Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*: support creating a user without password #9817

Merged
merged 4 commits into from
Jun 1, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG-3.4.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ See [code changes](https://github.com/etcd-io/etcd/compare/v3.3.0...v3.4.0) and
- Add [consistency check in snapshot status](https://github.com/etcd-io/etcd/pull/10109). If consistency check on snapshot file fails, `snapshot status` returns `"snapshot file integrity check failed..."` error.
- Add [`Verify` function to perform corruption check on WAL contents](https://github.com/etcd-io/etcd/pull/10603).
- Improve [heartbeat send failure logging](https://github.com/etcd-io/etcd/pull/10663).
- Support [users with no password](https://github.com/etcd-io/etcd/pull/9817) for reducing security risk introduced by leaked password. The users can only be authenticated with CommonName based auth.

### Breaking Changes

Expand Down
10 changes: 10 additions & 0 deletions Documentation/dev-guide/api_reference_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,7 @@ Empty field.
| ----- | ----------- | ---- |
| name | | string |
| password | | string |
| options | | authpb.UserAddOptions |



Expand Down Expand Up @@ -1001,6 +1002,15 @@ User is a single entry in the bucket authUsers
| name | | bytes |
| password | | bytes |
| roles | | (slice of) string |
| options | | UserAddOptions |



##### message `UserAddOptions` (auth/authpb/auth.proto)

| Field | Description | Type |
| ----- | ----------- | ---- |
| no_password | | bool |



12 changes: 12 additions & 0 deletions Documentation/dev-guide/apispec/swagger/rpc.swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -1219,6 +1219,15 @@
"READWRITE"
]
},
"authpbUserAddOptions": {
"type": "object",
"properties": {
"no_password": {
"type": "boolean",
"format": "boolean"
}
}
},
"etcdserverpbAlarmMember": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -1420,6 +1429,9 @@
"name": {
"type": "string"
},
"options": {
"$ref": "#/definitions/authpbUserAddOptions"
},
"password": {
"type": "string"
}
Expand Down
222 changes: 196 additions & 26 deletions auth/authpb/auth.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions auth/authpb/auth.proto
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,16 @@ option (gogoproto.unmarshaler_all) = true;
option (gogoproto.goproto_getters_all) = false;
option (gogoproto.goproto_enum_prefix_all) = false;

message UserAddOptions {
bool no_password = 1;
};

// User is a single entry in the bucket authUsers
message User {
bytes name = 1;
bytes password = 2;
repeated string roles = 3;
UserAddOptions options = 4;
}

// Permission is a single entity
Expand Down
Loading