f9f691ef1f
auth: use quorum get for GetUser/GetRole for mutable operations
...
GetUser would not propagate to the minority node, causing TestCtlV2GetRoleUser to
run CreateUser instead of UpdateUser. Instead, use quorum get to fetch the
current state of auth.
Fixes #7069
2017-01-04 11:55:07 -08:00
962433c17f
*: set repo correctly for logging
2016-10-03 17:03:22 +08:00
abb4cd5646
etcdserver: update LICENSE header
2016-05-12 20:49:40 -07:00
07685bcf97
etcdserver/auth: check empty password in merge
...
Fix https://github.com/coreos/etcd/issues/5182 .
2016-04-26 15:37:15 -07:00
953a08d841
*: clean up from gosimple
2016-04-08 11:55:03 -07:00
bd832e5b0a
*: migrate Godeps to vendor/
2016-03-22 17:10:28 -07:00
0cf9cde1b4
etcdserver, auth: remove obsolete mutex
...
The removed mutex is obsolete because the enabled field is removed
in the commit b2d2c79a2f
2016-02-16 12:03:31 +09:00
b2d2c79a2f
etcdserver, auth: not cache a flag of auth status
...
This commit removes a flag that indicates auth is enabled or disabled
because it doesn't have an invalidation mechanism.
Fixes https://github.com/coreos/etcd/issues/3601 and https://github.com/coreos/etcd/issues/3964
2016-01-26 11:46:25 +09:00
0ff822bf22
etcdserver/auth: fix shadowed variables from go tool
...
Fixes for https://github.com/coreos/etcd/issues/3954 .
2015-12-12 09:20:26 -08:00
81229dbea9
*: add missing package descriptions
...
This adds and updates package descriptions in etcd projects.
And also deletes some duplicate LICENSE statements.
2015-11-17 20:54:10 -08:00
a1616afc5d
auth: use canonical path for pre-defined guest role
2015-11-15 17:58:09 -08:00
ee522025b3
etcdserver: restructure auth.Store and auth.User
...
This attempts to decouple password-related functions, which previously
existed both in the Store and User structs, by splitting them out into a
separate interface, PasswordStore. This means that they can be more
easily swapped out during testing.
This also changes the relevant tests to use mock password functions
instead of the bcrypt-backed implementations; as a result, the tests are
much faster.
Before:
```
github.com/coreos/etcd/etcdserver/auth 31.495s
github.com/coreos/etcd/etcdserver/etcdhttp 91.205s
```
After:
```
github.com/coreos/etcd/etcdserver/auth 1.207s
github.com/coreos/etcd/etcdserver/etcdhttp 1.207s
```
2015-10-30 16:33:40 -07:00
a8e6e71bf9
*: fix various data races detected by race detector
2015-10-26 20:49:37 -07:00
92cd24d5bd
*: fix govet shadow check failure
2015-08-27 14:15:30 -07:00
11a689d063
etcdserver/auth: cache auth enable result
2015-08-20 23:05:00 -07:00
dd1a8fe330
etcdhttp: Improve test coverage surrounding auth
2015-07-30 14:21:08 -04:00
2e41b4f9e1
etcdserver/auth: fix return value when creating root user
...
Before:
```
$ curl http://127.0.0.1:4001/v2/auth/users/root -XPUT -d '{"user": "root",
"password": "root"}'
{"user":"root","roles":null}
```
After:
```
{"user":"root","roles":["root"]}
```
2015-06-27 23:16:54 -07:00
39c10d1fe4
auth: improve test coverage
2015-06-25 14:25:08 -04:00
030d1bbf2d
auth: do not allow update root role
2015-06-23 20:15:08 -07:00
e291dfd748
etcdhttp: improve user endpoint validation
...
Giving both roles and grant/revoke is not allowed.
Creating an existing user is not allowed.
Updating a non-existing user is not allowed.
2015-06-23 14:38:44 -07:00
c8628c8fe5
auth: separate the role create and update path
...
Giving both permission and grant/revoke is not allowed.
Creating an existing role is not allowed.
Updating a non-existing is not allowed.
2015-06-23 13:15:32 -07:00
979f531261
auth: refactor updateRole
...
We will return error if revoke or grant fails to update the role.
No need to check if revoke or grant is nil or not.
2015-06-22 15:16:10 -07:00
3f82e7b116
auth: do not allow to grant duplicate role or revoke ungranted role to a user
2015-06-22 15:11:09 -07:00
c39aad0e92
etcdserver: use correct http status code for auth error
2015-06-22 09:28:47 -07:00
64ec8af91b
*: Rename security to auth
2015-06-15 18:18:50 -04:00
