mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
001efa0639
stub out security further wip Last stub before CRUD for roles Complete role merging start tests add Godep for golang.org/x/crypto/bcrypt first round of comments add tests, remove root addition (will be added back as part of creation) Add security checks for /v2/machines and /v2/keys Allow non-root to determine if security is enabled, get machine list. Responding to comments, remove multiple verbs (like /v2/security/user/foo/password) add some prefixes to the logging
78 lines
2.3 KiB
Go
78 lines
2.3 KiB
Go
// Copyright 2015 CoreOS, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package etcdhttp
|
|
|
|
import (
|
|
"errors"
|
|
"log"
|
|
"math"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
etcdErr "github.com/coreos/etcd/error"
|
|
"github.com/coreos/etcd/etcdserver/etcdhttp/httptypes"
|
|
"github.com/coreos/etcd/etcdserver/security"
|
|
)
|
|
|
|
const (
|
|
// time to wait for response from EtcdServer requests
|
|
// 5s for disk and network delay + 10*heartbeat for commit and possible
|
|
// leader switch
|
|
// TODO: use heartbeat set in etcdserver
|
|
defaultServerTimeout = 5*time.Second + 10*(100*time.Millisecond)
|
|
|
|
// time to wait for a Watch request
|
|
defaultWatchTimeout = time.Duration(math.MaxInt64)
|
|
)
|
|
|
|
var errClosed = errors.New("etcdhttp: client closed connection")
|
|
|
|
// writeError logs and writes the given Error to the ResponseWriter
|
|
// If Error is an etcdErr, it is rendered to the ResponseWriter
|
|
// Otherwise, it is assumed to be an InternalServerError
|
|
func writeError(w http.ResponseWriter, err error) {
|
|
if err == nil {
|
|
return
|
|
}
|
|
switch e := err.(type) {
|
|
case *etcdErr.Error:
|
|
e.WriteTo(w)
|
|
case *httptypes.HTTPError:
|
|
e.WriteTo(w)
|
|
case security.MergeError:
|
|
herr := httptypes.NewHTTPError(http.StatusBadRequest, e.Error())
|
|
herr.WriteTo(w)
|
|
default:
|
|
log.Printf("etcdhttp: unexpected error: %v", err)
|
|
herr := httptypes.NewHTTPError(http.StatusInternalServerError, "Internal Server Error")
|
|
herr.WriteTo(w)
|
|
}
|
|
}
|
|
|
|
// allowMethod verifies that the given method is one of the allowed methods,
|
|
// and if not, it writes an error to w. A boolean is returned indicating
|
|
// whether or not the method is allowed.
|
|
func allowMethod(w http.ResponseWriter, m string, ms ...string) bool {
|
|
for _, meth := range ms {
|
|
if m == meth {
|
|
return true
|
|
}
|
|
}
|
|
w.Header().Set("Allow", strings.Join(ms, ","))
|
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
|
|
return false
|
|
}
|