Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security implementation #2384

Closed
15 tasks done
xiang90 opened this issue Feb 26, 2015 · 6 comments
Closed
15 tasks done

security implementation #2384

xiang90 opened this issue Feb 26, 2015 · 6 comments
Labels
area/performance
Milestone
v2.1.0-alpha0

Comments

@xiang90
Copy link
Contributor

xiang90 commented Feb 26, 2015

Security feedback

  • decouple the enable and root user creation
  • add root role, so we can have multiple admin users
  • doc: /security/user -> /security/users
  • add everyone user and role when enabling security, which has all access to key space. the no user:pass falls into everyone.
  • prefix matching
  • never return error message from store
  • security needs to be enabled each time reboot, it returns {"enabled":false} when I check it
  • enable after reboot returns {"errorCode":105,"message":"Key already exists","cause":"/2/users/root","index":11}
  • delete users/root return {"message":"Can't delete root user; disable security instead."}, but it is not enabled
  • password can be empty
  • both create/update return 201 created
  • return hashed password when updating password
  • fix the examples in the rfc
  • log the admin operations
  • update role fails to work, and returns the old role json as HTTP result
@xiang90 xiang90 added this to the v2.1.0 milestone Feb 26, 2015
@xiang90 xiang90 mentioned this issue Mar 1, 2015
Closed
@yichengq yichengq mentioned this issue Mar 4, 2015
Merged
@benmccann benmccann mentioned this issue Apr 9, 2015
Merged
@barakmich barakmich mentioned this issue Apr 10, 2015
Merged
barakmich referenced this issue in barakmich/etcd Apr 14, 2015
@barakmich
minor ui return tweaks
06c7658
@barakmich
Copy link
Contributor

not an "everyone" user, but a "guest" role

@barakmich
Copy link
Contributor

There may be some error messages from the store, but not the same way

@barakmich
Copy link
Contributor

enable/disable should be fixed, which are some of the bugs mentioned

barakmich added a commit to barakmich/etcd that referenced this issue Apr 23, 2015
@barakmich
Improve the security api as per the suggestions list in etcd-io#2384
8745752 
decouple root and security enable/disable

create root role

prefix matching

godep: bump go-etcd to include credentials

add godep for speakeasy and auth entry parsing

appropriate errors for security enable/disable

WIP adding to etcd/client all the security client methods

add guest access

minor ui return tweaks

revert client changes

respond to comments, log more security operations

fix major ensure() bug, add better UX

block recursive access

fix some boneheaded mistakes

fix integration test

last comments

fix up security_api.md

philips nits
@xiang90 xiang90 closed this as completed Apr 23, 2015
@xiang90
Copy link
Contributor Author

xiang90 commented Apr 23, 2015

Fixed via #2384

barakmich added a commit to barakmich/etcd that referenced this issue Apr 23, 2015
@barakmich
security: Improve the security api as per the suggestions list in etc…
b27a77a 
…d-io#2384

Subcommits:

decouple root and security enable/disable

create root role

prefix matching

godep: bump go-etcd to include credentials

add godep for speakeasy and auth entry parsing

appropriate errors for security enable/disable

WIP adding to etcd/client all the security client methods

add guest access

minor ui return tweaks

revert client changes

respond to comments, log more security operations

fix major ensure() bug, add better UX

block recursive access

fix some boneheaded mistakes

fix integration test

last comments

fix up security_api.md

philips nits
@benmccann
Copy link

Fixed by what? :-) That's a self-referential link :-)

barakmich added a commit to barakmich/etcd that referenced this issue Apr 23, 2015
@barakmich
security: Improve the security api as per the suggestions list in etc…
fa74e70 
…d-io#2384

Subcommits:

decouple root and security enable/disable

create root role

prefix matching

godep: bump go-etcd to include credentials

add godep for speakeasy and auth entry parsing

appropriate errors for security enable/disable

WIP adding to etcd/client all the security client methods

add guest access

minor ui return tweaks

revert client changes

respond to comments, log more security operations

fix major ensure() bug, add better UX

block recursive access

fix some boneheaded mistakes

fix integration test

last comments

fix up security_api.md

philips nits

fix docs
@barakmich
Copy link
Contributor

@benmccann #2654 -- Typo, with the same first and last numbers.

@jokeyrhyme jokeyrhyme mentioned this issue Nov 10, 2015
Closed
@aarondav aarondav mentioned this issue Apr 18, 2016
Closed
@deis-admin deis-admin mentioned this issue Jan 19, 2017
Open
@code-ape code-ape mentioned this issue Feb 2, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/performance
Milestone
v2.1.0-alpha0
Development

No branches or pull requests
3 participants
@barakmich @benmccann @xiang90