Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth, etcdserver: separate auth checking apply from core apply #5672

Merged
merged 1 commit into from
Jun 15, 2016
Merged

auth, etcdserver: separate auth checking apply from core apply #5672

merged 1 commit into from
Jun 15, 2016

Conversation

heyitsanthony
Copy link
Contributor

/cc @mitake @xiang90

this is what I was suggesting in #5666 but it can wait until after the txn stuff is merged

@mitake
Copy link
Contributor

mitake commented Jun 15, 2016

@heyitsanthony thanks! I think adding permission checking of txn to this PR will be easier. I'll close #5666

mitake
mitake reviewed Jun 15, 2016
View reviewed changes
etcdserver/apply_auth.go
if !aa.as.IsPutPermitted(aa.user, r.Key) {
return nil, auth.ErrPermissionDenied
}
return aa.applierV3.Put(txnID, r)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about clearing aa.user after checking for ensuring the field is not used more than once?

@mitake
Copy link
Contributor

mitake commented Jun 15, 2016

@heyitsanthony lgtm (CI failure isn't related to the change)

xiang90
xiang90 reviewed Jun 15, 2016
View reviewed changes
etcdserver/apply_auth.go

func (aa *authApplierV3) username(r *pb.InternalRaftRequest) (string, error) {
user := r.Header.Username
if needAdminPermission(r) && !aa.as.IsAdminPermitted(user) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i do not feel the admin checking should be instead the username func. move this to line32 right after calling username?

@xiang90
Copy link
Contributor

xiang90 commented Jun 15, 2016

LGTM

@heyitsanthony heyitsanthony merged commit b98fa06 into etcd-io:master Jun 15, 2016
@heyitsanthony heyitsanthony deleted the applier-auth-layer branch June 16, 2016 00:02
@gyuho gyuho mentioned this pull request Nov 7, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@heyitsanthony @mitake @xiang90