Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth Permission is not work fine. #12966

Closed
horizonzy opened this issue May 14, 2021 · 6 comments
Closed

Auth Permission is not work fine. #12966

horizonzy opened this issue May 14, 2021 · 6 comments
Labels
stale

Comments

@horizonzy
Copy link
Contributor

I followed the dos

etcdctl --endpoints=${ENDPOINTS} role add root
etcdctl --endpoints=${ENDPOINTS} role grant-permission root readwrite foo
etcdctl --endpoints=${ENDPOINTS} role get root

etcdctl --endpoints=${ENDPOINTS} user add root
etcdctl --endpoints=${ENDPOINTS} user grant-role root root
etcdctl --endpoints=${ENDPOINTS} user get root

The etcd logs show that I indeed do it.
etcd log:

2021-05-14 13:52:40.839248 N | auth: Role root is created
2021-05-14 13:53:09.341546 N | auth: role root's permission of key foo is updated as READWRITE
2021-05-14 13:54:35.289204 N | auth: added a new user: root
2021-05-14 13:55:07.304430 N | auth: granted role root to user root
2021-05-14 13:56:38.075019 N | auth: Authentication enabled

As the docs saying, user root just own the permission to operate key foo.

But I still can operate other key successfully.
The phenomenon:

$ etcdctl --user=root:root role get root
Role root
KV Read:
	foo
KV Write:
	foo
$ etcdctl --user=root:root put foo bar
OK
$ etcdctl --user=root:root get foo
foo
bar
$ etcdctl --user=root:root put foo1 bar1
OK
$ etcdctl --user=root:root get foo1
foo1
bar1
$ etcdctl --user=root:root put otherkey bar
OK
$ etcdctl --user=root:root get otherkey
otherkey
bar

Start etcd in standalone mode.
etcd version:

etcd Version: 3.4.15
Git SHA: Not provided (use ./build instead of go build)
Go Version: go1.16
Go OS/Arch: darwin/amd64

etcdctl version: 3.4.15

When I operate as above, I didn't execute export ETCDCTL_API=3 firstly, I'm not sure this is a bug or my mistake operation.
@horizonzy
Copy link
Contributor Author

@xiang90
please do me a favor.

@mitake
Copy link
Contributor

mitake commented May 15, 2021

@horizonzy The root role is a special one. It allows the user to access to every key so the behavior is intentional.
Could you check it doesn’t happen with other user without the root role?
Also, could you share the URL of the doc? It might be wrong.

@horizonzy
Copy link
Contributor Author

@horizonzy The root role is a special one. It allows the user to access to every key so the behavior is intentional.
Could you check it doesn’t happen with other user without the root role?
Also, could you share the URL of the doc? It might be wrong.

https://etcd.io/docs/v3.4/demo/#auth
see the gif.

@mitake
Copy link
Contributor

mitake commented May 16, 2021

@horizonzy thanks for sharing the doc! The gif is stale and it should be fixed. The behavior of root role is changed in #6356 for fixing issues like #6355 So current behavior is expected. I'll fix the gif and related doc.

@stale
Copy link

stale bot commented Aug 14, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Aug 14, 2021
@mitake mitake mentioned this issue Aug 16, 2021
Merged
@mitake
Copy link
Contributor

mitake commented Aug 16, 2021

Sorry for the late update @horizonzy , I opened etcd-io/website#446 for updating the doc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mitake @horizonzy