Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: fix server-side lease expire when auth is enabled #9018

Merged
merged 3 commits into from
Dec 15, 2017
Merged

*: fix server-side lease expire when auth is enabled #9018

merged 3 commits into from
Dec 15, 2017

Conversation

gyuho
Copy link
Contributor

@gyuho gyuho commented Dec 15, 2017
edited
Loading

When auth is enabled, lease revoke loop was broken because we were embedding the token in the wrong way.

Address #9006.

@gyuho gyuho mentioned this pull request Dec 15, 2017
Closed
@gyuho gyuho requested a review from mitake December 15, 2017 05:36
mitake
mitake suggested changes Dec 15, 2017
View reviewed changes
Copy link
Contributor

@mitake mitake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm other than minor error reporting styles.

auth/store_test.go Outdated

ai, aerr := as.AuthInfoFromCtx(ctx)
if aerr != nil {
t.Fatal(err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably we should use t.Error instead of t.Fatal? It is same to the below error cases.

integration/v3_auth_test.go Outdated
},
)
if terr != nil {
t.Fatal(terr)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be t.Error? Same to the below error cases.

@mitake
Copy link
Contributor

mitake commented Dec 15, 2017

@gyuho thanks for the fix. It seems to be interesting and terrible gRPC update. Does this mean we have no way to detect misusage of metadata.NewOutgoingContext() and metadata.NewIncomingContext() automatically and reliably?

@gyuho
Copy link
Contributor Author

gyuho commented Dec 15, 2017
edited
Loading

@mitake Yeah, it was pretty confusing gRPC update. Only way to prevent the misuse was having metadata tests on user-side.

@gyuho
auth: use NewIncomingContext for "WithRoot"
1f191a0 
"WithRoot" is only used within local node, and
"AuthInfoFromCtx" expects token from incoming context.
Embed token with "NewIncomingContext" so that token
can be found in "AuthInfoFromCtx".

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
@gyuho
etcdserver: log lease revoke error
85af65e 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
@gyuho
integration: add "TestV3AuthWithLeaseRevokeWithRoot"
9fb7bbd 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
@mitake
Copy link
Contributor

mitake commented Dec 15, 2017

@gyuho oh I see... we need to be careful in the future.

@gyuho
Copy link
Contributor Author

gyuho commented Dec 15, 2017

@mitake Yeah, btw, just addressed your feedback. Let me merge when CIs turn green.

Thanks!

@mitake
Copy link
Contributor

mitake commented Dec 15, 2017

@gyuho lgtm after the CIs turn green, thanks!

@gyuho gyuho mentioned this pull request Dec 15, 2017
Merged
7 tasks
@gyuho gyuho changed the title auth: fix server-side lease revoke with auth enabled *: fix server-side lease expire operation when auth is enabled Dec 15, 2017
@gyuho gyuho changed the title *: fix server-side lease expire operation when auth is enabled *: fix server-side lease expire when auth is enabled Dec 15, 2017
@codecov-io
Copy link

Codecov Report

❗ No coverage uploaded for pull request base (master@014c375). Click here to learn what that means.
The diff coverage is 33.33%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #9018   +/-   ##
=========================================
  Coverage          ?   76.04%           
=========================================
  Files             ?      359           
  Lines             ?    29837           
  Branches          ?        0           
=========================================
  Hits              ?    22691           
  Misses            ?     5569           
  Partials          ?     1577
Impacted Files Coverage Δ
etcdserver/server.go 79.81% <0%> (ø)
auth/store.go 82.48% <100%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 014c375...9fb7bbd. Read the comment docs.

jpbetz
jpbetz reviewed Dec 15, 2017
View reviewed changes
auth/store.go
return metadata.NewOutgoingContext(ctx, tokenMD)

// use "mdIncomingKey{}" since it's called from local etcdserver
return metadata.NewIncomingContext(ctx, tokenMD)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Funny, I was just reading about these new grpc metadata context functions for the first time today.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it was from gRPC v1.3.0 with grpc/grpc-go#1157.

jpbetz
jpbetz approved these changes Dec 15, 2017
View reviewed changes
Copy link
Contributor

@jpbetz jpbetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@gyuho gyuho merged commit b0f0ba7 into etcd-io:master Dec 15, 2017
@gyuho gyuho deleted the auth-ctx branch December 15, 2017 16:57
@gyuho
Copy link
Contributor Author

gyuho commented Dec 15, 2017

UPDATE: just found out we didn't backport #8031, so no need to backport this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpbetz jpbetz jpbetz approved these changes

@mitake mitake mitake approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gyuho @mitake @codecov-io @jpbetz