|
|
// Role is a single entry in the bucket authRoles
|
|
message Role {
|
|
bytes name = 1;
|
|
|
|
repeated Permission keyPermission = 2;
|
|
}
|