Skip to content

Commit

Permalink
Merge pull request #9817 from mitake/no-password
Browse files Browse the repository at this point in the history
*: support creating a user without password
  • Loading branch information
gyuho authored Jun 1, 2019
2 parents 0688645 + 96a7ff0 commit cdca488
Show file tree
Hide file tree
Showing 16 changed files with 692 additions and 349 deletions.
1 change: 1 addition & 0 deletions CHANGELOG-3.4.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ See [code changes](https://github.com/etcd-io/etcd/compare/v3.3.0...v3.4.0) and
- Add [consistency check in snapshot status](https://github.com/etcd-io/etcd/pull/10109). If consistency check on snapshot file fails, `snapshot status` returns `"snapshot file integrity check failed..."` error.
- Add [`Verify` function to perform corruption check on WAL contents](https://github.com/etcd-io/etcd/pull/10603).
- Improve [heartbeat send failure logging](https://github.com/etcd-io/etcd/pull/10663).
- Support [users with no password](https://github.com/etcd-io/etcd/pull/9817) for reducing security risk introduced by leaked password. The users can only be authenticated with CommonName based auth.

### Breaking Changes

Expand Down
10 changes: 10 additions & 0 deletions Documentation/dev-guide/api_reference_v3.md
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,7 @@ Empty field.
| ----- | ----------- | ---- |
| name | | string |
| password | | string |
| options | | authpb.UserAddOptions |



Expand Down Expand Up @@ -1001,6 +1002,15 @@ User is a single entry in the bucket authUsers
| name | | bytes |
| password | | bytes |
| roles | | (slice of) string |
| options | | UserAddOptions |



##### message `UserAddOptions` (auth/authpb/auth.proto)

| Field | Description | Type |
| ----- | ----------- | ---- |
| no_password | | bool |



12 changes: 12 additions & 0 deletions Documentation/dev-guide/apispec/swagger/rpc.swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -1219,6 +1219,15 @@
"READWRITE"
]
},
"authpbUserAddOptions": {
"type": "object",
"properties": {
"no_password": {
"type": "boolean",
"format": "boolean"
}
}
},
"etcdserverpbAlarmMember": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -1420,6 +1429,9 @@
"name": {
"type": "string"
},
"options": {
"$ref": "#/definitions/authpbUserAddOptions"
},
"password": {
"type": "string"
}
Expand Down
222 changes: 196 additions & 26 deletions auth/authpb/auth.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions auth/authpb/auth.proto
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,16 @@ option (gogoproto.unmarshaler_all) = true;
option (gogoproto.goproto_getters_all) = false;
option (gogoproto.goproto_enum_prefix_all) = false;

message UserAddOptions {
bool no_password = 1;
};

// User is a single entry in the bucket authUsers
message User {
bytes name = 1;
bytes password = 2;
repeated string roles = 3;
UserAddOptions options = 4;
}

// Permission is a single entity
Expand Down
Loading

0 comments on commit cdca488

Please sign in to comment.