Commit 93c051e2 authored by Timothy St. Clair's avatar Timothy St. Clair

Level sets dependency graph to consume etcd 3.1.5

parent 1c34102d
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -100,11 +100,11 @@ ...@@ -100,11 +100,11 @@
}, },
{ {
"ImportPath": "github.com/gogo/protobuf/proto", "ImportPath": "github.com/gogo/protobuf/proto",
"Rev": "e18d7aa8f8c624c915db340349aad4c49b10d173" "Rev": "c0656edd0d9eab7c66d1eb0c568f9039345796f7"
}, },
{ {
"ImportPath": "github.com/gogo/protobuf/sortkeys", "ImportPath": "github.com/gogo/protobuf/sortkeys",
"Rev": "e18d7aa8f8c624c915db340349aad4c49b10d173" "Rev": "c0656edd0d9eab7c66d1eb0c568f9039345796f7"
}, },
{ {
"ImportPath": "github.com/golang/glog", "ImportPath": "github.com/golang/glog",
...@@ -116,7 +116,7 @@ ...@@ -116,7 +116,7 @@
}, },
{ {
"ImportPath": "github.com/golang/protobuf/proto", "ImportPath": "github.com/golang/protobuf/proto",
"Rev": "8616e8ee5e20a1704615e6c8d7afcdac06087a67" "Rev": "4bd1920723d7b7c925de087aa32e2187708897f7"
}, },
{ {
"ImportPath": "github.com/google/gofuzz", "ImportPath": "github.com/google/gofuzz",
...@@ -172,27 +172,27 @@ ...@@ -172,27 +172,27 @@
}, },
{ {
"ImportPath": "golang.org/x/net/context", "ImportPath": "golang.org/x/net/context",
"Rev": "e90d6d0afc4c315a0d87a568ae68577cc15149a0" "Rev": "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
}, },
{ {
"ImportPath": "golang.org/x/net/context/ctxhttp", "ImportPath": "golang.org/x/net/context/ctxhttp",
"Rev": "e90d6d0afc4c315a0d87a568ae68577cc15149a0" "Rev": "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
}, },
{ {
"ImportPath": "golang.org/x/net/http2", "ImportPath": "golang.org/x/net/http2",
"Rev": "e90d6d0afc4c315a0d87a568ae68577cc15149a0" "Rev": "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
}, },
{ {
"ImportPath": "golang.org/x/net/http2/hpack", "ImportPath": "golang.org/x/net/http2/hpack",
"Rev": "e90d6d0afc4c315a0d87a568ae68577cc15149a0" "Rev": "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
}, },
{ {
"ImportPath": "golang.org/x/net/idna", "ImportPath": "golang.org/x/net/idna",
"Rev": "e90d6d0afc4c315a0d87a568ae68577cc15149a0" "Rev": "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
}, },
{ {
"ImportPath": "golang.org/x/net/lex/httplex", "ImportPath": "golang.org/x/net/lex/httplex",
"Rev": "e90d6d0afc4c315a0d87a568ae68577cc15149a0" "Rev": "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
}, },
{ {
"ImportPath": "golang.org/x/oauth2", "ImportPath": "golang.org/x/oauth2",
......
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package api
const (
// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
// in the Annotations of a Pod.
TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations"
// TaintsAnnotationKey represents the key of taints data (json serialized)
// in the Annotations of a Node.
TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints"
// SeccompPodAnnotationKey represents the key of a seccomp profile applied
// to all containers of a pod.
SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"
// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
// to one container of a pod.
SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/"
// CreatedByAnnotation represents the key used to store the spec(json)
// used to create the resource.
CreatedByAnnotation = "kubernetes.io/created-by"
// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
// in the Annotations of a Node.
PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"
// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
// container of a pod. The annotation value is a comma separated list of sysctl_name=value
// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
// the kubelet. Pods with other sysctls will fail to launch.
SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"
// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
// container of a pod. The annotation value is a comma separated list of sysctl_name=value
// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
// will fail to launch.
UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
// an object (e.g. secret, config map) before fetching it again from apiserver.
// This annotation can be attached to node.
ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"
// AffinityAnnotationKey represents the key of affinity data (json serialized)
// in the Annotations of a Pod.
// TODO: remove when alpha support for affinity is removed
AffinityAnnotationKey string = "scheduler.alpha.kubernetes.io/affinity"
)
...@@ -429,6 +429,56 @@ func NodeSelectorRequirementsAsSelector(nsm []NodeSelectorRequirement) (labels.S ...@@ -429,6 +429,56 @@ func NodeSelectorRequirementsAsSelector(nsm []NodeSelectorRequirement) (labels.S
return selector, nil return selector, nil
} }
const (
// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
// in the Annotations of a Pod.
TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations"
// TaintsAnnotationKey represents the key of taints data (json serialized)
// in the Annotations of a Node.
TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints"
// SeccompPodAnnotationKey represents the key of a seccomp profile applied
// to all containers of a pod.
SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"
// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
// to one container of a pod.
SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/"
// CreatedByAnnotation represents the key used to store the spec(json)
// used to create the resource.
CreatedByAnnotation = "kubernetes.io/created-by"
// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
// in the Annotations of a Node.
PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"
// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
// container of a pod. The annotation value is a comma separated list of sysctl_name=value
// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
// the kubelet. Pods with other sysctls will fail to launch.
SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"
// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
// container of a pod. The annotation value is a comma separated list of sysctl_name=value
// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
// will fail to launch.
UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
// an object (e.g. secret, config map) before fetching it again from apiserver.
// This annotation can be attached to node.
ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"
// AffinityAnnotationKey represents the key of affinity data (json serialized)
// in the Annotations of a Pod.
// TODO: remove when alpha support for affinity is removed
AffinityAnnotationKey string = "scheduler.alpha.kubernetes.io/affinity"
)
// GetTolerationsFromPodAnnotations gets the json serialized tolerations data from Pod.Annotations // GetTolerationsFromPodAnnotations gets the json serialized tolerations data from Pod.Annotations
// and converts it to the []Toleration type in api. // and converts it to the []Toleration type in api.
func GetTolerationsFromPodAnnotations(annotations map[string]string) ([]Toleration, error) { func GetTolerationsFromPodAnnotations(annotations map[string]string) ([]Toleration, error) {
...@@ -444,7 +494,7 @@ func GetTolerationsFromPodAnnotations(annotations map[string]string) ([]Tolerati ...@@ -444,7 +494,7 @@ func GetTolerationsFromPodAnnotations(annotations map[string]string) ([]Tolerati
// AddOrUpdateTolerationInPod tries to add a toleration to the pod's toleration list. // AddOrUpdateTolerationInPod tries to add a toleration to the pod's toleration list.
// Returns true if something was updated, false otherwise. // Returns true if something was updated, false otherwise.
func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool { func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) (bool, error) {
podTolerations := pod.Spec.Tolerations podTolerations := pod.Spec.Tolerations
var newTolerations []Toleration var newTolerations []Toleration
...@@ -452,7 +502,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool { ...@@ -452,7 +502,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool {
for i := range podTolerations { for i := range podTolerations {
if toleration.MatchToleration(&podTolerations[i]) { if toleration.MatchToleration(&podTolerations[i]) {
if Semantic.DeepEqual(toleration, podTolerations[i]) { if Semantic.DeepEqual(toleration, podTolerations[i]) {
return false return false, nil
} }
newTolerations = append(newTolerations, *toleration) newTolerations = append(newTolerations, *toleration)
updated = true updated = true
...@@ -467,7 +517,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool { ...@@ -467,7 +517,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool {
} }
pod.Spec.Tolerations = newTolerations pod.Spec.Tolerations = newTolerations
return true return true, nil
} }
// MatchToleration checks if the toleration matches tolerationToMatch. Tolerations are unique by <key,effect,operator,value>, // MatchToleration checks if the toleration matches tolerationToMatch. Tolerations are unique by <key,effect,operator,value>,
......
...@@ -17,9 +17,6 @@ limitations under the License. ...@@ -17,9 +17,6 @@ limitations under the License.
package api package api
import ( import (
"fmt"
"math"
"strconv"
"time" "time"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
...@@ -230,41 +227,3 @@ func PodRequestsAndLimits(pod *Pod) (reqs map[ResourceName]resource.Quantity, li ...@@ -230,41 +227,3 @@ func PodRequestsAndLimits(pod *Pod) (reqs map[ResourceName]resource.Quantity, li
} }
return return
} }
// ExtractContainerResourceValue extracts the value of a resource
// in an already known container
func ExtractContainerResourceValue(fs *ResourceFieldSelector, container *Container) (string, error) {
divisor := resource.Quantity{}
if divisor.Cmp(fs.Divisor) == 0 {
divisor = resource.MustParse("1")
} else {
divisor = fs.Divisor
}
switch fs.Resource {
case "limits.cpu":
return convertResourceCPUToString(container.Resources.Limits.Cpu(), divisor)
case "limits.memory":
return convertResourceMemoryToString(container.Resources.Limits.Memory(), divisor)
case "requests.cpu":
return convertResourceCPUToString(container.Resources.Requests.Cpu(), divisor)
case "requests.memory":
return convertResourceMemoryToString(container.Resources.Requests.Memory(), divisor)
}
return "", fmt.Errorf("unsupported container resource : %v", fs.Resource)
}
// convertResourceCPUToString converts cpu value to the format of divisor and returns
// ceiling of the value.
func convertResourceCPUToString(cpu *resource.Quantity, divisor resource.Quantity) (string, error) {
c := int64(math.Ceil(float64(cpu.MilliValue()) / float64(divisor.MilliValue())))
return strconv.FormatInt(c, 10), nil
}
// convertResourceMemoryToString converts memory value to the format of divisor and returns
// ceiling of the value.
func convertResourceMemoryToString(memory *resource.Quantity, divisor resource.Quantity) (string, error) {
m := int64(math.Ceil(float64(memory.Value()) / float64(divisor.Value())))
return strconv.FormatInt(m, 10), nil
}
...@@ -653,20 +653,10 @@ type ISCSIVolumeSource struct { ...@@ -653,20 +653,10 @@ type ISCSIVolumeSource struct {
// the ReadOnly setting in VolumeMounts. // the ReadOnly setting in VolumeMounts.
// +optional // +optional
ReadOnly bool ReadOnly bool
// Optional: list of iSCSI target portal ips for high availability. // Required: list of iSCSI target portal ips for high availability.
// the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260) // the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260)
// +optional // +optional
Portals []string Portals []string
// Optional: whether support iSCSI Discovery CHAP authentication
// +optional
DiscoveryCHAPAuth bool
// Optional: whether support iSCSI Session CHAP authentication
// +optional
SessionCHAPAuth bool
// Optional: CHAP secret for iSCSI target and initiator authentication.
// The secret is used if either DiscoveryCHAPAuth or SessionCHAPAuth is true
// +optional
SecretRef *LocalObjectReference
} }
// Represents a Fibre Channel volume. // Represents a Fibre Channel volume.
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -245,8 +245,6 @@ message ComponentStatus { ...@@ -245,8 +245,6 @@ message ComponentStatus {
// List of component conditions observed // List of component conditions observed
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated ComponentCondition conditions = 2; repeated ComponentCondition conditions = 2;
} }
...@@ -417,8 +415,6 @@ message Container { ...@@ -417,8 +415,6 @@ message Container {
// accessible from the network. // accessible from the network.
// Cannot be updated. // Cannot be updated.
// +optional // +optional
// +patchMergeKey=containerPort
// +patchStrategy=merge
repeated ContainerPort ports = 6; repeated ContainerPort ports = 6;
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
...@@ -433,8 +429,6 @@ message Container { ...@@ -433,8 +429,6 @@ message Container {
// List of environment variables to set in the container. // List of environment variables to set in the container.
// Cannot be updated. // Cannot be updated.
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeated EnvVar env = 7; repeated EnvVar env = 7;
// Compute Resources required by this container. // Compute Resources required by this container.
...@@ -446,8 +440,6 @@ message Container { ...@@ -446,8 +440,6 @@ message Container {
// Pod volumes to mount into the container's filesystem. // Pod volumes to mount into the container's filesystem.
// Cannot be updated. // Cannot be updated.
// +optional // +optional
// +patchMergeKey=mountPath
// +patchStrategy=merge
repeated VolumeMount volumeMounts = 9; repeated VolumeMount volumeMounts = 9;
// Periodic probe of container liveness. // Periodic probe of container liveness.
...@@ -1235,18 +1227,6 @@ message ISCSIVolumeSource { ...@@ -1235,18 +1227,6 @@ message ISCSIVolumeSource {
// is other than default (typically TCP ports 860 and 3260). // is other than default (typically TCP ports 860 and 3260).
// +optional // +optional
repeated string portals = 7; repeated string portals = 7;
// whether support iSCSI Discovery CHAP authentication
// +optional
optional bool chapAuthDiscovery = 8;
// whether support iSCSI Session CHAP authentication
// +optional
optional bool chapAuthSession = 11;
// CHAP secret for iSCSI target and initiator authentication
// +optional
optional LocalObjectReference secretRef = 10;
} }
// Maps a string key to a path within a volume. // Maps a string key to a path within a volume.
...@@ -1611,8 +1591,6 @@ message NodeSelector { ...@@ -1611,8 +1591,6 @@ message NodeSelector {
// that relates the key and values. // that relates the key and values.
message NodeSelectorRequirement { message NodeSelectorRequirement {
// The label key that the selector applies to. // The label key that the selector applies to.
// +patchMergeKey=key
// +patchStrategy=merge
optional string key = 1; optional string key = 1;
// Represents a key's relationship to a set of values. // Represents a key's relationship to a set of values.
...@@ -1680,16 +1658,12 @@ message NodeStatus { ...@@ -1680,16 +1658,12 @@ message NodeStatus {
// Conditions is an array of current observed node conditions. // Conditions is an array of current observed node conditions.
// More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-condition // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-condition
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated NodeCondition conditions = 4; repeated NodeCondition conditions = 4;
// List of addresses reachable to the node. // List of addresses reachable to the node.
// Queried from cloud provider, if available. // Queried from cloud provider, if available.
// More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-addresses // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-addresses
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated NodeAddress addresses = 5; repeated NodeAddress addresses = 5;
// Endpoints of daemons running on the Node. // Endpoints of daemons running on the Node.
...@@ -1895,8 +1869,6 @@ message ObjectMeta { ...@@ -1895,8 +1869,6 @@ message ObjectMeta {
// then an entry in this list will point to this controller, with the controller field set to true. // then an entry in this list will point to this controller, with the controller field set to true.
// There cannot be more than one managing controller. // There cannot be more than one managing controller.
// +optional // +optional
// +patchMergeKey=uid
// +patchStrategy=merge
repeated k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference ownerReferences = 13; repeated k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference ownerReferences = 13;
// Must be empty before the object is deleted from the registry. Each entry // Must be empty before the object is deleted from the registry. Each entry
...@@ -1904,7 +1876,6 @@ message ObjectMeta { ...@@ -1904,7 +1876,6 @@ message ObjectMeta {
// from the list. If the deletionTimestamp of the object is non-nil, entries // from the list. If the deletionTimestamp of the object is non-nil, entries
// in this list can only be removed. // in this list can only be removed.
// +optional // +optional
// +patchStrategy=merge
repeated string finalizers = 14; repeated string finalizers = 14;
// The name of the cluster which the object belongs to. // The name of the cluster which the object belongs to.
...@@ -2591,8 +2562,6 @@ message PodSpec { ...@@ -2591,8 +2562,6 @@ message PodSpec {
// List of volumes that can be mounted by containers belonging to the pod. // List of volumes that can be mounted by containers belonging to the pod.
// More info: http://kubernetes.io/docs/user-guide/volumes // More info: http://kubernetes.io/docs/user-guide/volumes
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeated Volume volumes = 1; repeated Volume volumes = 1;
// List of initialization containers belonging to the pod. // List of initialization containers belonging to the pod.
...@@ -2608,8 +2577,6 @@ message PodSpec { ...@@ -2608,8 +2577,6 @@ message PodSpec {
// Init containers cannot currently be added or removed. // Init containers cannot currently be added or removed.
// Cannot be updated. // Cannot be updated.
// More info: http://kubernetes.io/docs/user-guide/containers // More info: http://kubernetes.io/docs/user-guide/containers
// +patchMergeKey=name
// +patchStrategy=merge
repeated Container initContainers = 20; repeated Container initContainers = 20;
// List of containers belonging to the pod. // List of containers belonging to the pod.
...@@ -2617,8 +2584,6 @@ message PodSpec { ...@@ -2617,8 +2584,6 @@ message PodSpec {
// There must be at least one container in a Pod. // There must be at least one container in a Pod.
// Cannot be updated. // Cannot be updated.
// More info: http://kubernetes.io/docs/user-guide/containers // More info: http://kubernetes.io/docs/user-guide/containers
// +patchMergeKey=name
// +patchStrategy=merge
repeated Container containers = 2; repeated Container containers = 2;
// Restart policy for all containers within the pod. // Restart policy for all containers within the pod.
...@@ -2707,8 +2672,6 @@ message PodSpec { ...@@ -2707,8 +2672,6 @@ message PodSpec {
// in the case of docker, only DockerConfig type secrets are honored. // in the case of docker, only DockerConfig type secrets are honored.
// More info: http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod // More info: http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeated LocalObjectReference imagePullSecrets = 15; repeated LocalObjectReference imagePullSecrets = 15;
// Specifies the hostname of the Pod // Specifies the hostname of the Pod
...@@ -2746,8 +2709,6 @@ message PodStatus { ...@@ -2746,8 +2709,6 @@ message PodStatus {
// Current service state of pod. // Current service state of pod.
// More info: http://kubernetes.io/docs/user-guide/pod-states#pod-conditions // More info: http://kubernetes.io/docs/user-guide/pod-states#pod-conditions
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated PodCondition conditions = 2; repeated PodCondition conditions = 2;
// A human readable message indicating details about why the pod is in this condition. // A human readable message indicating details about why the pod is in this condition.
...@@ -3146,8 +3107,6 @@ message ReplicationControllerStatus { ...@@ -3146,8 +3107,6 @@ message ReplicationControllerStatus {
// Represents the latest available observations of a replication controller's current state. // Represents the latest available observations of a replication controller's current state.
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated ReplicationControllerCondition conditions = 6; repeated ReplicationControllerCondition conditions = 6;
} }
...@@ -3509,8 +3468,6 @@ message ServiceAccount { ...@@ -3509,8 +3468,6 @@ message ServiceAccount {
// Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. // Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
// More info: http://kubernetes.io/docs/user-guide/secrets // More info: http://kubernetes.io/docs/user-guide/secrets
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
repeated ObjectReference secrets = 2; repeated ObjectReference secrets = 2;
// ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
...@@ -3601,8 +3558,6 @@ message ServiceProxyOptions { ...@@ -3601,8 +3558,6 @@ message ServiceProxyOptions {
message ServiceSpec { message ServiceSpec {
// The list of ports that are exposed by this service. // The list of ports that are exposed by this service.
// More info: http://kubernetes.io/docs/user-guide/services#virtual-ips-and-service-proxies // More info: http://kubernetes.io/docs/user-guide/services#virtual-ips-and-service-proxies
// +patchMergeKey=port
// +patchStrategy=merge
repeated ServicePort ports = 1; repeated ServicePort ports = 1;
// Route service traffic to pods with label keys and values matching this // Route service traffic to pods with label keys and values matching this
...@@ -3722,8 +3677,6 @@ message TCPSocketAction { ...@@ -3722,8 +3677,6 @@ message TCPSocketAction {
// any pod that that does not tolerate the Taint. // any pod that that does not tolerate the Taint.
message Taint { message Taint {
// Required. The taint key to be applied to a node. // Required. The taint key to be applied to a node.
// +patchMergeKey=key
// +patchStrategy=merge
optional string key = 1; optional string key = 1;
// Required. The taint value corresponding to the taint key. // Required. The taint value corresponding to the taint key.
...@@ -3747,8 +3700,6 @@ message Toleration { ...@@ -3747,8 +3700,6 @@ message Toleration {
// Key is the taint key that the toleration applies to. Empty means match all taint keys. // Key is the taint key that the toleration applies to. Empty means match all taint keys.
// If the key is empty, operator must be Exists; this combination means to match all values and all keys. // If the key is empty, operator must be Exists; this combination means to match all values and all keys.
// +optional // +optional
// +patchMergeKey=key
// +patchStrategy=merge
optional string key = 1; optional string key = 1;
// Operator represents a key's relationship to the value. // Operator represents a key's relationship to the value.
......
...@@ -276,9 +276,9 @@ const ( ...@@ -276,9 +276,9 @@ const (
AffinityAnnotationKey string = "scheduler.alpha.kubernetes.io/affinity" AffinityAnnotationKey string = "scheduler.alpha.kubernetes.io/affinity"
) )
// AddOrUpdateTolerationInPod tries to add a toleration to the pod's toleration list. // Tries to add a toleration to annotations list. Returns true if something was updated
// Returns true if something was updated, false otherwise. // false otherwise.
func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool { func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) (bool, error) {
podTolerations := pod.Spec.Tolerations podTolerations := pod.Spec.Tolerations
var newTolerations []Toleration var newTolerations []Toleration
...@@ -286,7 +286,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool { ...@@ -286,7 +286,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool {
for i := range podTolerations { for i := range podTolerations {
if toleration.MatchToleration(&podTolerations[i]) { if toleration.MatchToleration(&podTolerations[i]) {
if api.Semantic.DeepEqual(toleration, podTolerations[i]) { if api.Semantic.DeepEqual(toleration, podTolerations[i]) {
return false return false, nil
} }
newTolerations = append(newTolerations, *toleration) newTolerations = append(newTolerations, *toleration)
updated = true updated = true
...@@ -301,7 +301,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool { ...@@ -301,7 +301,7 @@ func AddOrUpdateTolerationInPod(pod *Pod, toleration *Toleration) bool {
} }
pod.Spec.Tolerations = newTolerations pod.Spec.Tolerations = newTolerations
return true return true, nil
} }
// MatchToleration checks if the toleration matches tolerationToMatch. Tolerations are unique by <key,effect,operator,value>, // MatchToleration checks if the toleration matches tolerationToMatch. Tolerations are unique by <key,effect,operator,value>,
......
...@@ -35,8 +35,6 @@ func (meta *ObjectMeta) GetUID() types.UID { return meta.UID } ...@@ -35,8 +35,6 @@ func (meta *ObjectMeta) GetUID() types.UID { return meta.UID }
func (meta *ObjectMeta) SetUID(uid types.UID) { meta.UID = uid } func (meta *ObjectMeta) SetUID(uid types.UID) { meta.UID = uid }
func (meta *ObjectMeta) GetResourceVersion() string { return meta.ResourceVersion } func (meta *ObjectMeta) GetResourceVersion() string { return meta.ResourceVersion }
func (meta *ObjectMeta) SetResourceVersion(version string) { meta.ResourceVersion = version } func (meta *ObjectMeta) SetResourceVersion(version string) { meta.ResourceVersion = version }
func (meta *ObjectMeta) GetGeneration() int64 { return meta.Generation }
func (meta *ObjectMeta) SetGeneration(generation int64) { meta.Generation = generation }
func (meta *ObjectMeta) GetSelfLink() string { return meta.SelfLink } func (meta *ObjectMeta) GetSelfLink() string { return meta.SelfLink }
func (meta *ObjectMeta) SetSelfLink(selfLink string) { meta.SelfLink = selfLink } func (meta *ObjectMeta) SetSelfLink(selfLink string) { meta.SelfLink = selfLink }
func (meta *ObjectMeta) GetCreationTimestamp() metav1.Time { return meta.CreationTimestamp } func (meta *ObjectMeta) GetCreationTimestamp() metav1.Time { return meta.CreationTimestamp }
...@@ -47,10 +45,6 @@ func (meta *ObjectMeta) GetDeletionTimestamp() *metav1.Time { return meta.Deleti ...@@ -47,10 +45,6 @@ func (meta *ObjectMeta) GetDeletionTimestamp() *metav1.Time { return meta.Deleti
func (meta *ObjectMeta) SetDeletionTimestamp(deletionTimestamp *metav1.Time) { func (meta *ObjectMeta) SetDeletionTimestamp(deletionTimestamp *metav1.Time) {
meta.DeletionTimestamp = deletionTimestamp meta.DeletionTimestamp = deletionTimestamp
} }
func (meta *ObjectMeta) GetDeletionGracePeriodSeconds() *int64 { return meta.DeletionGracePeriodSeconds }
func (meta *ObjectMeta) SetDeletionGracePeriodSeconds(deletionGracePeriodSeconds *int64) {
meta.DeletionGracePeriodSeconds = deletionGracePeriodSeconds
}
func (meta *ObjectMeta) GetLabels() map[string]string { return meta.Labels } func (meta *ObjectMeta) GetLabels() map[string]string { return meta.Labels }
func (meta *ObjectMeta) SetLabels(labels map[string]string) { meta.Labels = labels } func (meta *ObjectMeta) SetLabels(labels map[string]string) { meta.Labels = labels }
func (meta *ObjectMeta) GetAnnotations() map[string]string { return meta.Annotations } func (meta *ObjectMeta) GetAnnotations() map[string]string { return meta.Annotations }
......
...@@ -17,14 +17,10 @@ limitations under the License. ...@@ -17,14 +17,10 @@ limitations under the License.
package v1 package v1
import ( import (
"fmt"
"math"
"strconv"
"time" "time"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/pkg/api"
) )
// Returns string version of ResourceName. // Returns string version of ResourceName.
...@@ -259,100 +255,3 @@ func GetResourceRequest(pod *Pod, resource ResourceName) int64 { ...@@ -259,100 +255,3 @@ func GetResourceRequest(pod *Pod, resource ResourceName) int64 {
} }
return totalResources return totalResources
} }
// ExtractResourceValueByContainerName extracts the value of a resource
// by providing container name
func ExtractResourceValueByContainerName(fs *ResourceFieldSelector, pod *Pod, containerName string) (string, error) {
container, err := findContainerInPod(pod, containerName)
if err != nil {
return "", err
}
return ExtractContainerResourceValue(fs, container)
}
// ExtractResourceValueByContainerNameAndNodeAllocatable extracts the value of a resource
// by providing container name and node allocatable
func ExtractResourceValueByContainerNameAndNodeAllocatable(fs *ResourceFieldSelector, pod *Pod, containerName string, nodeAllocatable ResourceList) (string, error) {
realContainer, err := findContainerInPod(pod, containerName)
if err != nil {
return "", err
}
containerCopy, err := api.Scheme.DeepCopy(realContainer)
if err != nil {
return "", fmt.Errorf("failed to perform a deep copy of container object: %v", err)
}
container, ok := containerCopy.(*Container)
if !ok {
return "", fmt.Errorf("unexpected type returned from deep copy of container object")
}
MergeContainerResourceLimits(container, nodeAllocatable)
return ExtractContainerResourceValue(fs, container)
}
// ExtractContainerResourceValue extracts the value of a resource
// in an already known container
func ExtractContainerResourceValue(fs *ResourceFieldSelector, container *Container) (string, error) {
divisor := resource.Quantity{}
if divisor.Cmp(fs.Divisor) == 0 {
divisor = resource.MustParse("1")
} else {
divisor = fs.Divisor
}
switch fs.Resource {
case "limits.cpu":
return convertResourceCPUToString(container.Resources.Limits.Cpu(), divisor)
case "limits.memory":
return convertResourceMemoryToString(container.Resources.Limits.Memory(), divisor)
case "requests.cpu":
return convertResourceCPUToString(container.Resources.Requests.Cpu(), divisor)
case "requests.memory":
return convertResourceMemoryToString(container.Resources.Requests.Memory(), divisor)
}
return "", fmt.Errorf("Unsupported container resource : %v", fs.Resource)
}
// convertResourceCPUToString converts cpu value to the format of divisor and returns
// ceiling of the value.
func convertResourceCPUToString(cpu *resource.Quantity, divisor resource.Quantity) (string, error) {
c := int64(math.Ceil(float64(cpu.MilliValue()) / float64(divisor.MilliValue())))
return strconv.FormatInt(c, 10), nil
}
// convertResourceMemoryToString converts memory value to the format of divisor and returns
// ceiling of the value.
func convertResourceMemoryToString(memory *resource.Quantity, divisor resource.Quantity) (string, error) {
m := int64(math.Ceil(float64(memory.Value()) / float64(divisor.Value())))
return strconv.FormatInt(m, 10), nil
}
// findContainerInPod finds a container by its name in the provided pod
func findContainerInPod(pod *Pod, containerName string) (*Container, error) {
for _, container := range pod.Spec.Containers {
if container.Name == containerName {
return &container, nil
}
}
return nil, fmt.Errorf("container %s not found", containerName)
}
// MergeContainerResourceLimits checks if a limit is applied for
// the container, and if not, it sets the limit to the passed resource list.
func MergeContainerResourceLimits(container *Container,
allocatable ResourceList) {
if container.Resources.Limits == nil {
container.Resources.Limits = make(ResourceList)
}
for _, resource := range []ResourceName{ResourceCPU, ResourceMemory} {
if quantity, exists := container.Resources.Limits[resource]; !exists || quantity.IsZero() {
if cap, exists := allocatable[resource]; exists {
container.Resources.Limits[resource] = *cap.Copy()
}
}
}
}
...@@ -197,8 +197,6 @@ type ObjectMeta struct { ...@@ -197,8 +197,6 @@ type ObjectMeta struct {
// then an entry in this list will point to this controller, with the controller field set to true. // then an entry in this list will point to this controller, with the controller field set to true.
// There cannot be more than one managing controller. // There cannot be more than one managing controller.
// +optional // +optional
// +patchMergeKey=uid
// +patchStrategy=merge
OwnerReferences []metav1.OwnerReference `json:"ownerReferences,omitempty" patchStrategy:"merge" patchMergeKey:"uid" protobuf:"bytes,13,rep,name=ownerReferences"` OwnerReferences []metav1.OwnerReference `json:"ownerReferences,omitempty" patchStrategy:"merge" patchMergeKey:"uid" protobuf:"bytes,13,rep,name=ownerReferences"`
// Must be empty before the object is deleted from the registry. Each entry // Must be empty before the object is deleted from the registry. Each entry
...@@ -206,7 +204,6 @@ type ObjectMeta struct { ...@@ -206,7 +204,6 @@ type ObjectMeta struct {
// from the list. If the deletionTimestamp of the object is non-nil, entries // from the list. If the deletionTimestamp of the object is non-nil, entries
// in this list can only be removed. // in this list can only be removed.
// +optional // +optional
// +patchStrategy=merge
Finalizers []string `json:"finalizers,omitempty" patchStrategy:"merge" protobuf:"bytes,14,rep,name=finalizers"` Finalizers []string `json:"finalizers,omitempty" patchStrategy:"merge" protobuf:"bytes,14,rep,name=finalizers"`
// The name of the cluster which the object belongs to. // The name of the cluster which the object belongs to.
...@@ -1050,15 +1047,6 @@ type ISCSIVolumeSource struct { ...@@ -1050,15 +1047,6 @@ type ISCSIVolumeSource struct {
// is other than default (typically TCP ports 860 and 3260). // is other than default (typically TCP ports 860 and 3260).
// +optional // +optional
Portals []string `json:"portals,omitempty" protobuf:"bytes,7,opt,name=portals"` Portals []string `json:"portals,omitempty" protobuf:"bytes,7,opt,name=portals"`
// whether support iSCSI Discovery CHAP authentication
// +optional
DiscoveryCHAPAuth bool `json:"chapAuthDiscovery,omitempty" protobuf:"varint,8,opt,name=chapAuthDiscovery"`
// whether support iSCSI Session CHAP authentication
// +optional
SessionCHAPAuth bool `json:"chapAuthSession,omitempty" protobuf:"varint,11,opt,name=chapAuthSession"`
// CHAP secret for iSCSI target and initiator authentication
// +optional
SecretRef *LocalObjectReference `json:"secretRef,omitempty" protobuf:"bytes,10,opt,name=secretRef"`
} }
// Represents a Fibre Channel volume. // Represents a Fibre Channel volume.
...@@ -1649,8 +1637,6 @@ type Container struct { ...@@ -1649,8 +1637,6 @@ type Container struct {
// accessible from the network. // accessible from the network.
// Cannot be updated. // Cannot be updated.
// +optional // +optional
// +patchMergeKey=containerPort
// +patchStrategy=merge
Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"` Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. All invalid keys // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
...@@ -1663,8 +1649,6 @@ type Container struct { ...@@ -1663,8 +1649,6 @@ type Container struct {
// List of environment variables to set in the container. // List of environment variables to set in the container.
// Cannot be updated. // Cannot be updated.
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
Env []EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"` Env []EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"`
// Compute Resources required by this container. // Compute Resources required by this container.
// Cannot be updated. // Cannot be updated.
...@@ -1674,8 +1658,6 @@ type Container struct { ...@@ -1674,8 +1658,6 @@ type Container struct {
// Pod volumes to mount into the container's filesystem. // Pod volumes to mount into the container's filesystem.
// Cannot be updated. // Cannot be updated.
// +optional // +optional
// +patchMergeKey=mountPath
// +patchStrategy=merge
VolumeMounts []VolumeMount `json:"volumeMounts,omitempty" patchStrategy:"merge" patchMergeKey:"mountPath" protobuf:"bytes,9,rep,name=volumeMounts"` VolumeMounts []VolumeMount `json:"volumeMounts,omitempty" patchStrategy:"merge" patchMergeKey:"mountPath" protobuf:"bytes,9,rep,name=volumeMounts"`
// Periodic probe of container liveness. // Periodic probe of container liveness.
// Container will be restarted if the probe fails. // Container will be restarted if the probe fails.
...@@ -1996,8 +1978,6 @@ type NodeSelectorTerm struct { ...@@ -1996,8 +1978,6 @@ type NodeSelectorTerm struct {
// that relates the key and values. // that relates the key and values.
type NodeSelectorRequirement struct { type NodeSelectorRequirement struct {
// The label key that the selector applies to. // The label key that the selector applies to.
// +patchMergeKey=key
// +patchStrategy=merge
Key string `json:"key" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"` Key string `json:"key" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"`
// Represents a key's relationship to a set of values. // Represents a key's relationship to a set of values.
// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
...@@ -2182,8 +2162,6 @@ type PreferredSchedulingTerm struct { ...@@ -2182,8 +2162,6 @@ type PreferredSchedulingTerm struct {
// any pod that that does not tolerate the Taint. // any pod that that does not tolerate the Taint.
type Taint struct { type Taint struct {
// Required. The taint key to be applied to a node. // Required. The taint key to be applied to a node.
// +patchMergeKey=key
// +patchStrategy=merge
Key string `json:"key" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"` Key string `json:"key" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"`
// Required. The taint value corresponding to the taint key. // Required. The taint value corresponding to the taint key.
// +optional // +optional
...@@ -2226,8 +2204,6 @@ type Toleration struct { ...@@ -2226,8 +2204,6 @@ type Toleration struct {
// Key is the taint key that the toleration applies to. Empty means match all taint keys. // Key is the taint key that the toleration applies to. Empty means match all taint keys.
// If the key is empty, operator must be Exists; this combination means to match all values and all keys. // If the key is empty, operator must be Exists; this combination means to match all values and all keys.
// +optional // +optional
// +patchMergeKey=key
// +patchStrategy=merge
Key string `json:"key,omitempty" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"` Key string `json:"key,omitempty" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"`
// Operator represents a key's relationship to the value. // Operator represents a key's relationship to the value.
// Valid operators are Exists and Equal. Defaults to Equal. // Valid operators are Exists and Equal. Defaults to Equal.
...@@ -2285,8 +2261,6 @@ type PodSpec struct { ...@@ -2285,8 +2261,6 @@ type PodSpec struct {
// List of volumes that can be mounted by containers belonging to the pod. // List of volumes that can be mounted by containers belonging to the pod.
// More info: http://kubernetes.io/docs/user-guide/volumes // More info: http://kubernetes.io/docs/user-guide/volumes
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
Volumes []Volume `json:"volumes,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"` Volumes []Volume `json:"volumes,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
// List of initialization containers belonging to the pod. // List of initialization containers belonging to the pod.
// Init containers are executed in order prior to containers being started. If any // Init containers are executed in order prior to containers being started. If any
...@@ -2301,16 +2275,12 @@ type PodSpec struct { ...@@ -2301,16 +2275,12 @@ type PodSpec struct {
// Init containers cannot currently be added or removed. // Init containers cannot currently be added or removed.
// Cannot be updated. // Cannot be updated.
// More info: http://kubernetes.io/docs/user-guide/containers // More info: http://kubernetes.io/docs/user-guide/containers
// +patchMergeKey=name
// +patchStrategy=merge
InitContainers []Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"` InitContainers []Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"`
// List of containers belonging to the pod. // List of containers belonging to the pod.
// Containers cannot currently be added or removed. // Containers cannot currently be added or removed.
// There must be at least one container in a Pod. // There must be at least one container in a Pod.
// Cannot be updated. // Cannot be updated.
// More info: http://kubernetes.io/docs/user-guide/containers // More info: http://kubernetes.io/docs/user-guide/containers
// +patchMergeKey=name
// +patchStrategy=merge
Containers []Container `json:"containers" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"` Containers []Container `json:"containers" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"`
// Restart policy for all containers within the pod. // Restart policy for all containers within the pod.
// One of Always, OnFailure, Never. // One of Always, OnFailure, Never.
...@@ -2387,8 +2357,6 @@ type PodSpec struct { ...@@ -2387,8 +2357,6 @@ type PodSpec struct {
// in the case of docker, only DockerConfig type secrets are honored. // in the case of docker, only DockerConfig type secrets are honored.
// More info: http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod // More info: http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"` ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
// Specifies the hostname of the Pod // Specifies the hostname of the Pod
// If not specified, the pod's hostname will be set to a system-defined value. // If not specified, the pod's hostname will be set to a system-defined value.
...@@ -2476,8 +2444,6 @@ type PodStatus struct { ...@@ -2476,8 +2444,6 @@ type PodStatus struct {
// Current service state of pod. // Current service state of pod.
// More info: http://kubernetes.io/docs/user-guide/pod-states#pod-conditions // More info: http://kubernetes.io/docs/user-guide/pod-states#pod-conditions
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []PodCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,2,rep,name=conditions"` Conditions []PodCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,2,rep,name=conditions"`
// A human readable message indicating details about why the pod is in this condition. // A human readable message indicating details about why the pod is in this condition.
// +optional // +optional
...@@ -2674,8 +2640,6 @@ type ReplicationControllerStatus struct { ...@@ -2674,8 +2640,6 @@ type ReplicationControllerStatus struct {
// Represents the latest available observations of a replication controller's current state. // Represents the latest available observations of a replication controller's current state.
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []ReplicationControllerCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` Conditions []ReplicationControllerCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
} }
...@@ -2813,8 +2777,6 @@ type LoadBalancerIngress struct { ...@@ -2813,8 +2777,6 @@ type LoadBalancerIngress struct {
type ServiceSpec struct { type ServiceSpec struct {
// The list of ports that are exposed by this service. // The list of ports that are exposed by this service.
// More info: http://kubernetes.io/docs/user-guide/services#virtual-ips-and-service-proxies // More info: http://kubernetes.io/docs/user-guide/services#virtual-ips-and-service-proxies
// +patchMergeKey=port
// +patchStrategy=merge
Ports []ServicePort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"port" protobuf:"bytes,1,rep,name=ports"` Ports []ServicePort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"port" protobuf:"bytes,1,rep,name=ports"`
// Route service traffic to pods with label keys and values matching this // Route service traffic to pods with label keys and values matching this
...@@ -3000,8 +2962,6 @@ type ServiceAccount struct { ...@@ -3000,8 +2962,6 @@ type ServiceAccount struct {
// Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. // Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount.
// More info: http://kubernetes.io/docs/user-guide/secrets // More info: http://kubernetes.io/docs/user-guide/secrets
// +optional // +optional
// +patchMergeKey=name
// +patchStrategy=merge
Secrets []ObjectReference `json:"secrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=secrets"` Secrets []ObjectReference `json:"secrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=secrets"`
// ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
...@@ -3222,15 +3182,11 @@ type NodeStatus struct { ...@@ -3222,15 +3182,11 @@ type NodeStatus struct {
// Conditions is an array of current observed node conditions. // Conditions is an array of current observed node conditions.
// More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-condition // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-condition
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []NodeCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,4,rep,name=conditions"` Conditions []NodeCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,4,rep,name=conditions"`
// List of addresses reachable to the node. // List of addresses reachable to the node.
// Queried from cloud provider, if available. // Queried from cloud provider, if available.
// More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-addresses // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#node-addresses
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Addresses []NodeAddress `json:"addresses,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,5,rep,name=addresses"` Addresses []NodeAddress `json:"addresses,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,5,rep,name=addresses"`
// Endpoints of daemons running on the Node. // Endpoints of daemons running on the Node.
// +optional // +optional
...@@ -4279,8 +4235,6 @@ type ComponentStatus struct { ...@@ -4279,8 +4235,6 @@ type ComponentStatus struct {
// List of component conditions observed // List of component conditions observed
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []ComponentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,2,rep,name=conditions"` Conditions []ComponentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,2,rep,name=conditions"`
} }
......
...@@ -650,17 +650,14 @@ func (HostPathVolumeSource) SwaggerDoc() map[string]string { ...@@ -650,17 +650,14 @@ func (HostPathVolumeSource) SwaggerDoc() map[string]string {
} }
var map_ISCSIVolumeSource = map[string]string{ var map_ISCSIVolumeSource = map[string]string{
"": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", "": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.",
"targetPortal": "iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "targetPortal": "iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).",
"iqn": "Target iSCSI Qualified Name.", "iqn": "Target iSCSI Qualified Name.",
"lun": "iSCSI target lun number.", "lun": "iSCSI target lun number.",
"iscsiInterface": "Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport.", "iscsiInterface": "Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport.",
"fsType": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: http://kubernetes.io/docs/user-guide/volumes#iscsi", "fsType": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: http://kubernetes.io/docs/user-guide/volumes#iscsi",
"readOnly": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "readOnly": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.",
"portals": "iSCSI target portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "portals": "iSCSI target portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).",
"chapAuthDiscovery": "whether support iSCSI Discovery CHAP authentication",
"chapAuthSession": "whether support iSCSI Session CHAP authentication",
"secretRef": "CHAP secret for iSCSI target and initiator authentication",
} }
func (ISCSIVolumeSource) SwaggerDoc() map[string]string { func (ISCSIVolumeSource) SwaggerDoc() map[string]string {
......
...@@ -1706,9 +1706,6 @@ func autoConvert_v1_ISCSIVolumeSource_To_api_ISCSIVolumeSource(in *ISCSIVolumeSo ...@@ -1706,9 +1706,6 @@ func autoConvert_v1_ISCSIVolumeSource_To_api_ISCSIVolumeSource(in *ISCSIVolumeSo
out.FSType = in.FSType out.FSType = in.FSType
out.ReadOnly = in.ReadOnly out.ReadOnly = in.ReadOnly
out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals)) out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals))
out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth
out.SessionCHAPAuth = in.SessionCHAPAuth
out.SecretRef = (*api.LocalObjectReference)(unsafe.Pointer(in.SecretRef))
return nil return nil
} }
...@@ -1724,9 +1721,6 @@ func autoConvert_api_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(in *api.ISCSIVolu ...@@ -1724,9 +1721,6 @@ func autoConvert_api_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(in *api.ISCSIVolu
out.FSType = in.FSType out.FSType = in.FSType
out.ReadOnly = in.ReadOnly out.ReadOnly = in.ReadOnly
out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals)) out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals))
out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth
out.SessionCHAPAuth = in.SessionCHAPAuth
out.SecretRef = (*LocalObjectReference)(unsafe.Pointer(in.SecretRef))
return nil return nil
} }
......
...@@ -1198,11 +1198,6 @@ func DeepCopy_v1_ISCSIVolumeSource(in interface{}, out interface{}, c *conversio ...@@ -1198,11 +1198,6 @@ func DeepCopy_v1_ISCSIVolumeSource(in interface{}, out interface{}, c *conversio
*out = make([]string, len(*in)) *out = make([]string, len(*in))
copy(*out, *in) copy(*out, *in)
} }
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
*out = new(LocalObjectReference)
**out = **in
}
return nil return nil
} }
} }
......
...@@ -1226,11 +1226,6 @@ func DeepCopy_api_ISCSIVolumeSource(in interface{}, out interface{}, c *conversi ...@@ -1226,11 +1226,6 @@ func DeepCopy_api_ISCSIVolumeSource(in interface{}, out interface{}, c *conversi
*out = make([]string, len(*in)) *out = make([]string, len(*in))
copy(*out, *in) copy(*out, *in)
} }
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
*out = new(LocalObjectReference)
**out = **in
}
return nil return nil
} }
} }
......
...@@ -167,8 +167,6 @@ message DeploymentStatus { ...@@ -167,8 +167,6 @@ message DeploymentStatus {
optional int32 unavailableReplicas = 5; optional int32 unavailableReplicas = 5;
// Represents the latest available observations of a deployment's current state. // Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
repeated DeploymentCondition conditions = 6; repeated DeploymentCondition conditions = 6;
} }
......
...@@ -327,8 +327,6 @@ type DeploymentStatus struct { ...@@ -327,8 +327,6 @@ type DeploymentStatus struct {
UnavailableReplicas int32 `json:"unavailableReplicas,omitempty" protobuf:"varint,5,opt,name=unavailableReplicas"` UnavailableReplicas int32 `json:"unavailableReplicas,omitempty" protobuf:"varint,5,opt,name=unavailableReplicas"`
// Represents the latest available observations of a deployment's current state. // Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []DeploymentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` Conditions []DeploymentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
} }
......
...@@ -139,8 +139,6 @@ message JobStatus { ...@@ -139,8 +139,6 @@ message JobStatus {
// Conditions represent the latest available observations of an object's current state. // Conditions represent the latest available observations of an object's current state.
// More info: http://kubernetes.io/docs/user-guide/jobs // More info: http://kubernetes.io/docs/user-guide/jobs
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated JobCondition conditions = 1; repeated JobCondition conditions = 1;
// StartTime represents time when the job was acknowledged by the Job Manager. // StartTime represents time when the job was acknowledged by the Job Manager.
......
...@@ -110,8 +110,6 @@ type JobStatus struct { ...@@ -110,8 +110,6 @@ type JobStatus struct {
// Conditions represent the latest available observations of an object's current state. // Conditions represent the latest available observations of an object's current state.
// More info: http://kubernetes.io/docs/user-guide/jobs // More info: http://kubernetes.io/docs/user-guide/jobs
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []JobCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` Conditions []JobCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
// StartTime represents time when the job was acknowledged by the Job Manager. // StartTime represents time when the job was acknowledged by the Job Manager.
......
...@@ -1061,17 +1061,21 @@ type NetworkPolicySpec struct { ...@@ -1061,17 +1061,21 @@ type NetworkPolicySpec struct {
type NetworkPolicyIngressRule struct { type NetworkPolicyIngressRule struct {
// List of ports which should be made accessible on the pods selected for this rule. // List of ports which should be made accessible on the pods selected for this rule.
// Each item in this list is combined using a logical OR. // Each item in this list is combined using a logical OR.
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port). // If this field is not provided, this rule matches all ports (traffic not restricted by port).
// If this field is empty, this rule matches no ports (no traffic matches).
// If this field is present and contains at least one item, then this rule allows traffic // If this field is present and contains at least one item, then this rule allows traffic
// only if the traffic matches at least one port in the list. // only if the traffic matches at least one port in the list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional // +optional
Ports []NetworkPolicyPort Ports []NetworkPolicyPort
// List of sources which should be able to access the pods selected for this rule. // List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation. // Items in this list are combined using a logical OR operation.
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source). // If this field is not provided, this rule matches all sources (traffic not restricted by source).
// If this field is empty, this rule matches no sources (no traffic matches).
// If this field is present and contains at least on item, this rule allows traffic only if the // If this field is present and contains at least on item, this rule allows traffic only if the
// traffic matches at least one item in the from list. // traffic matches at least one item in the from list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional // +optional
From []NetworkPolicyPeer From []NetworkPolicyPeer
} }
...@@ -1096,6 +1100,7 @@ type NetworkPolicyPeer struct { ...@@ -1096,6 +1100,7 @@ type NetworkPolicyPeer struct {
// This is a label selector which selects Pods in this namespace. // This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics. // This field follows standard label selector semantics.
// If not provided, this selector selects no pods.
// If present but empty, this selector selects all pods in this namespace. // If present but empty, this selector selects all pods in this namespace.
// +optional // +optional
PodSelector *metav1.LabelSelector PodSelector *metav1.LabelSelector
...@@ -1103,6 +1108,7 @@ type NetworkPolicyPeer struct { ...@@ -1103,6 +1108,7 @@ type NetworkPolicyPeer struct {
// Selects Namespaces using cluster scoped-labels. This // Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector. // matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics. // This field follows standard label selector semantics.
// If omitted, this selector selects no namespaces.
// If present but empty, this selector selects all namespaces. // If present but empty, this selector selects all namespaces.
// +optional // +optional
NamespaceSelector *metav1.LabelSelector NamespaceSelector *metav1.LabelSelector
......
...@@ -127,6 +127,7 @@ func SetDefaults_ReplicaSet(obj *ReplicaSet) { ...@@ -127,6 +127,7 @@ func SetDefaults_ReplicaSet(obj *ReplicaSet) {
func SetDefaults_NetworkPolicy(obj *NetworkPolicy) { func SetDefaults_NetworkPolicy(obj *NetworkPolicy) {
// Default any undefined Protocol fields to TCP. // Default any undefined Protocol fields to TCP.
for _, i := range obj.Spec.Ingress { for _, i := range obj.Spec.Ingress {
// TODO: Update Ports to be a pointer to slice as soon as auto-generation supports it.
for _, p := range i.Ports { for _, p := range i.Ports {
if p.Protocol == nil { if p.Protocol == nil {
proto := v1.ProtocolTCP proto := v1.ProtocolTCP
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -321,8 +321,6 @@ message DeploymentStatus { ...@@ -321,8 +321,6 @@ message DeploymentStatus {
optional int32 unavailableReplicas = 5; optional int32 unavailableReplicas = 5;
// Represents the latest available observations of a deployment's current state. // Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
repeated DeploymentCondition conditions = 6; repeated DeploymentCondition conditions = 6;
} }
...@@ -541,17 +539,21 @@ message NetworkPolicy { ...@@ -541,17 +539,21 @@ message NetworkPolicy {
message NetworkPolicyIngressRule { message NetworkPolicyIngressRule {
// List of ports which should be made accessible on the pods selected for this rule. // List of ports which should be made accessible on the pods selected for this rule.
// Each item in this list is combined using a logical OR. // Each item in this list is combined using a logical OR.
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port). // If this field is not provided, this rule matches all ports (traffic not restricted by port).
// If this field is empty, this rule matches no ports (no traffic matches).
// If this field is present and contains at least one item, then this rule allows traffic // If this field is present and contains at least one item, then this rule allows traffic
// only if the traffic matches at least one port in the list. // only if the traffic matches at least one port in the list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional // +optional
repeated NetworkPolicyPort ports = 1; repeated NetworkPolicyPort ports = 1;
// List of sources which should be able to access the pods selected for this rule. // List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation. // Items in this list are combined using a logical OR operation.
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source). // If this field is not provided, this rule matches all sources (traffic not restricted by source).
// If this field is empty, this rule matches no sources (no traffic matches).
// If this field is present and contains at least on item, this rule allows traffic only if the // If this field is present and contains at least on item, this rule allows traffic only if the
// traffic matches at least one item in the from list. // traffic matches at least one item in the from list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional // +optional
repeated NetworkPolicyPeer from = 2; repeated NetworkPolicyPeer from = 2;
} }
...@@ -570,6 +572,7 @@ message NetworkPolicyList { ...@@ -570,6 +572,7 @@ message NetworkPolicyList {
message NetworkPolicyPeer { message NetworkPolicyPeer {
// This is a label selector which selects Pods in this namespace. // This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics. // This field follows standard label selector semantics.
// If not provided, this selector selects no pods.
// If present but empty, this selector selects all pods in this namespace. // If present but empty, this selector selects all pods in this namespace.
// +optional // +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1; optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;
...@@ -577,6 +580,7 @@ message NetworkPolicyPeer { ...@@ -577,6 +580,7 @@ message NetworkPolicyPeer {
// Selects Namespaces using cluster scoped-labels. This // Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector. // matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics. // This field follows standard label selector semantics.
// If omitted, this selector selects no namespaces.
// If present but empty, this selector selects all namespaces. // If present but empty, this selector selects all namespaces.
// +optional // +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2; optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
...@@ -814,8 +818,6 @@ message ReplicaSetStatus { ...@@ -814,8 +818,6 @@ message ReplicaSetStatus {
// Represents the latest available observations of a replica set's current state. // Represents the latest available observations of a replica set's current state.
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
repeated ReplicaSetCondition conditions = 6; repeated ReplicaSetCondition conditions = 6;
} }
......
...@@ -322,8 +322,6 @@ type DeploymentStatus struct { ...@@ -322,8 +322,6 @@ type DeploymentStatus struct {
UnavailableReplicas int32 `json:"unavailableReplicas,omitempty" protobuf:"varint,5,opt,name=unavailableReplicas"` UnavailableReplicas int32 `json:"unavailableReplicas,omitempty" protobuf:"varint,5,opt,name=unavailableReplicas"`
// Represents the latest available observations of a deployment's current state. // Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []DeploymentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` Conditions []DeploymentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
} }
...@@ -804,8 +802,6 @@ type ReplicaSetStatus struct { ...@@ -804,8 +802,6 @@ type ReplicaSetStatus struct {
// Represents the latest available observations of a replica set's current state. // Represents the latest available observations of a replica set's current state.
// +optional // +optional
// +patchMergeKey=type
// +patchStrategy=merge
Conditions []ReplicaSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` Conditions []ReplicaSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
} }
...@@ -1085,17 +1081,21 @@ type NetworkPolicySpec struct { ...@@ -1085,17 +1081,21 @@ type NetworkPolicySpec struct {
type NetworkPolicyIngressRule struct { type NetworkPolicyIngressRule struct {
// List of ports which should be made accessible on the pods selected for this rule. // List of ports which should be made accessible on the pods selected for this rule.
// Each item in this list is combined using a logical OR. // Each item in this list is combined using a logical OR.
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port). // If this field is not provided, this rule matches all ports (traffic not restricted by port).
// If this field is empty, this rule matches no ports (no traffic matches).
// If this field is present and contains at least one item, then this rule allows traffic // If this field is present and contains at least one item, then this rule allows traffic
// only if the traffic matches at least one port in the list. // only if the traffic matches at least one port in the list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional // +optional
Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"`
// List of sources which should be able to access the pods selected for this rule. // List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation. // Items in this list are combined using a logical OR operation.
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source). // If this field is not provided, this rule matches all sources (traffic not restricted by source).
// If this field is empty, this rule matches no sources (no traffic matches).
// If this field is present and contains at least on item, this rule allows traffic only if the // If this field is present and contains at least on item, this rule allows traffic only if the
// traffic matches at least one item in the from list. // traffic matches at least one item in the from list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional // +optional
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"` From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
} }
...@@ -1120,6 +1120,7 @@ type NetworkPolicyPeer struct { ...@@ -1120,6 +1120,7 @@ type NetworkPolicyPeer struct {
// This is a label selector which selects Pods in this namespace. // This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics. // This field follows standard label selector semantics.
// If not provided, this selector selects no pods.
// If present but empty, this selector selects all pods in this namespace. // If present but empty, this selector selects all pods in this namespace.
// +optional // +optional
PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"` PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"`
...@@ -1127,6 +1128,7 @@ type NetworkPolicyPeer struct { ...@@ -1127,6 +1128,7 @@ type NetworkPolicyPeer struct {
// Selects Namespaces using cluster scoped-labels. This // Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector. // matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics. // This field follows standard label selector semantics.
// If omitted, this selector selects no namespaces.
// If present but empty, this selector selects all namespaces. // If present but empty, this selector selects all namespaces.
// +optional // +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"` NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
......
...@@ -340,8 +340,8 @@ func (NetworkPolicy) SwaggerDoc() map[string]string { ...@@ -340,8 +340,8 @@ func (NetworkPolicy) SwaggerDoc() map[string]string {
var map_NetworkPolicyIngressRule = map[string]string{ var map_NetworkPolicyIngressRule = map[string]string{
"": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.", "": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", "ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is not provided, this rule matches all ports (traffic not restricted by port). If this field is empty, this rule matches no ports (no traffic matches). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
"from": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.", "from": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is not provided, this rule matches all sources (traffic not restricted by source). If this field is empty, this rule matches no sources (no traffic matches). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.",
} }
func (NetworkPolicyIngressRule) SwaggerDoc() map[string]string { func (NetworkPolicyIngressRule) SwaggerDoc() map[string]string {
...@@ -359,8 +359,8 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string { ...@@ -359,8 +359,8 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
} }
var map_NetworkPolicyPeer = map[string]string{ var map_NetworkPolicyPeer = map[string]string{
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.", "podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If not provided, this selector selects no pods. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.", "namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If omitted, this selector selects no namespaces. If present but empty, this selector selects all namespaces.",
} }
func (NetworkPolicyPeer) SwaggerDoc() map[string]string { func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
......
...@@ -609,7 +609,7 @@ func (r *Request) URL() *url.URL { ...@@ -609,7 +609,7 @@ func (r *Request) URL() *url.URL {
// finalURLTemplate is similar to URL(), but will make all specific parameter values equal // finalURLTemplate is similar to URL(), but will make all specific parameter values equal
// - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query // - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query
// parameters will be reset. This creates a copy of the request so as not to change the // parameters will be reset. This creates a copy of the request so as not to change the
// underlying object. This means some useful request info (like the types of field // underyling object. This means some useful request info (like the types of field
// selectors in use) will be lost. // selectors in use) will be lost.
// TODO: preserve field selector keys // TODO: preserve field selector keys
func (r Request) finalURLTemplate() url.URL { func (r Request) finalURLTemplate() url.URL {
......
...@@ -174,12 +174,12 @@ func (f *FakeControllerSource) List(options metav1.ListOptions) (runtime.Object, ...@@ -174,12 +174,12 @@ func (f *FakeControllerSource) List(options metav1.ListOptions) (runtime.Object,
if err := meta.SetList(listObj, list); err != nil { if err := meta.SetList(listObj, list); err != nil {
return nil, err return nil, err
} }
listAccessor, err := meta.ListAccessor(listObj) objMeta, err := metav1.ListMetaFor(listObj)
if err != nil { if err != nil {
return nil, err return nil, err
} }
resourceVersion := len(f.changes) resourceVersion := len(f.changes)
listAccessor.SetResourceVersion(strconv.Itoa(resourceVersion)) objMeta.ResourceVersion = strconv.Itoa(resourceVersion)
return listObj, nil return listObj, nil
} }
...@@ -195,12 +195,12 @@ func (f *FakePVControllerSource) List(options metav1.ListOptions) (runtime.Objec ...@@ -195,12 +195,12 @@ func (f *FakePVControllerSource) List(options metav1.ListOptions) (runtime.Objec
if err := meta.SetList(listObj, list); err != nil { if err := meta.SetList(listObj, list); err != nil {
return nil, err return nil, err
} }
listAccessor, err := meta.ListAccessor(listObj) objMeta, err := metav1.ListMetaFor(listObj)
if err != nil { if err != nil {
return nil, err return nil, err
} }
resourceVersion := len(f.changes) resourceVersion := len(f.changes)
listAccessor.SetResourceVersion(strconv.Itoa(resourceVersion)) objMeta.ResourceVersion = strconv.Itoa(resourceVersion)
return listObj, nil return listObj, nil
} }
...@@ -216,12 +216,12 @@ func (f *FakePVCControllerSource) List(options metav1.ListOptions) (runtime.Obje ...@@ -216,12 +216,12 @@ func (f *FakePVCControllerSource) List(options metav1.ListOptions) (runtime.Obje
if err := meta.SetList(listObj, list); err != nil { if err := meta.SetList(listObj, list); err != nil {
return nil, err return nil, err
} }
listAccessor, err := meta.ListAccessor(listObj) objMeta, err := metav1.ListMetaFor(listObj)
if err != nil { if err != nil {
return nil, err return nil, err
} }
resourceVersion := len(f.changes) resourceVersion := len(f.changes)
listAccessor.SetResourceVersion(strconv.Itoa(resourceVersion)) objMeta.ResourceVersion = strconv.Itoa(resourceVersion)
return listObj, nil return listObj, nil
} }
......
# This is the official list of cloud authors for copyright purposes.
# This file is distinct from the CONTRIBUTORS files.
# See the latter for an explanation.
# Names should be added to this file as:
# Name or Organization <email address>
# The email address is not required for organizations.
Filippo Valsorda <hi@filippo.io>
Google Inc.
Ingo Oeser <nightlyone@googlemail.com>
Palm Stone Games, Inc.
Paweł Knap <pawelknap88@gmail.com>
Péter Szilágyi <peterke@gmail.com>
Tyler Treat <ttreat31@gmail.com>
# People who have agreed to one of the CLAs and can contribute patches.
# The AUTHORS file lists the copyright holders; this file
# lists people. For example, Google employees are listed here
# but not in AUTHORS, because Google holds the copyright.
#
# https://developers.google.com/open-source/cla/individual
# https://developers.google.com/open-source/cla/corporate
#
# Names should be added to this file as:
# Name <email address>
# Keep the list alphabetically sorted.
Andreas Litt <andreas.litt@gmail.com>
Andrew Gerrand <adg@golang.org>
Brad Fitzpatrick <bradfitz@golang.org>
Burcu Dogan <jbd@google.com>
Dave Day <djd@golang.org>
David Sansome <me@davidsansome.com>
David Symonds <dsymonds@golang.org>
Filippo Valsorda <hi@filippo.io>
Glenn Lewis <gmlewis@google.com>
Ingo Oeser <nightlyone@googlemail.com>
Johan Euphrosine <proppy@google.com>
Jonathan Amsterdam <jba@google.com>
Luna Duclos <luna.duclos@palmstonegames.com>
Michael McGreevy <mcgreevy@golang.org>
Omar Jarjur <ojarjur@google.com>
Paweł Knap <pawelknap88@gmail.com>
Péter Szilágyi <peterke@gmail.com>
Sarah Adams <shadams@google.com>
Toby Burress <kurin@google.com>
Tuo Shan <shantuo@google.com>
Tyler Treat <ttreat31@gmail.com>
...@@ -49,46 +49,37 @@ func isRangeEqual(a, b *rangePerm) bool { ...@@ -49,46 +49,37 @@ func isRangeEqual(a, b *rangePerm) bool {
// removeSubsetRangePerms removes any rangePerms that are subsets of other rangePerms. // removeSubsetRangePerms removes any rangePerms that are subsets of other rangePerms.
// If there are equal ranges, removeSubsetRangePerms only keeps one of them. // If there are equal ranges, removeSubsetRangePerms only keeps one of them.
func removeSubsetRangePerms(perms []*rangePerm) []*rangePerm { // It returns a sorted rangePerm slice.
// TODO(mitake): currently it is O(n^2), we need a better algorithm func removeSubsetRangePerms(perms []*rangePerm) (newp []*rangePerm) {
newp := make([]*rangePerm, 0) sort.Sort(RangePermSliceByBegin(perms))
var prev *rangePerm
for i := range perms { for i := range perms {
skip := false if i == 0 {
prev = perms[i]
for j := range perms { newp = append(newp, perms[i])
if i == j { continue
continue
}
if isRangeEqual(perms[i], perms[j]) {
// if ranges are equal, we only keep the first range.
if i > j {
skip = true
break
}
} else if isSubset(perms[i], perms[j]) {
// if a range is a strict subset of the other one, we skip the subset.
skip = true
break
}
} }
if isRangeEqual(perms[i], prev) {
if skip {
continue continue
} }
if isSubset(perms[i], prev) {
continue
}
if isSubset(prev, perms[i]) {
prev = perms[i]
newp[len(newp)-1] = perms[i]
continue
}
prev = perms[i]
newp = append(newp, perms[i]) newp = append(newp, perms[i])
} }
return newp return newp
} }
// mergeRangePerms merges adjacent rangePerms. // mergeRangePerms merges adjacent rangePerms.
func mergeRangePerms(perms []*rangePerm) []*rangePerm { func mergeRangePerms(perms []*rangePerm) []*rangePerm {
merged := make([]*rangePerm, 0) var merged []*rangePerm
perms = removeSubsetRangePerms(perms) perms = removeSubsetRangePerms(perms)
sort.Sort(RangePermSliceByBegin(perms))
i := 0 i := 0
for i < len(perms) { for i < len(perms) {
......
...@@ -20,6 +20,9 @@ package auth ...@@ -20,6 +20,9 @@ package auth
import ( import (
"crypto/rand" "crypto/rand"
"math/big" "math/big"
"strings"
"sync"
"time"
) )
const ( const (
...@@ -27,6 +30,73 @@ const ( ...@@ -27,6 +30,73 @@ const (
defaultSimpleTokenLength = 16 defaultSimpleTokenLength = 16
) )
// var for testing purposes
var (
simpleTokenTTL = 5 * time.Minute
simpleTokenTTLResolution = 1 * time.Second
)
type simpleTokenTTLKeeper struct {
tokensMu sync.Mutex
tokens map[string]time.Time
stopCh chan chan struct{}
deleteTokenFunc func(string)
}
func NewSimpleTokenTTLKeeper(deletefunc func(string)) *simpleTokenTTLKeeper {
stk := &simpleTokenTTLKeeper{
tokens: make(map[string]time.Time),
stopCh: make(chan chan struct{}),
deleteTokenFunc: deletefunc,
}
go stk.run()
return stk
}
func (tm *simpleTokenTTLKeeper) stop() {
waitCh := make(chan struct{})
tm.stopCh <- waitCh
<-waitCh
close(tm.stopCh)
}
func (tm *simpleTokenTTLKeeper) addSimpleToken(token string) {
tm.tokens[token] = time.Now().Add(simpleTokenTTL)
}
func (tm *simpleTokenTTLKeeper) resetSimpleToken(token string) {
if _, ok := tm.tokens[token]; ok {
tm.tokens[token] = time.Now().Add(simpleTokenTTL)
}
}
func (tm *simpleTokenTTLKeeper) deleteSimpleToken(token string) {
delete(tm.tokens, token)
}
func (tm *simpleTokenTTLKeeper) run() {
tokenTicker := time.NewTicker(simpleTokenTTLResolution)
defer tokenTicker.Stop()
for {
select {
case <-tokenTicker.C:
nowtime := time.Now()
tm.tokensMu.Lock()
for t, tokenendtime := range tm.tokens {
if nowtime.After(tokenendtime) {
tm.deleteTokenFunc(t)
delete(tm.tokens, t)
}
}
tm.tokensMu.Unlock()
case waitCh := <-tm.stopCh:
tm.tokens = make(map[string]time.Time)
waitCh <- struct{}{}
return
}
}
}
func (as *authStore) GenSimpleToken() (string, error) { func (as *authStore) GenSimpleToken() (string, error) {
ret := make([]byte, defaultSimpleTokenLength) ret := make([]byte, defaultSimpleTokenLength)
...@@ -43,6 +113,7 @@ func (as *authStore) GenSimpleToken() (string, error) { ...@@ -43,6 +113,7 @@ func (as *authStore) GenSimpleToken() (string, error) {
} }
func (as *authStore) assignSimpleTokenToUser(username, token string) { func (as *authStore) assignSimpleTokenToUser(username, token string) {
as.simpleTokenKeeper.tokensMu.Lock()
as.simpleTokensMu.Lock() as.simpleTokensMu.Lock()
_, ok := as.simpleTokens[token] _, ok := as.simpleTokens[token]
...@@ -51,5 +122,23 @@ func (as *authStore) assignSimpleTokenToUser(username, token string) { ...@@ -51,5 +122,23 @@ func (as *authStore) assignSimpleTokenToUser(username, token string) {
} }
as.simpleTokens[token] = username as.simpleTokens[token] = username
as.simpleTokenKeeper.addSimpleToken(token)
as.simpleTokensMu.Unlock()
as.simpleTokenKeeper.tokensMu.Unlock()
}
func (as *authStore) invalidateUser(username string) {
if as.simpleTokenKeeper == nil {
return
}
as.simpleTokenKeeper.tokensMu.Lock()
as.simpleTokensMu.Lock()
for token, name := range as.simpleTokens {
if strings.Compare(name, username) == 0 {
delete(as.simpleTokens, token)
as.simpleTokenKeeper.deleteSimpleToken(token)
}
}
as.simpleTokensMu.Unlock() as.simpleTokensMu.Unlock()
as.simpleTokenKeeper.tokensMu.Unlock()
} }
...@@ -114,4 +114,4 @@ if err != nil { ...@@ -114,4 +114,4 @@ if err != nil {
3. Default etcd/client cannot handle the case that the remote server is SIGSTOPed now. TCP keepalive mechanism doesn't help in this scenario because operating system may still send TCP keep-alive packets. Over time we'd like to improve this functionality, but solving this issue isn't high priority because a real-life case in which a server is stopped, but the connection is kept alive, hasn't been brought to our attention. 3. Default etcd/client cannot handle the case that the remote server is SIGSTOPed now. TCP keepalive mechanism doesn't help in this scenario because operating system may still send TCP keep-alive packets. Over time we'd like to improve this functionality, but solving this issue isn't high priority because a real-life case in which a server is stopped, but the connection is kept alive, hasn't been brought to our attention.
4. etcd/client cannot detect whether the member in use is healthy when doing read requests. If the member is isolated from the cluster, etcd/client may retrieve outdated data. As a workaround, users could monitor experimental /health endpoint for member healthy information. We are improving it at [#3265](https://github.com/coreos/etcd/issues/3265). 4. etcd/client cannot detect whether a member is healthy with watches and non-quorum read requests. If the member is isolated from the cluster, etcd/client may retrieve outdated data. Instead, users can either issue quorum read requests or monitor the /health endpoint for member health information.
...@@ -22,7 +22,6 @@ import ( ...@@ -22,7 +22,6 @@ import (
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
"reflect"
"sort" "sort"
"strconv" "strconv"
"sync" "sync"
...@@ -261,53 +260,67 @@ type httpClusterClient struct { ...@@ -261,53 +260,67 @@ type httpClusterClient struct {
selectionMode EndpointSelectionMode selectionMode EndpointSelectionMode
} }
func (c *httpClusterClient) getLeaderEndpoint() (string, error) { func (c *httpClusterClient) getLeaderEndpoint(ctx context.Context, eps []url.URL) (string, error) {
mAPI := NewMembersAPI(c) ceps := make([]url.URL, len(eps))
leader, err := mAPI.Leader(context.Background()) copy(ceps, eps)
// To perform a lookup on the new endpoint list without using the current
// client, we'll copy it
clientCopy := &httpClusterClient{
clientFactory: c.clientFactory,
credentials: c.credentials,
rand: c.rand,
pinned: 0,
endpoints: ceps,
}
mAPI := NewMembersAPI(clientCopy)
leader, err := mAPI.Leader(ctx)
if err != nil { if err != nil {
return "", err return "", err
} }
if len(leader.ClientURLs) == 0 {
return "", ErrNoLeaderEndpoint
}
return leader.ClientURLs[0], nil // TODO: how to handle multiple client URLs? return leader.ClientURLs[0], nil // TODO: how to handle multiple client URLs?
} }
func (c *httpClusterClient) SetEndpoints(eps []string) error { func (c *httpClusterClient) parseEndpoints(eps []string) ([]url.URL, error) {
if len(eps) == 0 { if len(eps) == 0 {
return ErrNoEndpoints return []url.URL{}, ErrNoEndpoints
} }
neps := make([]url.URL, len(eps)) neps := make([]url.URL, len(eps))
for i, ep := range eps { for i, ep := range eps {
u, err := url.Parse(ep) u, err := url.Parse(ep)
if err != nil { if err != nil {
return err return []url.URL{}, err
} }
neps[i] = *u neps[i] = *u
} }
return neps, nil
}
switch c.selectionMode { func (c *httpClusterClient) SetEndpoints(eps []string) error {
case EndpointSelectionRandom: neps, err := c.parseEndpoints(eps)
c.endpoints = shuffleEndpoints(c.rand, neps) if err != nil {
c.pinned = 0 return err
case EndpointSelectionPrioritizeLeader:
c.endpoints = neps
lep, err := c.getLeaderEndpoint()
if err != nil {
return ErrNoLeaderEndpoint
}
for i := range c.endpoints {
if c.endpoints[i].String() == lep {
c.pinned = i
break
}
}
// If endpoints doesn't have the lu, just keep c.pinned = 0.
// Forwarding between follower and leader would be required but it works.
default:
return errors.New(fmt.Sprintf("invalid endpoint selection mode: %d", c.selectionMode))
} }
c.Lock()
defer c.Unlock()
c.endpoints = shuffleEndpoints(c.rand, neps)
// We're not doing anything for PrioritizeLeader here. This is
// due to not having a context meaning we can't call getLeaderEndpoint
// However, if you're using PrioritizeLeader, you've already been told
// to regularly call sync, where we do have a ctx, and can figure the
// leader. PrioritizeLeader is also quite a loose guarantee, so deal
// with it
c.pinned = 0
return nil return nil
} }
...@@ -401,27 +414,51 @@ func (c *httpClusterClient) Sync(ctx context.Context) error { ...@@ -401,27 +414,51 @@ func (c *httpClusterClient) Sync(ctx context.Context) error {
return err return err
} }
c.Lock() var eps []string
defer c.Unlock()
eps := make([]string, 0)
for _, m := range ms { for _, m := range ms {
eps = append(eps, m.ClientURLs...) eps = append(eps, m.ClientURLs...)
} }
sort.Sort(sort.StringSlice(eps))
ceps := make([]string, len(c.endpoints)) neps, err := c.parseEndpoints(eps)
for i, cep := range c.endpoints { if err != nil {
ceps[i] = cep.String() return err
} }
sort.Sort(sort.StringSlice(ceps))
// fast path if no change happens npin := 0
// this helps client to pin the endpoint when no cluster change
if reflect.DeepEqual(eps, ceps) { switch c.selectionMode {
return nil case EndpointSelectionRandom:
c.RLock()
eq := endpointsEqual(c.endpoints, neps)
c.RUnlock()
if eq {
return nil
}
// When items in the endpoint list changes, we choose a new pin
neps = shuffleEndpoints(c.rand, neps)
case EndpointSelectionPrioritizeLeader:
nle, err := c.getLeaderEndpoint(ctx, neps)
if err != nil {
return ErrNoLeaderEndpoint
}
for i, n := range neps {
if n.String() == nle {
npin = i
break
}
}
default:
return fmt.Errorf("invalid endpoint selection mode: %d", c.selectionMode)
} }
return c.SetEndpoints(eps) c.Lock()
defer c.Unlock()
c.endpoints = neps
c.pinned = npin
return nil
} }
func (c *httpClusterClient) AutoSync(ctx context.Context, interval time.Duration) error { func (c *httpClusterClient) AutoSync(ctx context.Context, interval time.Duration) error {
...@@ -607,3 +644,27 @@ func shuffleEndpoints(r *rand.Rand, eps []url.URL) []url.URL { ...@@ -607,3 +644,27 @@ func shuffleEndpoints(r *rand.Rand, eps []url.URL) []url.URL {
} }
return neps return neps
} }
func endpointsEqual(left, right []url.URL) bool {
if len(left) != len(right) {
return false
}
sLeft := make([]string, len(left))
sRight := make([]string, len(right))
for i, l := range left {
sLeft[i] = l.String()
}
for i, r := range right {
sRight[i] = r.String()
}
sort.Strings(sLeft)
sort.Strings(sRight)
for i := range sLeft {
if sLeft[i] != sRight[i] {
return false
}
}
return true
}
...@@ -21,7 +21,11 @@ type ClusterError struct { ...@@ -21,7 +21,11 @@ type ClusterError struct {
} }
func (ce *ClusterError) Error() string { func (ce *ClusterError) Error() string {
return ErrClusterUnavailable.Error() s := ErrClusterUnavailable.Error()
for i, e := range ce.Errors {
s += fmt.Sprintf("; error #%d: %s\n", i, e)
}
return s
} }
func (ce *ClusterError) Detail() string { func (ce *ClusterError) Detail() string {
......
...@@ -191,6 +191,10 @@ type SetOptions struct { ...@@ -191,6 +191,10 @@ type SetOptions struct {
// Dir specifies whether or not this Node should be created as a directory. // Dir specifies whether or not this Node should be created as a directory.
Dir bool Dir bool
// NoValueOnSuccess specifies whether the response contains the current value of the Node.
// If set, the response will only contain the current value when the request fails.
NoValueOnSuccess bool
} }
type GetOptions struct { type GetOptions struct {
...@@ -268,6 +272,10 @@ type Response struct { ...@@ -268,6 +272,10 @@ type Response struct {
// Index holds the cluster-level index at the time the Response was generated. // Index holds the cluster-level index at the time the Response was generated.
// This index is not tied to the Node(s) contained in this Response. // This index is not tied to the Node(s) contained in this Response.
Index uint64 `json:"-"` Index uint64 `json:"-"`
// ClusterID holds the cluster-level ID reported by the server. This
// should be different for different etcd clusters.
ClusterID string `json:"-"`
} }
type Node struct { type Node struct {
...@@ -335,6 +343,7 @@ func (k *httpKeysAPI) Set(ctx context.Context, key, val string, opts *SetOptions ...@@ -335,6 +343,7 @@ func (k *httpKeysAPI) Set(ctx context.Context, key, val string, opts *SetOptions
act.TTL = opts.TTL act.TTL = opts.TTL
act.Refresh = opts.Refresh act.Refresh = opts.Refresh
act.Dir = opts.Dir act.Dir = opts.Dir
act.NoValueOnSuccess = opts.NoValueOnSuccess
} }
doCtx := ctx doCtx := ctx
...@@ -523,15 +532,16 @@ func (w *waitAction) HTTPRequest(ep url.URL) *http.Request { ...@@ -523,15 +532,16 @@ func (w *waitAction) HTTPRequest(ep url.URL) *http.Request {
} }
type setAction struct { type setAction struct {
Prefix string Prefix string
Key string Key string
Value string Value string
PrevValue string PrevValue string
PrevIndex uint64 PrevIndex uint64
PrevExist PrevExistType PrevExist PrevExistType
TTL time.Duration TTL time.Duration
Refresh bool Refresh bool
Dir bool Dir bool
NoValueOnSuccess bool
} }
func (a *setAction) HTTPRequest(ep url.URL) *http.Request { func (a *setAction) HTTPRequest(ep url.URL) *http.Request {
...@@ -565,6 +575,9 @@ func (a *setAction) HTTPRequest(ep url.URL) *http.Request { ...@@ -565,6 +575,9 @@ func (a *setAction) HTTPRequest(ep url.URL) *http.Request {
if a.Refresh { if a.Refresh {
form.Add("refresh", "true") form.Add("refresh", "true")
} }
if a.NoValueOnSuccess {
params.Set("noValueOnSuccess", strconv.FormatBool(a.NoValueOnSuccess))
}
u.RawQuery = params.Encode() u.RawQuery = params.Encode()
body := strings.NewReader(form.Encode()) body := strings.NewReader(form.Encode())
...@@ -656,6 +669,7 @@ func unmarshalSuccessfulKeysResponse(header http.Header, body []byte) (*Response ...@@ -656,6 +669,7 @@ func unmarshalSuccessfulKeysResponse(header http.Header, body []byte) (*Response
return nil, err return nil, err
} }
} }
res.ClusterID = header.Get("X-Etcd-Cluster-ID")
return &res, nil return &res, nil
} }
......
...@@ -14,6 +14,20 @@ ...@@ -14,6 +14,20 @@
package client package client
import (
"regexp"
)
var (
roleNotFoundRegExp *regexp.Regexp
userNotFoundRegExp *regexp.Regexp
)
func init() {
roleNotFoundRegExp = regexp.MustCompile("auth: Role .* does not exist.")
userNotFoundRegExp = regexp.MustCompile("auth: User .* does not exist.")
}
// IsKeyNotFound returns true if the error code is ErrorCodeKeyNotFound. // IsKeyNotFound returns true if the error code is ErrorCodeKeyNotFound.
func IsKeyNotFound(err error) bool { func IsKeyNotFound(err error) bool {
if cErr, ok := err.(Error); ok { if cErr, ok := err.(Error); ok {
...@@ -21,3 +35,19 @@ func IsKeyNotFound(err error) bool { ...@@ -21,3 +35,19 @@ func IsKeyNotFound(err error) bool {
} }
return false return false
} }
// IsRoleNotFound returns true if the error means role not found of v2 API.
func IsRoleNotFound(err error) bool {
if ae, ok := err.(authError); ok {
return roleNotFoundRegExp.MatchString(ae.Message)
}
return false
}
// IsUserNotFound returns true if the error means user not found of v2 API.
func IsUserNotFound(err error) bool {
if ae, ok := err.(authError); ok {
return userNotFoundRegExp.MatchString(ae.Message)
}
return false
}
...@@ -72,6 +72,10 @@ if err != nil { ...@@ -72,6 +72,10 @@ if err != nil {
} }
``` ```
## Metrics
The etcd client optionally exposes RPC metrics through [go-grpc-prometheus](https://github.com/grpc-ecosystem/go-grpc-prometheus). See the [examples](https://github.com/coreos/etcd/blob/master/clientv3/example_metrics_test.go).
## Examples ## Examples
More code examples can be found at [GoDoc](https://godoc.org/github.com/coreos/etcd/clientv3). More code examples can be found at [GoDoc](https://godoc.org/github.com/coreos/etcd/clientv3).
...@@ -43,6 +43,7 @@ type ( ...@@ -43,6 +43,7 @@ type (
AuthRoleListResponse pb.AuthRoleListResponse AuthRoleListResponse pb.AuthRoleListResponse
PermissionType authpb.Permission_Type PermissionType authpb.Permission_Type
Permission authpb.Permission
) )
const ( const (
...@@ -115,12 +116,12 @@ func NewAuth(c *Client) Auth { ...@@ -115,12 +116,12 @@ func NewAuth(c *Client) Auth {
} }
func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) { func (auth *auth) AuthEnable(ctx context.Context) (*AuthEnableResponse, error) {
resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}) resp, err := auth.remote.AuthEnable(ctx, &pb.AuthEnableRequest{}, grpc.FailFast(false))
return (*AuthEnableResponse)(resp), toErr(ctx, err) return (*AuthEnableResponse)(resp), toErr(ctx, err)
} }
func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) { func (auth *auth) AuthDisable(ctx context.Context) (*AuthDisableResponse, error) {
resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}) resp, err := auth.remote.AuthDisable(ctx, &pb.AuthDisableRequest{}, grpc.FailFast(false))
return (*AuthDisableResponse)(resp), toErr(ctx, err) return (*AuthDisableResponse)(resp), toErr(ctx, err)
} }
......
...@@ -21,8 +21,14 @@ import ( ...@@ -21,8 +21,14 @@ import (
"golang.org/x/net/context" "golang.org/x/net/context"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/codes"
) )
// ErrNoAddrAvilable is returned by Get() when the balancer does not have
// any active connection to endpoints at the time.
// This error is returned only when opts.BlockingWait is true.
var ErrNoAddrAvilable = grpc.Errorf(codes.Unavailable, "there is no address available")
// simpleBalancer does the bare minimum to expose multiple eps // simpleBalancer does the bare minimum to expose multiple eps
// to the grpc reconnection code path // to the grpc reconnection code path
type simpleBalancer struct { type simpleBalancer struct {
...@@ -42,6 +48,11 @@ type simpleBalancer struct { ...@@ -42,6 +48,11 @@ type simpleBalancer struct {
// upc closes when upEps transitions from empty to non-zero or the balancer closes. // upc closes when upEps transitions from empty to non-zero or the balancer closes.
upc chan struct{} upc chan struct{}
// grpc issues TLS cert checks using the string passed into dial so
// that string must be the host. To recover the full scheme://host URL,
// have a map from hosts to the original endpoint.
host2ep map[string]string
// pinAddr is the currently pinned address; set to the empty string on // pinAddr is the currently pinned address; set to the empty string on
// intialization and shutdown. // intialization and shutdown.
pinAddr string pinAddr string
...@@ -62,11 +73,12 @@ func newSimpleBalancer(eps []string) *simpleBalancer { ...@@ -62,11 +73,12 @@ func newSimpleBalancer(eps []string) *simpleBalancer {
readyc: make(chan struct{}), readyc: make(chan struct{}),
upEps: make(map[string]struct{}), upEps: make(map[string]struct{}),
upc: make(chan struct{}), upc: make(chan struct{}),
host2ep: getHost2ep(eps),
} }
return sb return sb
} }
func (b *simpleBalancer) Start(target string) error { return nil } func (b *simpleBalancer) Start(target string, config grpc.BalancerConfig) error { return nil }
func (b *simpleBalancer) ConnectNotify() <-chan struct{} { func (b *simpleBalancer) ConnectNotify() <-chan struct{} {
b.mu.Lock() b.mu.Lock()
...@@ -74,6 +86,49 @@ func (b *simpleBalancer) ConnectNotify() <-chan struct{} { ...@@ -74,6 +86,49 @@ func (b *simpleBalancer) ConnectNotify() <-chan struct{} {
return b.upc return b.upc
} }
func (b *simpleBalancer) getEndpoint(host string) string {
b.mu.Lock()
defer b.mu.Unlock()
return b.host2ep[host]
}
func getHost2ep(eps []string) map[string]string {
hm := make(map[string]string, len(eps))
for i := range eps {
_, host, _ := parseEndpoint(eps[i])
hm[host] = eps[i]
}
return hm
}
func (b *simpleBalancer) updateAddrs(eps []string) {
np := getHost2ep(eps)
b.mu.Lock()
defer b.mu.Unlock()
match := len(np) == len(b.host2ep)
for k, v := range np {
if b.host2ep[k] != v {
match = false
break
}
}
if match {
// same endpoints, so no need to update address
return
}
b.host2ep = np
addrs := make([]grpc.Address, 0, len(eps))
for i := range eps {
addrs = append(addrs, grpc.Address{Addr: getHost(eps[i])})
}
b.addrs = addrs
b.notifyCh <- addrs
}
func (b *simpleBalancer) Up(addr grpc.Address) func(error) { func (b *simpleBalancer) Up(addr grpc.Address) func(error) {
b.mu.Lock() b.mu.Lock()
defer b.mu.Unlock() defer b.mu.Unlock()
...@@ -113,6 +168,25 @@ func (b *simpleBalancer) Up(addr grpc.Address) func(error) { ...@@ -113,6 +168,25 @@ func (b *simpleBalancer) Up(addr grpc.Address) func(error) {
func (b *simpleBalancer) Get(ctx context.Context, opts grpc.BalancerGetOptions) (grpc.Address, func(), error) { func (b *simpleBalancer) Get(ctx context.Context, opts grpc.BalancerGetOptions) (grpc.Address, func(), error) {
var addr string var addr string
// If opts.BlockingWait is false (for fail-fast RPCs), it should return
// an address it has notified via Notify immediately instead of blocking.
if !opts.BlockingWait {
b.mu.RLock()
closed := b.closed
addr = b.pinAddr
upEps := len(b.upEps)
b.mu.RUnlock()
if closed {
return grpc.Address{Addr: ""}, nil, grpc.ErrClientConnClosing
}
if upEps == 0 {
return grpc.Address{Addr: ""}, nil, ErrNoAddrAvilable
}
return grpc.Address{Addr: addr}, func() {}, nil
}
for { for {
b.mu.RLock() b.mu.RLock()
ch := b.upc ch := b.upc
......
...@@ -18,17 +18,18 @@ import ( ...@@ -18,17 +18,18 @@ import (
"crypto/tls" "crypto/tls"
"errors" "errors"
"fmt" "fmt"
"io/ioutil"
"log"
"net" "net"
"net/url" "net/url"
"strings" "strings"
"sync"
"time" "time"
"github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes" "github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes"
prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
"golang.org/x/net/context" "golang.org/x/net/context"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata" "google.golang.org/grpc/metadata"
) )
...@@ -46,11 +47,12 @@ type Client struct { ...@@ -46,11 +47,12 @@ type Client struct {
Auth Auth
Maintenance Maintenance
conn *grpc.ClientConn conn *grpc.ClientConn
cfg Config cfg Config
creds *credentials.TransportCredentials creds *credentials.TransportCredentials
balancer *simpleBalancer balancer *simpleBalancer
retryWrapper retryRpcFunc retryWrapper retryRpcFunc
retryAuthWrapper retryRpcFunc
ctx context.Context ctx context.Context
cancel context.CancelFunc cancel context.CancelFunc
...@@ -59,6 +61,8 @@ type Client struct { ...@@ -59,6 +61,8 @@ type Client struct {
Username string Username string
// Password is a password for authentication // Password is a password for authentication
Password string Password string
// tokenCred is an instance of WithPerRPCCredentials()'s argument
tokenCred *authTokenCredential
} }
// New creates a new etcdv3 client from a given configuration. // New creates a new etcdv3 client from a given configuration.
...@@ -87,6 +91,8 @@ func NewFromConfigFile(path string) (*Client, error) { ...@@ -87,6 +91,8 @@ func NewFromConfigFile(path string) (*Client, error) {
// Close shuts down the client's etcd connections. // Close shuts down the client's etcd connections.
func (c *Client) Close() error { func (c *Client) Close() error {
c.cancel() c.cancel()
c.Watcher.Close()
c.Lease.Close()
return toErr(c.ctx, c.conn.Close()) return toErr(c.ctx, c.conn.Close())
} }
...@@ -96,10 +102,54 @@ func (c *Client) Close() error { ...@@ -96,10 +102,54 @@ func (c *Client) Close() error {
func (c *Client) Ctx() context.Context { return c.ctx } func (c *Client) Ctx() context.Context { return c.ctx }
// Endpoints lists the registered endpoints for the client. // Endpoints lists the registered endpoints for the client.
func (c *Client) Endpoints() []string { return c.cfg.Endpoints } func (c *Client) Endpoints() (eps []string) {
// copy the slice; protect original endpoints from being changed
eps = make([]string, len(c.cfg.Endpoints))
copy(eps, c.cfg.Endpoints)
return
}
// SetEndpoints updates client's endpoints.
func (c *Client) SetEndpoints(eps ...string) {
c.cfg.Endpoints = eps
c.balancer.updateAddrs(eps)
}
// Sync synchronizes client's endpoints with the known endpoints from the etcd membership.
func (c *Client) Sync(ctx context.Context) error {
mresp, err := c.MemberList(ctx)
if err != nil {
return err
}
var eps []string
for _, m := range mresp.Members {
eps = append(eps, m.ClientURLs...)
}
c.SetEndpoints(eps...)
return nil
}
func (c *Client) autoSync() {
if c.cfg.AutoSyncInterval == time.Duration(0) {
return
}
for {
select {
case <-c.ctx.Done():
return
case <-time.After(c.cfg.AutoSyncInterval):
ctx, _ := context.WithTimeout(c.ctx, 5*time.Second)
if err := c.Sync(ctx); err != nil && err != c.ctx.Err() {
logger.Println("Auto sync endpoints failed:", err)
}
}
}
}
type authTokenCredential struct { type authTokenCredential struct {
token string token string
tokenMu *sync.RWMutex
} }
func (cred authTokenCredential) RequireTransportSecurity() bool { func (cred authTokenCredential) RequireTransportSecurity() bool {
...@@ -107,24 +157,38 @@ func (cred authTokenCredential) RequireTransportSecurity() bool { ...@@ -107,24 +157,38 @@ func (cred authTokenCredential) RequireTransportSecurity() bool {
} }
func (cred authTokenCredential) GetRequestMetadata(ctx context.Context, s ...string) (map[string]string, error) { func (cred authTokenCredential) GetRequestMetadata(ctx context.Context, s ...string) (map[string]string, error) {
cred.tokenMu.RLock()
defer cred.tokenMu.RUnlock()
return map[string]string{ return map[string]string{
"token": cred.token, "token": cred.token,
}, nil }, nil
} }
func (c *Client) dialTarget(endpoint string) (proto string, host string, creds *credentials.TransportCredentials) { func parseEndpoint(endpoint string) (proto string, host string, scheme string) {
proto = "tcp" proto = "tcp"
host = endpoint host = endpoint
creds = c.creds
url, uerr := url.Parse(endpoint) url, uerr := url.Parse(endpoint)
if uerr != nil || !strings.Contains(endpoint, "://") { if uerr != nil || !strings.Contains(endpoint, "://") {
return return
} }
scheme = url.Scheme
// strip scheme:// prefix since grpc dials by host // strip scheme:// prefix since grpc dials by host
host = url.Host host = url.Host
switch url.Scheme { switch url.Scheme {
case "http", "https":
case "unix": case "unix":
proto = "unix" proto = "unix"
default:
proto, host = "", ""
}
return
}
func (c *Client) processCreds(scheme string) (creds *credentials.TransportCredentials) {
creds = c.creds
switch scheme {
case "unix":
case "http": case "http":
creds = nil creds = nil
case "https": case "https":
...@@ -135,7 +199,7 @@ func (c *Client) dialTarget(endpoint string) (proto string, host string, creds * ...@@ -135,7 +199,7 @@ func (c *Client) dialTarget(endpoint string) (proto string, host string, creds *
emptyCreds := credentials.NewTLS(tlsconfig) emptyCreds := credentials.NewTLS(tlsconfig)
creds = &emptyCreds creds = &emptyCreds
default: default:
return "", "", nil creds = nil
} }
return return
} }
...@@ -147,17 +211,8 @@ func (c *Client) dialSetupOpts(endpoint string, dopts ...grpc.DialOption) (opts ...@@ -147,17 +211,8 @@ func (c *Client) dialSetupOpts(endpoint string, dopts ...grpc.DialOption) (opts
} }
opts = append(opts, dopts...) opts = append(opts, dopts...)
// grpc issues TLS cert checks using the string passed into dial so
// that string must be the host. To recover the full scheme://host URL,
// have a map from hosts to the original endpoint.
host2ep := make(map[string]string)
for i := range c.cfg.Endpoints {
_, host, _ := c.dialTarget(c.cfg.Endpoints[i])
host2ep[host] = c.cfg.Endpoints[i]
}
f := func(host string, t time.Duration) (net.Conn, error) { f := func(host string, t time.Duration) (net.Conn, error) {
proto, host, _ := c.dialTarget(host2ep[host]) proto, host, _ := parseEndpoint(c.balancer.getEndpoint(host))
if proto == "" { if proto == "" {
return nil, fmt.Errorf("unknown scheme for %q", host) return nil, fmt.Errorf("unknown scheme for %q", host)
} }
...@@ -166,11 +221,15 @@ func (c *Client) dialSetupOpts(endpoint string, dopts ...grpc.DialOption) (opts ...@@ -166,11 +221,15 @@ func (c *Client) dialSetupOpts(endpoint string, dopts ...grpc.DialOption) (opts
return nil, c.ctx.Err() return nil, c.ctx.Err()
default: default:
} }
return net.DialTimeout(proto, host, t) dialer := &net.Dialer{Timeout: t}
return dialer.DialContext(c.ctx, proto, host)
} }
opts = append(opts, grpc.WithDialer(f)) opts = append(opts, grpc.WithDialer(f))
_, _, creds := c.dialTarget(endpoint) creds := c.creds
if _, _, scheme := parseEndpoint(endpoint); len(scheme) != 0 {
creds = c.processCreds(scheme)
}
if creds != nil { if creds != nil {
opts = append(opts, grpc.WithTransportCredentials(*creds)) opts = append(opts, grpc.WithTransportCredentials(*creds))
} else { } else {
...@@ -185,24 +244,56 @@ func (c *Client) Dial(endpoint string) (*grpc.ClientConn, error) { ...@@ -185,24 +244,56 @@ func (c *Client) Dial(endpoint string) (*grpc.ClientConn, error) {
return c.dial(endpoint) return c.dial(endpoint)
} }
func (c *Client) getToken(ctx context.Context) error {
var err error // return last error in a case of fail
var auth *authenticator
for i := 0; i < len(c.cfg.Endpoints); i++ {
endpoint := c.cfg.Endpoints[i]
host := getHost(endpoint)
// use dial options without dopts to avoid reusing the client balancer
auth, err = newAuthenticator(host, c.dialSetupOpts(endpoint))
if err != nil {
continue
}
defer auth.close()
var resp *AuthenticateResponse
resp, err = auth.authenticate(ctx, c.Username, c.Password)
if err != nil {
continue
}
c.tokenCred.tokenMu.Lock()
c.tokenCred.token = resp.Token
c.tokenCred.tokenMu.Unlock()
return nil
}
return err
}
func (c *Client) dial(endpoint string, dopts ...grpc.DialOption) (*grpc.ClientConn, error) { func (c *Client) dial(endpoint string, dopts ...grpc.DialOption) (*grpc.ClientConn, error) {
opts := c.dialSetupOpts(endpoint, dopts...) opts := c.dialSetupOpts(endpoint, dopts...)
host := getHost(endpoint) host := getHost(endpoint)
if c.Username != "" && c.Password != "" { if c.Username != "" && c.Password != "" {
// use dial options without dopts to avoid reusing the client balancer c.tokenCred = &authTokenCredential{
auth, err := newAuthenticator(host, c.dialSetupOpts(endpoint)) tokenMu: &sync.RWMutex{},
if err != nil {
return nil, err
} }
defer auth.close()
resp, err := auth.authenticate(c.ctx, c.Username, c.Password) err := c.getToken(context.TODO())
if err != nil { if err != nil {
return nil, err return nil, err
} }
opts = append(opts, grpc.WithPerRPCCredentials(authTokenCredential{token: resp.Token}))
opts = append(opts, grpc.WithPerRPCCredentials(c.tokenCred))
} }
// add metrics options
opts = append(opts, grpc.WithUnaryInterceptor(prometheus.UnaryClientInterceptor))
opts = append(opts, grpc.WithStreamInterceptor(prometheus.StreamClientInterceptor))
conn, err := grpc.Dial(host, opts...) conn, err := grpc.Dial(host, opts...)
if err != nil { if err != nil {
return nil, err return nil, err
...@@ -248,6 +339,7 @@ func newClient(cfg *Config) (*Client, error) { ...@@ -248,6 +339,7 @@ func newClient(cfg *Config) (*Client, error) {
} }
client.conn = conn client.conn = conn
client.retryWrapper = client.newRetryWrapper() client.retryWrapper = client.newRetryWrapper()
client.retryAuthWrapper = client.newAuthRetryWrapper()
// wait for a connection // wait for a connection
if cfg.DialTimeout > 0 { if cfg.DialTimeout > 0 {
...@@ -272,13 +364,8 @@ func newClient(cfg *Config) (*Client, error) { ...@@ -272,13 +364,8 @@ func newClient(cfg *Config) (*Client, error) {
client.Watcher = NewWatcher(client) client.Watcher = NewWatcher(client)
client.Auth = NewAuth(client) client.Auth = NewAuth(client)
client.Maintenance = NewMaintenance(client) client.Maintenance = NewMaintenance(client)
if cfg.Logger != nil {
logger.Set(cfg.Logger)
} else {
// disable client side grpc by default
logger.Set(log.New(ioutil.Discard, "", 0))
}
go client.autoSync()
return client, nil return client, nil
} }
...@@ -294,17 +381,14 @@ func isHaltErr(ctx context.Context, err error) bool { ...@@ -294,17 +381,14 @@ func isHaltErr(ctx context.Context, err error) bool {
if err == nil { if err == nil {
return false return false
} }
eErr := rpctypes.Error(err) code := grpc.Code(err)
if _, ok := eErr.(rpctypes.EtcdError); ok { // Unavailable codes mean the system will be right back.
return eErr != rpctypes.ErrStopped && eErr != rpctypes.ErrNoLeader // (e.g., can't connect, lost leader)
} // Treat Internal codes as if something failed, leaving the
// treat etcdserver errors not recognized by the client as halting // system in an inconsistent state, but retrying could make progress.
return isConnClosing(err) || strings.Contains(err.Error(), "etcdserver:") // (e.g., failed in middle of send, corrupted frame)
} // TODO: are permanent Internal errors possible from grpc?
return code != codes.Unavailable && code != codes.Internal
// isConnClosing returns true if the error matches a grpc client closing error
func isConnClosing(err error) bool {
return strings.Contains(err.Error(), grpc.ErrClientConnClosing.Error())
} }
func toErr(ctx context.Context, err error) error { func toErr(ctx context.Context, err error) error {
...@@ -312,12 +396,20 @@ func toErr(ctx context.Context, err error) error { ...@@ -312,12 +396,20 @@ func toErr(ctx context.Context, err error) error {
return nil return nil
} }
err = rpctypes.Error(err) err = rpctypes.Error(err)
switch { if _, ok := err.(rpctypes.EtcdError); ok {
case ctx.Err() != nil && strings.Contains(err.Error(), "context"): return err
err = ctx.Err() }
case strings.Contains(err.Error(), ErrNoAvailableEndpoints.Error()): code := grpc.Code(err)
switch code {
case codes.DeadlineExceeded:
fallthrough
case codes.Canceled:
if ctx.Err() != nil {
err = ctx.Err()
}
case codes.Unavailable:
err = ErrNoAvailableEndpoints err = ErrNoAvailableEndpoints
case strings.Contains(err.Error(), grpc.ErrClientConnClosing.Error()): case codes.FailedPrecondition:
err = grpc.ErrClientConnClosing err = grpc.ErrClientConnClosing
} }
return err return err
......
...@@ -78,7 +78,7 @@ func (c *cluster) MemberUpdate(ctx context.Context, id uint64, peerAddrs []strin ...@@ -78,7 +78,7 @@ func (c *cluster) MemberUpdate(ctx context.Context, id uint64, peerAddrs []strin
// it is safe to retry on update. // it is safe to retry on update.
for { for {
r := &pb.MemberUpdateRequest{ID: id, PeerURLs: peerAddrs} r := &pb.MemberUpdateRequest{ID: id, PeerURLs: peerAddrs}
resp, err := c.remote.MemberUpdate(ctx, r) resp, err := c.remote.MemberUpdate(ctx, r, grpc.FailFast(false))
if err == nil { if err == nil {
return (*MemberUpdateResponse)(resp), nil return (*MemberUpdateResponse)(resp), nil
} }
......
...@@ -36,6 +36,8 @@ func Compare(cmp Cmp, result string, v interface{}) Cmp { ...@@ -36,6 +36,8 @@ func Compare(cmp Cmp, result string, v interface{}) Cmp {
switch result { switch result {
case "=": case "=":
r = pb.Compare_EQUAL r = pb.Compare_EQUAL
case "!=":
r = pb.Compare_NOT_EQUAL
case ">": case ">":
r = pb.Compare_GREATER r = pb.Compare_GREATER
case "<": case "<":
......
...@@ -28,15 +28,16 @@ type Config struct { ...@@ -28,15 +28,16 @@ type Config struct {
// Endpoints is a list of URLs // Endpoints is a list of URLs
Endpoints []string Endpoints []string
// AutoSyncInterval is the interval to update endpoints with its latest members.
// 0 disables auto-sync. By default auto-sync is disabled.
AutoSyncInterval time.Duration
// DialTimeout is the timeout for failing to establish a connection. // DialTimeout is the timeout for failing to establish a connection.
DialTimeout time.Duration DialTimeout time.Duration
// TLS holds the client secure credentials, if any. // TLS holds the client secure credentials, if any.
TLS *tls.Config TLS *tls.Config
// Logger is the logger used by client library.
Logger Logger
// Username is a username for authentication // Username is a username for authentication
Username string Username string
...@@ -46,6 +47,7 @@ type Config struct { ...@@ -46,6 +47,7 @@ type Config struct {
type yamlConfig struct { type yamlConfig struct {
Endpoints []string `json:"endpoints"` Endpoints []string `json:"endpoints"`
AutoSyncInterval time.Duration `json:"auto-sync-interval"`
DialTimeout time.Duration `json:"dial-timeout"` DialTimeout time.Duration `json:"dial-timeout"`
InsecureTransport bool `json:"insecure-transport"` InsecureTransport bool `json:"insecure-transport"`
InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify"` InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify"`
...@@ -68,8 +70,9 @@ func configFromFile(fpath string) (*Config, error) { ...@@ -68,8 +70,9 @@ func configFromFile(fpath string) (*Config, error) {
} }
cfg := &Config{ cfg := &Config{
Endpoints: yc.Endpoints, Endpoints: yc.Endpoints,
DialTimeout: yc.DialTimeout, AutoSyncInterval: yc.AutoSyncInterval,
DialTimeout: yc.DialTimeout,
} }
if yc.InsecureTransport { if yc.InsecureTransport {
......
...@@ -44,7 +44,7 @@ ...@@ -44,7 +44,7 @@
// etcd client returns 2 types of errors: // etcd client returns 2 types of errors:
// //
// 1. context error: canceled or deadline exceeded. // 1. context error: canceled or deadline exceeded.
// 2. gRPC error: see https://github.com/coreos/etcd/blob/master/etcdserver/api/v3rpc/error.go. // 2. gRPC error: see https://github.com/coreos/etcd/blob/master/etcdserver/api/v3rpc/rpctypes/error.go
// //
// Here is the example code to handle client errors: // Here is the example code to handle client errors:
// //
......
...@@ -85,6 +85,10 @@ func NewKV(c *Client) KV { ...@@ -85,6 +85,10 @@ func NewKV(c *Client) KV {
return &kv{remote: RetryKVClient(c)} return &kv{remote: RetryKVClient(c)}
} }
func NewKVFromKVClient(remote pb.KVClient) KV {
return &kv{remote: remote}
}
func (kv *kv) Put(ctx context.Context, key, val string, opts ...OpOption) (*PutResponse, error) { func (kv *kv) Put(ctx context.Context, key, val string, opts ...OpOption) (*PutResponse, error) {
r, err := kv.Do(ctx, OpPut(key, val, opts...)) r, err := kv.Do(ctx, OpPut(key, val, opts...))
return r.put, toErr(ctx, err) return r.put, toErr(ctx, err)
...@@ -101,7 +105,7 @@ func (kv *kv) Delete(ctx context.Context, key string, opts ...OpOption) (*Delete ...@@ -101,7 +105,7 @@ func (kv *kv) Delete(ctx context.Context, key string, opts ...OpOption) (*Delete
} }
func (kv *kv) Compact(ctx context.Context, rev int64, opts ...CompactOption) (*CompactResponse, error) { func (kv *kv) Compact(ctx context.Context, rev int64, opts ...CompactOption) (*CompactResponse, error) {
resp, err := kv.remote.Compact(ctx, OpCompact(rev, opts...).toRequest(), grpc.FailFast(false)) resp, err := kv.remote.Compact(ctx, OpCompact(rev, opts...).toRequest())
if err != nil { if err != nil {
return nil, toErr(ctx, err) return nil, toErr(ctx, err)
} }
...@@ -121,6 +125,7 @@ func (kv *kv) Do(ctx context.Context, op Op) (OpResponse, error) { ...@@ -121,6 +125,7 @@ func (kv *kv) Do(ctx context.Context, op Op) (OpResponse, error) {
if err == nil { if err == nil {
return resp, nil return resp, nil
} }
if isHaltErr(ctx, err) { if isHaltErr(ctx, err) {
return resp, toErr(ctx, err) return resp, toErr(ctx, err)
} }
...@@ -137,21 +142,7 @@ func (kv *kv) do(ctx context.Context, op Op) (OpResponse, error) { ...@@ -137,21 +142,7 @@ func (kv *kv) do(ctx context.Context, op Op) (OpResponse, error) {
// TODO: handle other ops // TODO: handle other ops
case tRange: case tRange:
var resp *pb.RangeResponse var resp *pb.RangeResponse
r := &pb.RangeRequest{ resp, err = kv.remote.Range(ctx, op.toRangeRequest(), grpc.FailFast(false))
Key: op.key,
RangeEnd: op.end,
Limit: op.limit,
Revision: op.rev,
Serializable: op.serializable,
KeysOnly: op.keysOnly,
CountOnly: op.countOnly,
}
if op.sort != nil {
r.SortOrder = pb.RangeRequest_SortOrder(op.sort.Order)
r.SortTarget = pb.RangeRequest_SortTarget(op.sort.Target)
}
resp, err = kv.remote.Range(ctx, r, grpc.FailFast(false))
if err == nil { if err == nil {
return OpResponse{get: (*GetResponse)(resp)}, nil return OpResponse{get: (*GetResponse)(resp)}, nil
} }
......
...@@ -44,6 +44,21 @@ type LeaseKeepAliveResponse struct { ...@@ -44,6 +44,21 @@ type LeaseKeepAliveResponse struct {
TTL int64 TTL int64
} }
// LeaseTimeToLiveResponse is used to convert the protobuf lease timetolive response.
type LeaseTimeToLiveResponse struct {
*pb.ResponseHeader
ID LeaseID `json:"id"`
// TTL is the remaining TTL in seconds for the lease; the lease will expire in under TTL+1 seconds.
TTL int64 `json:"ttl"`
// GrantedTTL is the initial granted time in seconds upon lease creation/renewal.
GrantedTTL int64 `json:"granted-ttl"`
// Keys is the list of keys attached to this lease.
Keys [][]byte `json:"keys"`
}
const ( const (
// defaultTTL is the assumed lease TTL used for the first keepalive // defaultTTL is the assumed lease TTL used for the first keepalive
// deadline before the actual TTL is known to the client. // deadline before the actual TTL is known to the client.
...@@ -54,6 +69,21 @@ const ( ...@@ -54,6 +69,21 @@ const (
NoLease LeaseID = 0 NoLease LeaseID = 0
) )
// ErrKeepAliveHalted is returned if client keep alive loop halts with an unexpected error.
//
// This usually means that automatic lease renewal via KeepAlive is broken, but KeepAliveOnce will still work as expected.
type ErrKeepAliveHalted struct {
Reason error
}
func (e ErrKeepAliveHalted) Error() string {
s := "etcdclient: leases keep alive halted"
if e.Reason != nil {
s += ": " + e.Reason.Error()
}
return s
}
type Lease interface { type Lease interface {
// Grant creates a new lease. // Grant creates a new lease.
Grant(ctx context.Context, ttl int64) (*LeaseGrantResponse, error) Grant(ctx context.Context, ttl int64) (*LeaseGrantResponse, error)
...@@ -61,6 +91,9 @@ type Lease interface { ...@@ -61,6 +91,9 @@ type Lease interface {
// Revoke revokes the given lease. // Revoke revokes the given lease.
Revoke(ctx context.Context, id LeaseID) (*LeaseRevokeResponse, error) Revoke(ctx context.Context, id LeaseID) (*LeaseRevokeResponse, error)
// TimeToLive retrieves the lease information of the given lease ID.
TimeToLive(ctx context.Context, id LeaseID, opts ...LeaseOption) (*LeaseTimeToLiveResponse, error)
// KeepAlive keeps the given lease alive forever. // KeepAlive keeps the given lease alive forever.
KeepAlive(ctx context.Context, id LeaseID) (<-chan *LeaseKeepAliveResponse, error) KeepAlive(ctx context.Context, id LeaseID) (<-chan *LeaseKeepAliveResponse, error)
...@@ -76,8 +109,9 @@ type Lease interface { ...@@ -76,8 +109,9 @@ type Lease interface {
type lessor struct { type lessor struct {
mu sync.Mutex // guards all fields mu sync.Mutex // guards all fields
// donec is closed when recvKeepAliveLoop stops // donec is closed and loopErr is set when recvKeepAliveLoop stops
donec chan struct{} donec chan struct{}
loopErr error
remote pb.LeaseClient remote pb.LeaseClient
...@@ -141,7 +175,7 @@ func (l *lessor) Grant(ctx context.Context, ttl int64) (*LeaseGrantResponse, err ...@@ -141,7 +175,7 @@ func (l *lessor) Grant(ctx context.Context, ttl int64) (*LeaseGrantResponse, err
return gresp, nil return gresp, nil
} }
if isHaltErr(cctx, err) { if isHaltErr(cctx, err) {
return nil, toErr(ctx, err) return nil, toErr(cctx, err)
} }
} }
} }
...@@ -164,10 +198,43 @@ func (l *lessor) Revoke(ctx context.Context, id LeaseID) (*LeaseRevokeResponse, ...@@ -164,10 +198,43 @@ func (l *lessor) Revoke(ctx context.Context, id LeaseID) (*LeaseRevokeResponse,
} }
} }
func (l *lessor) TimeToLive(ctx context.Context, id LeaseID, opts ...LeaseOption) (*LeaseTimeToLiveResponse, error) {
cctx, cancel := context.WithCancel(ctx)
done := cancelWhenStop(cancel, l.stopCtx.Done())
defer close(done)
for {
r := toLeaseTimeToLiveRequest(id, opts...)
resp, err := l.remote.LeaseTimeToLive(cctx, r, grpc.FailFast(false))
if err == nil {
gresp := &LeaseTimeToLiveResponse{
ResponseHeader: resp.GetHeader(),
ID: LeaseID(resp.ID),
TTL: resp.TTL,
GrantedTTL: resp.GrantedTTL,
Keys: resp.Keys,
}
return gresp, nil
}
if isHaltErr(cctx, err) {
return nil, toErr(cctx, err)
}
}
}
func (l *lessor) KeepAlive(ctx context.Context, id LeaseID) (<-chan *LeaseKeepAliveResponse, error) { func (l *lessor) KeepAlive(ctx context.Context, id LeaseID) (<-chan *LeaseKeepAliveResponse, error) {
ch := make(chan *LeaseKeepAliveResponse, leaseResponseChSize) ch := make(chan *LeaseKeepAliveResponse, leaseResponseChSize)
l.mu.Lock() l.mu.Lock()
// ensure that recvKeepAliveLoop is still running
select {
case <-l.donec:
err := l.loopErr
l.mu.Unlock()
close(ch)
return ch, ErrKeepAliveHalted{Reason: err}
default:
}
ka, ok := l.keepAlives[id] ka, ok := l.keepAlives[id]
if !ok { if !ok {
// create fresh keep alive // create fresh keep alive
...@@ -275,10 +342,11 @@ func (l *lessor) keepAliveOnce(ctx context.Context, id LeaseID) (*LeaseKeepAlive ...@@ -275,10 +342,11 @@ func (l *lessor) keepAliveOnce(ctx context.Context, id LeaseID) (*LeaseKeepAlive
return karesp, nil return karesp, nil
} }
func (l *lessor) recvKeepAliveLoop() { func (l *lessor) recvKeepAliveLoop() (gerr error) {
defer func() { defer func() {
l.mu.Lock() l.mu.Lock()
close(l.donec) close(l.donec)
l.loopErr = gerr
for _, ka := range l.keepAlives { for _, ka := range l.keepAlives {
ka.Close() ka.Close()
} }
...@@ -291,13 +359,14 @@ func (l *lessor) recvKeepAliveLoop() { ...@@ -291,13 +359,14 @@ func (l *lessor) recvKeepAliveLoop() {
resp, err := stream.Recv() resp, err := stream.Recv()
if err != nil { if err != nil {
if isHaltErr(l.stopCtx, err) { if isHaltErr(l.stopCtx, err) {
return return err
} }
stream, serr = l.resetRecv() stream, serr = l.resetRecv()
continue continue
} }
l.recvKeepAlive(resp) l.recvKeepAlive(resp)
} }
return serr
} }
// resetRecv opens a new lease stream and starts sending LeaseKeepAliveRequests // resetRecv opens a new lease stream and starts sending LeaseKeepAliveRequests
...@@ -347,7 +416,7 @@ func (l *lessor) recvKeepAlive(resp *pb.LeaseKeepAliveResponse) { ...@@ -347,7 +416,7 @@ func (l *lessor) recvKeepAlive(resp *pb.LeaseKeepAliveResponse) {
} }
// send update to all channels // send update to all channels
nextKeepAlive := time.Now().Add(1 + time.Duration(karesp.TTL/3)*time.Second) nextKeepAlive := time.Now().Add((time.Duration(karesp.TTL) * time.Second) / 3.0)
ka.deadline = time.Now().Add(time.Duration(karesp.TTL) * time.Second) ka.deadline = time.Now().Add(time.Duration(karesp.TTL) * time.Second)
for _, ch := range ka.chs { for _, ch := range ka.chs {
select { select {
...@@ -393,7 +462,7 @@ func (l *lessor) sendKeepAliveLoop(stream pb.Lease_LeaseKeepAliveClient) { ...@@ -393,7 +462,7 @@ func (l *lessor) sendKeepAliveLoop(stream pb.Lease_LeaseKeepAliveClient) {
return return
} }
tosend := make([]LeaseID, 0) var tosend []LeaseID
now := time.Now() now := time.Now()
l.mu.Lock() l.mu.Lock()
......
...@@ -15,13 +15,15 @@ ...@@ -15,13 +15,15 @@
package clientv3 package clientv3
import ( import (
"io/ioutil"
"log" "log"
"os"
"sync" "sync"
"google.golang.org/grpc/grpclog" "google.golang.org/grpc/grpclog"
) )
// Logger is the logger used by client library.
// It implements grpclog.Logger interface.
type Logger grpclog.Logger type Logger grpclog.Logger
var ( var (
...@@ -34,20 +36,36 @@ type settableLogger struct { ...@@ -34,20 +36,36 @@ type settableLogger struct {
} }
func init() { func init() {
// use go's standard logger by default like grpc // disable client side logs by default
logger.mu.Lock() logger.mu.Lock()
logger.l = log.New(os.Stderr, "", log.LstdFlags) logger.l = log.New(ioutil.Discard, "", 0)
// logger has to override the grpclog at initialization so that
// any changes to the grpclog go through logger with locking
// instead of through SetLogger
//
// now updates only happen through settableLogger.set
grpclog.SetLogger(&logger) grpclog.SetLogger(&logger)
logger.mu.Unlock() logger.mu.Unlock()
} }
func (s *settableLogger) Set(l Logger) { // SetLogger sets client-side Logger. By default, logs are disabled.
func SetLogger(l Logger) {
logger.set(l)
}
// GetLogger returns the current logger.
func GetLogger() Logger {
return logger.get()
}
func (s *settableLogger) set(l Logger) {
s.mu.Lock() s.mu.Lock()
logger.l = l logger.l = l
s.mu.Unlock() s.mu.Unlock()
} }
func (s *settableLogger) Get() Logger { func (s *settableLogger) get() Logger {
s.mu.RLock() s.mu.RLock()
l := logger.l l := logger.l
s.mu.RUnlock() s.mu.RUnlock()
...@@ -56,9 +74,9 @@ func (s *settableLogger) Get() Logger { ...@@ -56,9 +74,9 @@ func (s *settableLogger) Get() Logger {
// implement the grpclog.Logger interface // implement the grpclog.Logger interface
func (s *settableLogger) Fatal(args ...interface{}) { s.Get().Fatal(args...) } func (s *settableLogger) Fatal(args ...interface{}) { s.get().Fatal(args...) }
func (s *settableLogger) Fatalf(format string, args ...interface{}) { s.Get().Fatalf(format, args...) } func (s *settableLogger) Fatalf(format string, args ...interface{}) { s.get().Fatalf(format, args...) }
func (s *settableLogger) Fatalln(args ...interface{}) { s.Get().Fatalln(args...) } func (s *settableLogger) Fatalln(args ...interface{}) { s.get().Fatalln(args...) }
func (s *settableLogger) Print(args ...interface{}) { s.Get().Print(args...) } func (s *settableLogger) Print(args ...interface{}) { s.get().Print(args...) }
func (s *settableLogger) Printf(format string, args ...interface{}) { s.Get().Printf(format, args...) } func (s *settableLogger) Printf(format string, args ...interface{}) { s.get().Printf(format, args...) }
func (s *settableLogger) Println(args ...interface{}) { s.Get().Println(args...) } func (s *settableLogger) Println(args ...interface{}) { s.get().Println(args...) }
...@@ -14,9 +14,7 @@ ...@@ -14,9 +14,7 @@
package clientv3 package clientv3
import ( import pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
)
type opType int type opType int
...@@ -43,6 +41,10 @@ type Op struct { ...@@ -43,6 +41,10 @@ type Op struct {
serializable bool serializable bool
keysOnly bool keysOnly bool
countOnly bool countOnly bool
minModRev int64
maxModRev int64
minCreateRev int64
maxCreateRev int64
// for range, watch // for range, watch
rev int64 rev int64
...@@ -52,29 +54,45 @@ type Op struct { ...@@ -52,29 +54,45 @@ type Op struct {
// progressNotify is for progress updates. // progressNotify is for progress updates.
progressNotify bool progressNotify bool
// createdNotify is for created event
createdNotify bool
// filters for watchers
filterPut bool
filterDelete bool
// for put // for put
val []byte val []byte
leaseID LeaseID leaseID LeaseID
} }
func (op Op) toRangeRequest() *pb.RangeRequest {
if op.t != tRange {
panic("op.t != tRange")
}
r := &pb.RangeRequest{
Key: op.key,
RangeEnd: op.end,
Limit: op.limit,
Revision: op.rev,
Serializable: op.serializable,
KeysOnly: op.keysOnly,
CountOnly: op.countOnly,
MinModRevision: op.minModRev,
MaxModRevision: op.maxModRev,
MinCreateRevision: op.minCreateRev,
MaxCreateRevision: op.maxCreateRev,
}
if op.sort != nil {
r.SortOrder = pb.RangeRequest_SortOrder(op.sort.Order)
r.SortTarget = pb.RangeRequest_SortTarget(op.sort.Target)
}
return r
}
func (op Op) toRequestOp() *pb.RequestOp { func (op Op) toRequestOp() *pb.RequestOp {
switch op.t { switch op.t {
case tRange: case tRange:
r := &pb.RangeRequest{ return &pb.RequestOp{Request: &pb.RequestOp_RequestRange{RequestRange: op.toRangeRequest()}}
Key: op.key,
RangeEnd: op.end,
Limit: op.limit,
Revision: op.rev,
Serializable: op.serializable,
KeysOnly: op.keysOnly,
CountOnly: op.countOnly,
}
if op.sort != nil {
r.SortOrder = pb.RangeRequest_SortOrder(op.sort.Order)
r.SortTarget = pb.RangeRequest_SortTarget(op.sort.Target)
}
return &pb.RequestOp{Request: &pb.RequestOp_RequestRange{RequestRange: r}}
case tPut: case tPut:
r := &pb.PutRequest{Key: op.key, Value: op.val, Lease: int64(op.leaseID), PrevKv: op.prevKV} r := &pb.PutRequest{Key: op.key, Value: op.val, Lease: int64(op.leaseID), PrevKv: op.prevKV}
return &pb.RequestOp{Request: &pb.RequestOp_RequestPut{RequestPut: r}} return &pb.RequestOp{Request: &pb.RequestOp_RequestPut{RequestPut: r}}
...@@ -112,6 +130,14 @@ func OpDelete(key string, opts ...OpOption) Op { ...@@ -112,6 +130,14 @@ func OpDelete(key string, opts ...OpOption) Op {
panic("unexpected serializable in delete") panic("unexpected serializable in delete")
case ret.countOnly: case ret.countOnly:
panic("unexpected countOnly in delete") panic("unexpected countOnly in delete")
case ret.minModRev != 0, ret.maxModRev != 0:
panic("unexpected mod revision filter in delete")
case ret.minCreateRev != 0, ret.maxCreateRev != 0:
panic("unexpected create revision filter in delete")
case ret.filterDelete, ret.filterPut:
panic("unexpected filter in delete")
case ret.createdNotify:
panic("unexpected createdNotify in delete")
} }
return ret return ret
} }
...@@ -131,7 +157,15 @@ func OpPut(key, val string, opts ...OpOption) Op { ...@@ -131,7 +157,15 @@ func OpPut(key, val string, opts ...OpOption) Op {
case ret.serializable: case ret.serializable:
panic("unexpected serializable in put") panic("unexpected serializable in put")
case ret.countOnly: case ret.countOnly:
panic("unexpected countOnly in delete") panic("unexpected countOnly in put")
case ret.minModRev != 0, ret.maxModRev != 0:
panic("unexpected mod revision filter in put")
case ret.minCreateRev != 0, ret.maxCreateRev != 0:
panic("unexpected create revision filter in put")
case ret.filterDelete, ret.filterPut:
panic("unexpected filter in put")
case ret.createdNotify:
panic("unexpected createdNotify in put")
} }
return ret return ret
} }
...@@ -149,7 +183,11 @@ func opWatch(key string, opts ...OpOption) Op { ...@@ -149,7 +183,11 @@ func opWatch(key string, opts ...OpOption) Op {
case ret.serializable: case ret.serializable:
panic("unexpected serializable in watch") panic("unexpected serializable in watch")
case ret.countOnly: case ret.countOnly:
panic("unexpected countOnly in delete") panic("unexpected countOnly in watch")
case ret.minModRev != 0, ret.maxModRev != 0:
panic("unexpected mod revision filter in watch")
case ret.minCreateRev != 0, ret.maxCreateRev != 0:
panic("unexpected create revision filter in watch")
} }
return ret return ret
} }
...@@ -181,6 +219,14 @@ func WithRev(rev int64) OpOption { return func(op *Op) { op.rev = rev } } ...@@ -181,6 +219,14 @@ func WithRev(rev int64) OpOption { return func(op *Op) { op.rev = rev } }
// 'order' can be either 'SortNone', 'SortAscend', 'SortDescend'. // 'order' can be either 'SortNone', 'SortAscend', 'SortDescend'.
func WithSort(target SortTarget, order SortOrder) OpOption { func WithSort(target SortTarget, order SortOrder) OpOption {
return func(op *Op) { return func(op *Op) {
if target == SortByKey && order == SortAscend {
// If order != SortNone, server fetches the entire key-space,
// and then applies the sort and limit, if provided.
// Since current mvcc.Range implementation returns results
// sorted by keys in lexicographically ascending order,
// client should ignore SortOrder if the target is SortByKey.
order = SortNone
}
op.sort = &SortOption{target, order} op.sort = &SortOption{target, order}
} }
} }
...@@ -245,6 +291,18 @@ func WithCountOnly() OpOption { ...@@ -245,6 +291,18 @@ func WithCountOnly() OpOption {
return func(op *Op) { op.countOnly = true } return func(op *Op) { op.countOnly = true }
} }
// WithMinModRev filters out keys for Get with modification revisions less than the given revision.
func WithMinModRev(rev int64) OpOption { return func(op *Op) { op.minModRev = rev } }
// WithMaxModRev filters out keys for Get with modification revisions greater than the given revision.
func WithMaxModRev(rev int64) OpOption { return func(op *Op) { op.maxModRev = rev } }
// WithMinCreateRev filters out keys for Get with creation revisions less than the given revision.
func WithMinCreateRev(rev int64) OpOption { return func(op *Op) { op.minCreateRev = rev } }
// WithMaxCreateRev filters out keys for Get with creation revisions greater than the given revision.
func WithMaxCreateRev(rev int64) OpOption { return func(op *Op) { op.maxCreateRev = rev } }
// WithFirstCreate gets the key with the oldest creation revision in the request range. // WithFirstCreate gets the key with the oldest creation revision in the request range.
func WithFirstCreate() []OpOption { return withTop(SortByCreateRevision, SortAscend) } func WithFirstCreate() []OpOption { return withTop(SortByCreateRevision, SortAscend) }
...@@ -268,7 +326,8 @@ func withTop(target SortTarget, order SortOrder) []OpOption { ...@@ -268,7 +326,8 @@ func withTop(target SortTarget, order SortOrder) []OpOption {
return []OpOption{WithPrefix(), WithSort(target, order), WithLimit(1)} return []OpOption{WithPrefix(), WithSort(target, order), WithLimit(1)}
} }
// WithProgressNotify makes watch server send periodic progress updates. // WithProgressNotify makes watch server send periodic progress updates
// every 10 minutes when there is no incoming events.
// Progress updates have zero events in WatchResponse. // Progress updates have zero events in WatchResponse.
func WithProgressNotify() OpOption { func WithProgressNotify() OpOption {
return func(op *Op) { return func(op *Op) {
...@@ -276,6 +335,23 @@ func WithProgressNotify() OpOption { ...@@ -276,6 +335,23 @@ func WithProgressNotify() OpOption {
} }
} }
// WithCreatedNotify makes watch server sends the created event.
func WithCreatedNotify() OpOption {
return func(op *Op) {
op.createdNotify = true
}
}
// WithFilterPut discards PUT events from the watcher.
func WithFilterPut() OpOption {
return func(op *Op) { op.filterPut = true }
}
// WithFilterDelete discards DELETE events from the watcher.
func WithFilterDelete() OpOption {
return func(op *Op) { op.filterDelete = true }
}
// WithPrevKV gets the previous key-value pair before the event happens. If the previous KV is already compacted, // WithPrevKV gets the previous key-value pair before the event happens. If the previous KV is already compacted,
// nothing will be returned. // nothing will be returned.
func WithPrevKV() OpOption { func WithPrevKV() OpOption {
...@@ -283,3 +359,32 @@ func WithPrevKV() OpOption { ...@@ -283,3 +359,32 @@ func WithPrevKV() OpOption {
op.prevKV = true op.prevKV = true
} }
} }
// LeaseOp represents an Operation that lease can execute.
type LeaseOp struct {
id LeaseID
// for TimeToLive
attachedKeys bool
}
// LeaseOption configures lease operations.
type LeaseOption func(*LeaseOp)
func (op *LeaseOp) applyOpts(opts []LeaseOption) {
for _, opt := range opts {
opt(op)
}
}
// WithAttachedKeys requests lease timetolive API to return
// attached keys of given lease ID.
func WithAttachedKeys() LeaseOption {
return func(op *LeaseOp) { op.attachedKeys = true }
}
func toLeaseTimeToLiveRequest(id LeaseID, opts ...LeaseOption) *pb.LeaseTimeToLiveRequest {
ret := &LeaseOp{id: id}
ret.applyOpts(opts)
return &pb.LeaseTimeToLiveRequest{ID: int64(id), Keys: ret.attachedKeys}
}
...@@ -19,6 +19,7 @@ import ( ...@@ -19,6 +19,7 @@ import (
pb "github.com/coreos/etcd/etcdserver/etcdserverpb" pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
"golang.org/x/net/context" "golang.org/x/net/context"
"google.golang.org/grpc"
) )
// Txn is the interface that wraps mini-transactions. // Txn is the interface that wraps mini-transactions.
...@@ -152,7 +153,12 @@ func (txn *txn) Commit() (*TxnResponse, error) { ...@@ -152,7 +153,12 @@ func (txn *txn) Commit() (*TxnResponse, error) {
func (txn *txn) commit() (*TxnResponse, error) { func (txn *txn) commit() (*TxnResponse, error) {
r := &pb.TxnRequest{Compare: txn.cmps, Success: txn.sus, Failure: txn.fas} r := &pb.TxnRequest{Compare: txn.cmps, Success: txn.sus, Failure: txn.fas}
resp, err := txn.kv.remote.Txn(txn.ctx, r)
var opts []grpc.CallOption
if !txn.isWrite {
opts = []grpc.CallOption{grpc.FailFast(false)}
}
resp, err := txn.kv.remote.Txn(txn.ctx, r, opts...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
...@@ -61,8 +61,8 @@ type WatchResponse struct { ...@@ -61,8 +61,8 @@ type WatchResponse struct {
// the channel sends a final response that has Canceled set to true with a non-nil Err(). // the channel sends a final response that has Canceled set to true with a non-nil Err().
Canceled bool Canceled bool
// created is used to indicate the creation of the watcher. // Created is used to indicate the creation of the watcher.
created bool Created bool
closeErr error closeErr error
} }
...@@ -92,7 +92,7 @@ func (wr *WatchResponse) Err() error { ...@@ -92,7 +92,7 @@ func (wr *WatchResponse) Err() error {
// IsProgressNotify returns true if the WatchResponse is progress notification. // IsProgressNotify returns true if the WatchResponse is progress notification.
func (wr *WatchResponse) IsProgressNotify() bool { func (wr *WatchResponse) IsProgressNotify() bool {
return len(wr.Events) == 0 && !wr.Canceled && !wr.created && wr.CompactRevision == 0 && wr.Header.Revision != 0 return len(wr.Events) == 0 && !wr.Canceled && !wr.Created && wr.CompactRevision == 0 && wr.Header.Revision != 0
} }
// watcher implements the Watcher interface // watcher implements the Watcher interface
...@@ -101,6 +101,7 @@ type watcher struct { ...@@ -101,6 +101,7 @@ type watcher struct {
// mu protects the grpc streams map // mu protects the grpc streams map
mu sync.RWMutex mu sync.RWMutex
// streams holds all the active grpc streams keyed by ctx value. // streams holds all the active grpc streams keyed by ctx value.
streams map[string]*watchGrpcStream streams map[string]*watchGrpcStream
} }
...@@ -131,6 +132,8 @@ type watchGrpcStream struct { ...@@ -131,6 +132,8 @@ type watchGrpcStream struct {
errc chan error errc chan error
// closingc gets the watcherStream of closing watchers // closingc gets the watcherStream of closing watchers
closingc chan *watcherStream closingc chan *watcherStream
// wg is Done when all substream goroutines have exited
wg sync.WaitGroup
// resumec closes to signal that all substreams should begin resuming // resumec closes to signal that all substreams should begin resuming
resumec chan struct{} resumec chan struct{}
...@@ -144,8 +147,12 @@ type watchRequest struct { ...@@ -144,8 +147,12 @@ type watchRequest struct {
key string key string
end string end string
rev int64 rev int64
// progressNotify is for progress updates. // send created notification event if this field is true
createdNotify bool
// progressNotify is for progress updates
progressNotify bool progressNotify bool
// filters is the list of events to filter out
filters []pb.WatchCreateRequest_FilterType
// get the previous key-value pair before the event happens // get the previous key-value pair before the event happens
prevKV bool prevKV bool
// retc receives a chan WatchResponse once the watcher is established // retc receives a chan WatchResponse once the watcher is established
...@@ -173,8 +180,12 @@ type watcherStream struct { ...@@ -173,8 +180,12 @@ type watcherStream struct {
} }
func NewWatcher(c *Client) Watcher { func NewWatcher(c *Client) Watcher {
return NewWatchFromWatchClient(pb.NewWatchClient(c.conn))
}
func NewWatchFromWatchClient(wc pb.WatchClient) Watcher {
return &watcher{ return &watcher{
remote: pb.NewWatchClient(c.conn), remote: wc,
streams: make(map[string]*watchGrpcStream), streams: make(map[string]*watchGrpcStream),
} }
} }
...@@ -215,12 +226,22 @@ func (w *watcher) newWatcherGrpcStream(inctx context.Context) *watchGrpcStream { ...@@ -215,12 +226,22 @@ func (w *watcher) newWatcherGrpcStream(inctx context.Context) *watchGrpcStream {
func (w *watcher) Watch(ctx context.Context, key string, opts ...OpOption) WatchChan { func (w *watcher) Watch(ctx context.Context, key string, opts ...OpOption) WatchChan {
ow := opWatch(key, opts...) ow := opWatch(key, opts...)
var filters []pb.WatchCreateRequest_FilterType
if ow.filterPut {
filters = append(filters, pb.WatchCreateRequest_NOPUT)
}
if ow.filterDelete {
filters = append(filters, pb.WatchCreateRequest_NODELETE)
}
wr := &watchRequest{ wr := &watchRequest{
ctx: ctx, ctx: ctx,
createdNotify: ow.createdNotify,
key: string(ow.key), key: string(ow.key),
end: string(ow.end), end: string(ow.end),
rev: ow.rev, rev: ow.rev,
progressNotify: ow.progressNotify, progressNotify: ow.progressNotify,
filters: filters,
prevKV: ow.prevKV, prevKV: ow.prevKV,
retc: make(chan chan WatchResponse, 1), retc: make(chan chan WatchResponse, 1),
} }
...@@ -374,18 +395,20 @@ func (w *watchGrpcStream) run() { ...@@ -374,18 +395,20 @@ func (w *watchGrpcStream) run() {
for _, ws := range w.substreams { for _, ws := range w.substreams {
if _, ok := closing[ws]; !ok { if _, ok := closing[ws]; !ok {
close(ws.recvc) close(ws.recvc)
closing[ws] = struct{}{}
} }
} }
for _, ws := range w.resuming { for _, ws := range w.resuming {
if _, ok := closing[ws]; ws != nil && !ok { if _, ok := closing[ws]; ws != nil && !ok {
close(ws.recvc) close(ws.recvc)
closing[ws] = struct{}{}
} }
} }
w.joinSubstreams() w.joinSubstreams()
for toClose := len(w.substreams) + len(w.resuming); toClose > 0; toClose-- { for range closing {
w.closeSubstream(<-w.closingc) w.closeSubstream(<-w.closingc)
} }
w.wg.Wait()
w.owner.closeStream(w) w.owner.closeStream(w)
}() }()
...@@ -410,6 +433,7 @@ func (w *watchGrpcStream) run() { ...@@ -410,6 +433,7 @@ func (w *watchGrpcStream) run() {
} }
ws.donec = make(chan struct{}) ws.donec = make(chan struct{})
w.wg.Add(1)
go w.serveSubstream(ws, w.resumec) go w.serveSubstream(ws, w.resumec)
// queue up for watcher creation/resume // queue up for watcher creation/resume
...@@ -458,7 +482,7 @@ func (w *watchGrpcStream) run() { ...@@ -458,7 +482,7 @@ func (w *watchGrpcStream) run() {
} }
// watch client failed to recv; spawn another if possible // watch client failed to recv; spawn another if possible
case err := <-w.errc: case err := <-w.errc:
if toErr(w.ctx, err) == v3rpc.ErrNoLeader { if isHaltErr(w.ctx, err) || toErr(w.ctx, err) == v3rpc.ErrNoLeader {
closeErr = err closeErr = err
return return
} }
...@@ -508,7 +532,7 @@ func (w *watchGrpcStream) dispatchEvent(pbresp *pb.WatchResponse) bool { ...@@ -508,7 +532,7 @@ func (w *watchGrpcStream) dispatchEvent(pbresp *pb.WatchResponse) bool {
Header: *pbresp.Header, Header: *pbresp.Header,
Events: events, Events: events,
CompactRevision: pbresp.CompactRevision, CompactRevision: pbresp.CompactRevision,
created: pbresp.Created, Created: pbresp.Created,
Canceled: pbresp.Canceled, Canceled: pbresp.Canceled,
} }
select { select {
...@@ -555,6 +579,7 @@ func (w *watchGrpcStream) serveSubstream(ws *watcherStream, resumec chan struct{ ...@@ -555,6 +579,7 @@ func (w *watchGrpcStream) serveSubstream(ws *watcherStream, resumec chan struct{
if !resuming { if !resuming {
w.closingc <- ws w.closingc <- ws
} }
w.wg.Done()
}() }()
emptyWr := &WatchResponse{} emptyWr := &WatchResponse{}
...@@ -562,14 +587,6 @@ func (w *watchGrpcStream) serveSubstream(ws *watcherStream, resumec chan struct{ ...@@ -562,14 +587,6 @@ func (w *watchGrpcStream) serveSubstream(ws *watcherStream, resumec chan struct{
curWr := emptyWr curWr := emptyWr
outc := ws.outc outc := ws.outc
if len(ws.buf) > 0 && ws.buf[0].created {
select {
case ws.initReq.retc <- ws.outc:
default:
}
ws.buf = ws.buf[1:]
}
if len(ws.buf) > 0 { if len(ws.buf) > 0 {
curWr = ws.buf[0] curWr = ws.buf[0]
} else { } else {
...@@ -587,13 +604,35 @@ func (w *watchGrpcStream) serveSubstream(ws *watcherStream, resumec chan struct{ ...@@ -587,13 +604,35 @@ func (w *watchGrpcStream) serveSubstream(ws *watcherStream, resumec chan struct{
// shutdown from closeSubstream // shutdown from closeSubstream
return return
} }
// TODO pause channel if buffer gets too large
ws.buf = append(ws.buf, wr) if wr.Created {
if ws.initReq.retc != nil {
ws.initReq.retc <- ws.outc
// to prevent next write from taking the slot in buffered channel
// and posting duplicate create events
ws.initReq.retc = nil
// send first creation event only if requested
if ws.initReq.createdNotify {
ws.outc <- *wr
}
}
}
nextRev = wr.Header.Revision nextRev = wr.Header.Revision
if len(wr.Events) > 0 { if len(wr.Events) > 0 {
nextRev = wr.Events[len(wr.Events)-1].Kv.ModRevision + 1 nextRev = wr.Events[len(wr.Events)-1].Kv.ModRevision + 1
} }
ws.initReq.rev = nextRev ws.initReq.rev = nextRev
// created event is already sent above,
// watcher should not post duplicate events
if wr.Created {
continue
}
// TODO pause channel if buffer gets too large
ws.buf = append(ws.buf, wr)
case <-w.ctx.Done(): case <-w.ctx.Done():
return return
case <-ws.initReq.ctx.Done(): case <-ws.initReq.ctx.Done():
...@@ -639,6 +678,7 @@ func (w *watchGrpcStream) newWatchClient() (pb.Watch_WatchClient, error) { ...@@ -639,6 +678,7 @@ func (w *watchGrpcStream) newWatchClient() (pb.Watch_WatchClient, error) {
continue continue
} }
ws.donec = make(chan struct{}) ws.donec = make(chan struct{})
w.wg.Add(1)
go w.serveSubstream(ws, w.resumec) go w.serveSubstream(ws, w.resumec)
} }
...@@ -659,6 +699,10 @@ func (w *watchGrpcStream) waitCancelSubstreams(stopc <-chan struct{}) <-chan str ...@@ -659,6 +699,10 @@ func (w *watchGrpcStream) waitCancelSubstreams(stopc <-chan struct{}) <-chan str
go func(ws *watcherStream) { go func(ws *watcherStream) {
defer wg.Done() defer wg.Done()
if ws.closing { if ws.closing {
if ws.initReq.ctx.Err() != nil && ws.outc != nil {
close(ws.outc)
ws.outc = nil
}
return return
} }
select { select {
...@@ -719,6 +763,7 @@ func (wr *watchRequest) toPB() *pb.WatchRequest { ...@@ -719,6 +763,7 @@ func (wr *watchRequest) toPB() *pb.WatchRequest {
Key: []byte(wr.key), Key: []byte(wr.key),
RangeEnd: []byte(wr.end), RangeEnd: []byte(wr.end),
ProgressNotify: wr.progressNotify, ProgressNotify: wr.progressNotify,
Filters: wr.filters,
PrevKv: wr.prevKV, PrevKv: wr.prevKV,
} }
cr := &pb.WatchRequest_CreateRequest{CreateRequest: req} cr := &pb.WatchRequest_CreateRequest{CreateRequest: req}
......
...@@ -26,7 +26,7 @@ import ( ...@@ -26,7 +26,7 @@ import (
) )
var ( var (
plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "etcdserver") plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "compactor")
) )
const ( const (
......
...@@ -52,7 +52,8 @@ var ( ...@@ -52,7 +52,8 @@ var (
var ( var (
// Number of retries discovery will attempt before giving up and erroring out. // Number of retries discovery will attempt before giving up and erroring out.
nRetries = uint(math.MaxUint32) nRetries = uint(math.MaxUint32)
maxExpoentialRetries = uint(8)
) )
// JoinCluster will connect to the discovery service at the given url, and // JoinCluster will connect to the discovery service at the given url, and
...@@ -243,7 +244,7 @@ func (d *discovery) checkCluster() ([]*client.Node, int, uint64, error) { ...@@ -243,7 +244,7 @@ func (d *discovery) checkCluster() ([]*client.Node, int, uint64, error) {
} }
return nil, 0, 0, err return nil, 0, 0, err
} }
nodes := make([]*client.Node, 0) var nodes []*client.Node
// append non-config keys to nodes // append non-config keys to nodes
for _, n := range resp.Node.Nodes { for _, n := range resp.Node.Nodes {
if !(path.Base(n.Key) == path.Base(configKey)) { if !(path.Base(n.Key) == path.Base(configKey)) {
...@@ -268,9 +269,14 @@ func (d *discovery) checkCluster() ([]*client.Node, int, uint64, error) { ...@@ -268,9 +269,14 @@ func (d *discovery) checkCluster() ([]*client.Node, int, uint64, error) {
func (d *discovery) logAndBackoffForRetry(step string) { func (d *discovery) logAndBackoffForRetry(step string) {
d.retries++ d.retries++
retryTime := time.Second * (0x1 << d.retries) // logAndBackoffForRetry stops exponential backoff when the retries are more than maxExpoentialRetries and is set to a constant backoff afterward.
plog.Infof("%s: error connecting to %s, retrying in %s", step, d.url, retryTime) retries := d.retries
d.clock.Sleep(retryTime) if retries > maxExpoentialRetries {
retries = maxExpoentialRetries
}
retryTimeInSecond := time.Duration(0x1<<retries) * time.Second
plog.Infof("%s: error connecting to %s, retrying in %s", step, d.url, retryTimeInSecond)
d.clock.Sleep(retryTimeInSecond)
} }
func (d *discovery) checkClusterRetry() ([]*client.Node, int, uint64, error) { func (d *discovery) checkClusterRetry() ([]*client.Node, int, uint64, error) {
......
...@@ -17,6 +17,7 @@ package discovery ...@@ -17,6 +17,7 @@ package discovery
import ( import (
"fmt" "fmt"
"net" "net"
"net/url"
"strings" "strings"
"github.com/coreos/etcd/pkg/types" "github.com/coreos/etcd/pkg/types"
...@@ -33,9 +34,8 @@ var ( ...@@ -33,9 +34,8 @@ var (
// Also doesn't do any lookups for the token (though it could) // Also doesn't do any lookups for the token (though it could)
// Also sees each entry as a separate instance. // Also sees each entry as a separate instance.
func SRVGetCluster(name, dns string, defaultToken string, apurls types.URLs) (string, string, error) { func SRVGetCluster(name, dns string, defaultToken string, apurls types.URLs) (string, string, error) {
stringParts := make([]string, 0)
tempName := int(0) tempName := int(0)
tcpAPUrls := make([]string, 0) tcp2ap := make(map[string]url.URL)
// First, resolve the apurls // First, resolve the apurls
for _, url := range apurls { for _, url := range apurls {
...@@ -44,10 +44,11 @@ func SRVGetCluster(name, dns string, defaultToken string, apurls types.URLs) (st ...@@ -44,10 +44,11 @@ func SRVGetCluster(name, dns string, defaultToken string, apurls types.URLs) (st
plog.Errorf("couldn't resolve host %s during SRV discovery", url.Host) plog.Errorf("couldn't resolve host %s during SRV discovery", url.Host)
return "", "", err return "", "", err
} }
tcpAPUrls = append(tcpAPUrls, tcpAddr.String()) tcp2ap[tcpAddr.String()] = url
} }
updateNodeMap := func(service, prefix string) error { stringParts := []string{}
updateNodeMap := func(service, scheme string) error {
_, addrs, err := lookupSRV(service, "tcp", dns) _, addrs, err := lookupSRV(service, "tcp", dns)
if err != nil { if err != nil {
return err return err
...@@ -61,35 +62,37 @@ func SRVGetCluster(name, dns string, defaultToken string, apurls types.URLs) (st ...@@ -61,35 +62,37 @@ func SRVGetCluster(name, dns string, defaultToken string, apurls types.URLs) (st
continue continue
} }
n := "" n := ""
for _, url := range tcpAPUrls { url, ok := tcp2ap[tcpAddr.String()]
if url == tcpAddr.String() { if ok {
n = name n = name
}
} }
if n == "" { if n == "" {
n = fmt.Sprintf("%d", tempName) n = fmt.Sprintf("%d", tempName)
tempName += 1 tempName++
} }
// SRV records have a trailing dot but URL shouldn't. // SRV records have a trailing dot but URL shouldn't.
shortHost := strings.TrimSuffix(srv.Target, ".") shortHost := strings.TrimSuffix(srv.Target, ".")
urlHost := net.JoinHostPort(shortHost, port) urlHost := net.JoinHostPort(shortHost, port)
stringParts = append(stringParts, fmt.Sprintf("%s=%s%s", n, prefix, urlHost)) stringParts = append(stringParts, fmt.Sprintf("%s=%s://%s", n, scheme, urlHost))
plog.Noticef("got bootstrap from DNS for %s at %s%s", service, prefix, urlHost) plog.Noticef("got bootstrap from DNS for %s at %s://%s", service, scheme, urlHost)
if ok && url.Scheme != scheme {
plog.Errorf("bootstrap at %s from DNS for %s has scheme mismatch with expected peer %s", scheme+"://"+urlHost, service, url.String())
}
} }
return nil return nil
} }
failCount := 0 failCount := 0
err := updateNodeMap("etcd-server-ssl", "https://") err := updateNodeMap("etcd-server-ssl", "https")
srvErr := make([]string, 2) srvErr := make([]string, 2)
if err != nil { if err != nil {
srvErr[0] = fmt.Sprintf("error querying DNS SRV records for _etcd-server-ssl %s", err) srvErr[0] = fmt.Sprintf("error querying DNS SRV records for _etcd-server-ssl %s", err)
failCount += 1 failCount++
} }
err = updateNodeMap("etcd-server", "http://") err = updateNodeMap("etcd-server", "http")
if err != nil { if err != nil {
srvErr[1] = fmt.Sprintf("error querying DNS SRV records for _etcd-server %s", err) srvErr[1] = fmt.Sprintf("error querying DNS SRV records for _etcd-server %s", err)
failCount += 1 failCount++
} }
if failCount == 2 { if failCount == 2 {
plog.Warningf(srvErr[0]) plog.Warningf(srvErr[0])
......
...@@ -30,15 +30,14 @@ const ( ...@@ -30,15 +30,14 @@ const (
) )
var ( var (
plog = capnslog.NewPackageLogger("github.com/coreos/etcd/etcdserver", "api") plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "etcdserver/api")
// capabilityMaps is a static map of version to capability map. // capabilityMaps is a static map of version to capability map.
// the base capabilities is the set of capability 2.0 supports. // the base capabilities is the set of capability 2.0 supports.
capabilityMaps = map[string]map[Capability]bool{ capabilityMaps = map[string]map[Capability]bool{
"2.1.0": {AuthCapability: true},
"2.2.0": {AuthCapability: true},
"2.3.0": {AuthCapability: true}, "2.3.0": {AuthCapability: true},
"3.0.0": {AuthCapability: true, V3rpcCapability: true}, "3.0.0": {AuthCapability: true, V3rpcCapability: true},
"3.1.0": {AuthCapability: true, V3rpcCapability: true},
} }
enableMapMu sync.RWMutex enableMapMu sync.RWMutex
......
...@@ -35,7 +35,7 @@ const ( ...@@ -35,7 +35,7 @@ const (
) )
var ( var (
plog = capnslog.NewPackageLogger("github.com/coreos/etcd/etcdserver/api", "v2http") plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "etcdserver/api/v2http")
mlog = logutil.NewMergeLogger(plog) mlog = logutil.NewMergeLogger(plog)
) )
...@@ -60,7 +60,7 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) { ...@@ -60,7 +60,7 @@ func writeError(w http.ResponseWriter, r *http.Request, err error) {
} }
default: default:
switch err { switch err {
case etcdserver.ErrTimeoutDueToLeaderFail, etcdserver.ErrTimeoutDueToConnectionLost, etcdserver.ErrNotEnoughStartedMembers: case etcdserver.ErrTimeoutDueToLeaderFail, etcdserver.ErrTimeoutDueToConnectionLost, etcdserver.ErrNotEnoughStartedMembers, etcdserver.ErrUnhealthy:
mlog.MergeError(err) mlog.MergeError(err)
default: default:
mlog.MergeErrorf("got unexpected response error (%v)", err) mlog.MergeErrorf("got unexpected response error (%v)", err)
......
...@@ -22,7 +22,7 @@ import ( ...@@ -22,7 +22,7 @@ import (
) )
var ( var (
plog = capnslog.NewPackageLogger("github.com/coreos/etcd/etcdserver/api/v2http", "httptypes") plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "etcdserver/api/v2http/httptypes")
) )
type HTTPError struct { type HTTPError struct {
......
...@@ -26,14 +26,14 @@ import ( ...@@ -26,14 +26,14 @@ import (
const ( const (
peerMembersPrefix = "/members" peerMembersPrefix = "/members"
leasesPrefix = "/leases"
) )
// NewPeerHandler generates an http.Handler to handle etcd peer requests. // NewPeerHandler generates an http.Handler to handle etcd peer requests.
func NewPeerHandler(s *etcdserver.EtcdServer) http.Handler { func NewPeerHandler(s *etcdserver.EtcdServer) http.Handler {
var lh http.Handler var lh http.Handler
if l := s.Lessor(); l != nil { l := s.Lessor()
lh = leasehttp.NewHandler(l) if l != nil {
lh = leasehttp.NewHandler(l, func() <-chan struct{} { return s.ApplyWait() })
} }
return newPeerHandler(s.Cluster(), s.RaftHandler(), lh) return newPeerHandler(s.Cluster(), s.RaftHandler(), lh)
} }
...@@ -49,7 +49,8 @@ func newPeerHandler(cluster api.Cluster, raftHandler http.Handler, leaseHandler ...@@ -49,7 +49,8 @@ func newPeerHandler(cluster api.Cluster, raftHandler http.Handler, leaseHandler
mux.Handle(rafthttp.RaftPrefix+"/", raftHandler) mux.Handle(rafthttp.RaftPrefix+"/", raftHandler)
mux.Handle(peerMembersPrefix, mh) mux.Handle(peerMembersPrefix, mh)
if leaseHandler != nil { if leaseHandler != nil {
mux.Handle(leasesPrefix, leaseHandler) mux.Handle(leasehttp.LeasePrefix, leaseHandler)
mux.Handle(leasehttp.LeaseInternalPrefix, leaseHandler)
} }
mux.HandleFunc(versionPath, versionHandler(cluster, serveVersion)) mux.HandleFunc(versionPath, versionHandler(cluster, serveVersion))
return mux return mux
......
...@@ -19,14 +19,13 @@ import ( ...@@ -19,14 +19,13 @@ import (
"github.com/coreos/etcd/etcdserver" "github.com/coreos/etcd/etcdserver"
pb "github.com/coreos/etcd/etcdserver/etcdserverpb" pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
"github.com/coreos/pkg/capnslog"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/grpc/grpclog" "google.golang.org/grpc/grpclog"
) )
func init() { func init() {
grpclog.SetLogger(capnslog.NewPackageLogger("github.com/coreos/etcd/etcdserver", "v3rpc/grpc")) grpclog.SetLogger(plog)
} }
func Server(s *etcdserver.EtcdServer, tls *tls.Config) *grpc.Server { func Server(s *etcdserver.EtcdServer, tls *tls.Config) *grpc.Server {
......
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
package v3rpc package v3rpc
import ( import (
"strings"
"sync" "sync"
"time" "time"
...@@ -25,6 +24,7 @@ import ( ...@@ -25,6 +24,7 @@ import (
"github.com/coreos/etcd/pkg/types" "github.com/coreos/etcd/pkg/types"
"github.com/coreos/etcd/raft" "github.com/coreos/etcd/raft"
prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
"golang.org/x/net/context" "golang.org/x/net/context"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/metadata" "google.golang.org/grpc/metadata"
...@@ -53,7 +53,8 @@ func newUnaryInterceptor(s *etcdserver.EtcdServer) grpc.UnaryServerInterceptor { ...@@ -53,7 +53,8 @@ func newUnaryInterceptor(s *etcdserver.EtcdServer) grpc.UnaryServerInterceptor {
} }
} }
} }
return metricsUnaryInterceptor(ctx, req, info, handler)
return prometheus.UnaryServerInterceptor(ctx, req, info, handler)
} }
} }
...@@ -88,42 +89,9 @@ func newStreamInterceptor(s *etcdserver.EtcdServer) grpc.StreamServerInterceptor ...@@ -88,42 +89,9 @@ func newStreamInterceptor(s *etcdserver.EtcdServer) grpc.StreamServerInterceptor
} }
} }
return metricsStreamInterceptor(srv, ss, info, handler)
}
}
func metricsUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
service, method := splitMethodName(info.FullMethod)
receivedCounter.WithLabelValues(service, method).Inc()
start := time.Now()
resp, err = handler(ctx, req)
if err != nil {
failedCounter.WithLabelValues(service, method, grpc.Code(err).String()).Inc()
}
handlingDuration.WithLabelValues(service, method).Observe(time.Since(start).Seconds())
return resp, err
}
func metricsStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
service, method := splitMethodName(info.FullMethod)
receivedCounter.WithLabelValues(service, method).Inc()
err := handler(srv, ss)
if err != nil {
failedCounter.WithLabelValues(service, method, grpc.Code(err).String()).Inc()
}
return err
}
func splitMethodName(fullMethodName string) (string, string) { return prometheus.StreamServerInterceptor(srv, ss, info, handler)
fullMethodName = strings.TrimPrefix(fullMethodName, "/") // remove leading slash
if i := strings.Index(fullMethodName, "/"); i >= 0 {
return fullMethodName[:i], fullMethodName[i+1:]
} }
return "unknown", "unknown"
} }
type serverStreamWithCtx struct { type serverStreamWithCtx struct {
......
...@@ -26,7 +26,7 @@ import ( ...@@ -26,7 +26,7 @@ import (
) )
var ( var (
plog = capnslog.NewPackageLogger("github.com/coreos/etcd/etcdserver/api", "v3rpc") plog = capnslog.NewPackageLogger("github.com/coreos/etcd", "etcdserver/api/v3rpc")
// Max operations per txn list. For example, Txn.Success can have at most 128 operations, // Max operations per txn list. For example, Txn.Success can have at most 128 operations,
// and Txn.Failure can have at most 128 operations. // and Txn.Failure can have at most 128 operations.
...@@ -56,7 +56,7 @@ func (s *kvServer) Range(ctx context.Context, r *pb.RangeRequest) (*pb.RangeResp ...@@ -56,7 +56,7 @@ func (s *kvServer) Range(ctx context.Context, r *pb.RangeRequest) (*pb.RangeResp
plog.Panic("unexpected nil resp.Header") plog.Panic("unexpected nil resp.Header")
} }
s.hdr.fill(resp.Header) s.hdr.fill(resp.Header)
return resp, err return resp, nil
} }
func (s *kvServer) Put(ctx context.Context, r *pb.PutRequest) (*pb.PutResponse, error) { func (s *kvServer) Put(ctx context.Context, r *pb.PutRequest) (*pb.PutResponse, error) {
...@@ -73,7 +73,7 @@ func (s *kvServer) Put(ctx context.Context, r *pb.PutRequest) (*pb.PutResponse, ...@@ -73,7 +73,7 @@ func (s *kvServer) Put(ctx context.Context, r *pb.PutRequest) (*pb.PutResponse,
plog.Panic("unexpected nil resp.Header") plog.Panic("unexpected nil resp.Header")
} }
s.hdr.fill(resp.Header) s.hdr.fill(resp.Header)
return resp, err return resp, nil
} }
func (s *kvServer) DeleteRange(ctx context.Context, r *pb.DeleteRangeRequest) (*pb.DeleteRangeResponse, error) { func (s *kvServer) DeleteRange(ctx context.Context, r *pb.DeleteRangeRequest) (*pb.DeleteRangeResponse, error) {
...@@ -90,7 +90,7 @@ func (s *kvServer) DeleteRange(ctx context.Context, r *pb.DeleteRangeRequest) (* ...@@ -90,7 +90,7 @@ func (s *kvServer) DeleteRange(ctx context.Context, r *pb.DeleteRangeRequest) (*
plog.Panic("unexpected nil resp.Header") plog.Panic("unexpected nil resp.Header")
} }
s.hdr.fill(resp.Header) s.hdr.fill(resp.Header)
return resp, err return resp, nil
} }
func (s *kvServer) Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse, error) { func (s *kvServer) Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse, error) {
...@@ -107,7 +107,7 @@ func (s *kvServer) Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse, ...@@ -107,7 +107,7 @@ func (s *kvServer) Txn(ctx context.Context, r *pb.TxnRequest) (*pb.TxnResponse,
plog.Panic("unexpected nil resp.Header") plog.Panic("unexpected nil resp.Header")
} }
s.hdr.fill(resp.Header) s.hdr.fill(resp.Header)
return resp, err return resp, nil
} }
func (s *kvServer) Compact(ctx context.Context, r *pb.CompactionRequest) (*pb.CompactionResponse, error) { func (s *kvServer) Compact(ctx context.Context, r *pb.CompactionRequest) (*pb.CompactionResponse, error) {
......
...@@ -18,7 +18,6 @@ import ( ...@@ -18,7 +18,6 @@ import (
"io" "io"
"github.com/coreos/etcd/etcdserver" "github.com/coreos/etcd/etcdserver"
"github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes"
pb "github.com/coreos/etcd/etcdserver/etcdserverpb" pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
"github.com/coreos/etcd/lease" "github.com/coreos/etcd/lease"
"golang.org/x/net/context" "golang.org/x/net/context"
...@@ -35,20 +34,27 @@ func NewLeaseServer(s *etcdserver.EtcdServer) pb.LeaseServer { ...@@ -35,20 +34,27 @@ func NewLeaseServer(s *etcdserver.EtcdServer) pb.LeaseServer {
func (ls *LeaseServer) LeaseGrant(ctx context.Context, cr *pb.LeaseGrantRequest) (*pb.LeaseGrantResponse, error) { func (ls *LeaseServer) LeaseGrant(ctx context.Context, cr *pb.LeaseGrantRequest) (*pb.LeaseGrantResponse, error) {
resp, err := ls.le.LeaseGrant(ctx, cr) resp, err := ls.le.LeaseGrant(ctx, cr)
if err == lease.ErrLeaseExists {
return nil, rpctypes.ErrGRPCLeaseExist
}
if err != nil { if err != nil {
return nil, err return nil, togRPCError(err)
} }
ls.hdr.fill(resp.Header) ls.hdr.fill(resp.Header)
return resp, err return resp, nil
} }
func (ls *LeaseServer) LeaseRevoke(ctx context.Context, rr *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error) { func (ls *LeaseServer) LeaseRevoke(ctx context.Context, rr *pb.LeaseRevokeRequest) (*pb.LeaseRevokeResponse, error) {
resp, err := ls.le.LeaseRevoke(ctx, rr) resp, err := ls.le.LeaseRevoke(ctx, rr)
if err != nil { if err != nil {
return nil, rpctypes.ErrGRPCLeaseNotFound return nil, togRPCError(err)
}
ls.hdr.fill(resp.Header)
return resp, nil
}
func (ls *LeaseServer) LeaseTimeToLive(ctx context.Context, rr *pb.LeaseTimeToLiveRequest) (*pb.LeaseTimeToLiveResponse, error) {
resp, err := ls.le.LeaseTimeToLive(ctx, rr)
if err != nil {
return nil, togRPCError(err)
} }
ls.hdr.fill(resp.Header) ls.hdr.fill(resp.Header)
return resp, nil return resp, nil
......
...@@ -18,6 +18,7 @@ import ( ...@@ -18,6 +18,7 @@ import (
"crypto/sha256" "crypto/sha256"
"io" "io"
"github.com/coreos/etcd/auth"
"github.com/coreos/etcd/etcdserver" "github.com/coreos/etcd/etcdserver"
pb "github.com/coreos/etcd/etcdserver/etcdserverpb" pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
"github.com/coreos/etcd/mvcc" "github.com/coreos/etcd/mvcc"
...@@ -45,6 +46,10 @@ type RaftStatusGetter interface { ...@@ -45,6 +46,10 @@ type RaftStatusGetter interface {
Leader() types.ID Leader() types.ID
} }
type AuthGetter interface {
AuthStore() auth.AuthStore
}
type maintenanceServer struct { type maintenanceServer struct {
rg RaftStatusGetter rg RaftStatusGetter
kg KVGetter kg KVGetter
...@@ -54,7 +59,8 @@ type maintenanceServer struct { ...@@ -54,7 +59,8 @@ type maintenanceServer struct {
} }
func NewMaintenanceServer(s *etcdserver.EtcdServer) pb.MaintenanceServer { func NewMaintenanceServer(s *etcdserver.EtcdServer) pb.MaintenanceServer {
return &maintenanceServer{rg: s, kg: s, bg: s, a: s, hdr: newHeader(s)} srv := &maintenanceServer{rg: s, kg: s, bg: s, a: s, hdr: newHeader(s)}
return &authMaintenanceServer{srv, s}
} }
func (ms *maintenanceServer) Defragment(ctx context.Context, sr *pb.DefragmentRequest) (*pb.DefragmentResponse, error) { func (ms *maintenanceServer) Defragment(ctx context.Context, sr *pb.DefragmentRequest) (*pb.DefragmentResponse, error) {
...@@ -139,3 +145,49 @@ func (ms *maintenanceServer) Status(ctx context.Context, ar *pb.StatusRequest) ( ...@@ -139,3 +145,49 @@ func (ms *maintenanceServer) Status(ctx context.Context, ar *pb.StatusRequest) (
ms.hdr.fill(resp.Header) ms.hdr.fill(resp.Header)
return resp, nil return resp, nil
} }
type authMaintenanceServer struct {
*maintenanceServer
ag AuthGetter
}
func (ams *authMaintenanceServer) isAuthenticated(ctx context.Context) error {
authInfo, err := ams.ag.AuthStore().AuthInfoFromCtx(ctx)
if err != nil {
return err
}
return ams.ag.AuthStore().IsAdminPermitted(authInfo)
}
func (ams *authMaintenanceServer) Defragment(ctx context.Context, sr *pb.DefragmentRequest) (*pb.DefragmentResponse, error) {
if err := ams.isAuthenticated(ctx); err != nil {
return nil, err
}
return ams.maintenanceServer.Defragment(ctx, sr)
}
func (ams *authMaintenanceServer) Snapshot(sr *pb.SnapshotRequest, srv pb.Maintenance_SnapshotServer) error {
if err := ams.isAuthenticated(srv.Context()); err != nil {
return err
}
return ams.maintenanceServer.Snapshot(sr, srv)
}
func (ams *authMaintenanceServer) Hash(ctx context.Context, r *pb.HashRequest) (*pb.HashResponse, error) {
if err := ams.isAuthenticated(ctx); err != nil {
return nil, err
}
return ams.maintenanceServer.Hash(ctx, r)
}
func (ams *authMaintenanceServer) Status(ctx context.Context, ar *pb.StatusRequest) (*pb.StatusResponse, error) {
if err := ams.isAuthenticated(ctx); err != nil {
return nil, err
}
return ams.maintenanceServer.Status(ctx, ar)
}
...@@ -24,8 +24,6 @@ import ( ...@@ -24,8 +24,6 @@ import (
"github.com/coreos/etcd/etcdserver/membership" "github.com/coreos/etcd/etcdserver/membership"
"github.com/coreos/etcd/pkg/types" "github.com/coreos/etcd/pkg/types"
"golang.org/x/net/context" "golang.org/x/net/context"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
) )
type ClusterServer struct { type ClusterServer struct {
...@@ -50,14 +48,8 @@ func (cs *ClusterServer) MemberAdd(ctx context.Context, r *pb.MemberAddRequest) ...@@ -50,14 +48,8 @@ func (cs *ClusterServer) MemberAdd(ctx context.Context, r *pb.MemberAddRequest)
now := time.Now() now := time.Now()
m := membership.NewMember("", urls, "", &now) m := membership.NewMember("", urls, "", &now)
err = cs.server.AddMember(ctx, *m) if err = cs.server.AddMember(ctx, *m); err != nil {
switch { return nil, togRPCError(err)
case err == membership.ErrIDExists:
return nil, rpctypes.ErrGRPCMemberExist
case err == membership.ErrPeerURLexists:
return nil, rpctypes.ErrGRPCPeerURLExist
case err != nil:
return nil, grpc.Errorf(codes.Internal, err.Error())
} }
return &pb.MemberAddResponse{ return &pb.MemberAddResponse{
...@@ -67,16 +59,9 @@ func (cs *ClusterServer) MemberAdd(ctx context.Context, r *pb.MemberAddRequest) ...@@ -67,16 +59,9 @@ func (cs *ClusterServer) MemberAdd(ctx context.Context, r *pb.MemberAddRequest)
} }
func (cs *ClusterServer) MemberRemove(ctx context.Context, r *pb.MemberRemoveRequest) (*pb.MemberRemoveResponse, error) { func (cs *ClusterServer) MemberRemove(ctx context.Context, r *pb.MemberRemoveRequest) (*pb.MemberRemoveResponse, error) {
err := cs.server.RemoveMember(ctx, r.ID) if err := cs.server.RemoveMember(ctx, r.ID); err != nil {
switch { return nil, togRPCError(err)
case err == membership.ErrIDRemoved:
fallthrough
case err == membership.ErrIDNotFound:
return nil, rpctypes.ErrGRPCMemberNotFound
case err != nil:
return nil, grpc.Errorf(codes.Internal, err.Error())
} }
return &pb.MemberRemoveResponse{Header: cs.header()}, nil return &pb.MemberRemoveResponse{Header: cs.header()}, nil
} }
...@@ -85,16 +70,9 @@ func (cs *ClusterServer) MemberUpdate(ctx context.Context, r *pb.MemberUpdateReq ...@@ -85,16 +70,9 @@ func (cs *ClusterServer) MemberUpdate(ctx context.Context, r *pb.MemberUpdateReq
ID: types.ID(r.ID), ID: types.ID(r.ID),
RaftAttributes: membership.RaftAttributes{PeerURLs: r.PeerURLs}, RaftAttributes: membership.RaftAttributes{PeerURLs: r.PeerURLs},
} }
err := cs.server.UpdateMember(ctx, m) if err := cs.server.UpdateMember(ctx, m); err != nil {
switch { return nil, togRPCError(err)
case err == membership.ErrPeerURLexists:
return nil, rpctypes.ErrGRPCPeerURLExist
case err == membership.ErrIDNotFound:
return nil, rpctypes.ErrGRPCMemberNotFound
case err != nil:
return nil, grpc.Errorf(codes.Internal, err.Error())
} }
return &pb.MemberUpdateResponse{Header: cs.header()}, nil return &pb.MemberUpdateResponse{Header: cs.header()}, nil
} }
......
...@@ -17,31 +17,6 @@ package v3rpc ...@@ -17,31 +17,6 @@ package v3rpc
import "github.com/prometheus/client_golang/prometheus" import "github.com/prometheus/client_golang/prometheus"
var ( var (
receivedCounter = prometheus.NewCounterVec(
prometheus.CounterOpts{
Namespace: "etcd",
Subsystem: "grpc",
Name: "requests_total",
Help: "Counter of received requests.",
}, []string{"grpc_service", "grpc_method"})
failedCounter = prometheus.NewCounterVec(
prometheus.CounterOpts{
Namespace: "etcd",
Subsystem: "grpc",
Name: "requests_failed_total",
Help: "Counter of failed requests.",
}, []string{"grpc_service", "grpc_method", "grpc_code"})
handlingDuration = prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Namespace: "etcd",
Subsystem: "grpc",
Name: "unary_requests_duration_seconds",
Help: "Bucketed histogram of processing time (s) of handled unary (non-stream) requests.",
Buckets: prometheus.ExponentialBuckets(0.0005, 2, 13),
}, []string{"grpc_service", "grpc_method"})
sentBytes = prometheus.NewCounter(prometheus.CounterOpts{ sentBytes = prometheus.NewCounter(prometheus.CounterOpts{
Namespace: "etcd", Namespace: "etcd",
Subsystem: "network", Subsystem: "network",
...@@ -58,10 +33,6 @@ var ( ...@@ -58,10 +33,6 @@ var (
) )
func init() { func init() {
prometheus.MustRegister(receivedCounter)
prometheus.MustRegister(failedCounter)
prometheus.MustRegister(handlingDuration)
prometheus.MustRegister(sentBytes) prometheus.MustRegister(sentBytes)
prometheus.MustRegister(receivedBytes) prometheus.MustRegister(receivedBytes)
} }
...@@ -31,23 +31,28 @@ var ( ...@@ -31,23 +31,28 @@ var (
ErrGRPCLeaseNotFound = grpc.Errorf(codes.NotFound, "etcdserver: requested lease not found") ErrGRPCLeaseNotFound = grpc.Errorf(codes.NotFound, "etcdserver: requested lease not found")
ErrGRPCLeaseExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: lease already exists") ErrGRPCLeaseExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: lease already exists")
ErrGRPCMemberExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: member ID already exist") ErrGRPCMemberExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: member ID already exist")
ErrGRPCPeerURLExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: Peer URLs already exists") ErrGRPCPeerURLExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: Peer URLs already exists")
ErrGRPCMemberBadURLs = grpc.Errorf(codes.InvalidArgument, "etcdserver: given member URLs are invalid") ErrGRPCMemberNotEnoughStarted = grpc.Errorf(codes.FailedPrecondition, "etcdserver: re-configuration failed due to not enough started members")
ErrGRPCMemberNotFound = grpc.Errorf(codes.NotFound, "etcdserver: member not found") ErrGRPCMemberBadURLs = grpc.Errorf(codes.InvalidArgument, "etcdserver: given member URLs are invalid")
ErrGRPCMemberNotFound = grpc.Errorf(codes.NotFound, "etcdserver: member not found")
ErrGRPCRequestTooLarge = grpc.Errorf(codes.InvalidArgument, "etcdserver: request is too large") ErrGRPCRequestTooLarge = grpc.Errorf(codes.InvalidArgument, "etcdserver: request is too large")
ErrGRPCRequestTooManyRequests = grpc.Errorf(codes.ResourceExhausted, "etcdserver: too many requests")
ErrGRPCRootUserNotExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: root user does not exist") ErrGRPCRootUserNotExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: root user does not exist")
ErrGRPCRootRoleNotExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: root user does not have root role") ErrGRPCRootRoleNotExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: root user does not have root role")
ErrGRPCUserAlreadyExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: user name already exists") ErrGRPCUserAlreadyExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: user name already exists")
ErrGRPCUserEmpty = grpc.Errorf(codes.InvalidArgument, "etcdserver: user name is empty")
ErrGRPCUserNotFound = grpc.Errorf(codes.FailedPrecondition, "etcdserver: user name not found") ErrGRPCUserNotFound = grpc.Errorf(codes.FailedPrecondition, "etcdserver: user name not found")
ErrGRPCRoleAlreadyExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: role name already exists") ErrGRPCRoleAlreadyExist = grpc.Errorf(codes.FailedPrecondition, "etcdserver: role name already exists")
ErrGRPCRoleNotFound = grpc.Errorf(codes.FailedPrecondition, "etcdserver: role name not found") ErrGRPCRoleNotFound = grpc.Errorf(codes.FailedPrecondition, "etcdserver: role name not found")
ErrGRPCAuthFailed = grpc.Errorf(codes.InvalidArgument, "etcdserver: authentication failed, invalid user ID or password") ErrGRPCAuthFailed = grpc.Errorf(codes.InvalidArgument, "etcdserver: authentication failed, invalid user ID or password")
ErrGRPCPermissionDenied = grpc.Errorf(codes.FailedPrecondition, "etcdserver: permission denied") ErrGRPCPermissionDenied = grpc.Errorf(codes.PermissionDenied, "etcdserver: permission denied")
ErrGRPCRoleNotGranted = grpc.Errorf(codes.FailedPrecondition, "etcdserver: role is not granted to the user") ErrGRPCRoleNotGranted = grpc.Errorf(codes.FailedPrecondition, "etcdserver: role is not granted to the user")
ErrGRPCPermissionNotGranted = grpc.Errorf(codes.FailedPrecondition, "etcdserver: permission is not granted to the role") ErrGRPCPermissionNotGranted = grpc.Errorf(codes.FailedPrecondition, "etcdserver: permission is not granted to the role")
ErrGRPCAuthNotEnabled = grpc.Errorf(codes.FailedPrecondition, "etcdserver: authentication is not enabled")
ErrGRPCInvalidAuthToken = grpc.Errorf(codes.Unauthenticated, "etcdserver: invalid auth token")
ErrGRPCNoLeader = grpc.Errorf(codes.Unavailable, "etcdserver: no leader") ErrGRPCNoLeader = grpc.Errorf(codes.Unavailable, "etcdserver: no leader")
ErrGRPCNotCapable = grpc.Errorf(codes.Unavailable, "etcdserver: not capable") ErrGRPCNotCapable = grpc.Errorf(codes.Unavailable, "etcdserver: not capable")
...@@ -68,16 +73,19 @@ var ( ...@@ -68,16 +73,19 @@ var (
grpc.ErrorDesc(ErrGRPCLeaseNotFound): ErrGRPCLeaseNotFound, grpc.ErrorDesc(ErrGRPCLeaseNotFound): ErrGRPCLeaseNotFound,
grpc.ErrorDesc(ErrGRPCLeaseExist): ErrGRPCLeaseExist, grpc.ErrorDesc(ErrGRPCLeaseExist): ErrGRPCLeaseExist,
grpc.ErrorDesc(ErrGRPCMemberExist): ErrGRPCMemberExist, grpc.ErrorDesc(ErrGRPCMemberExist): ErrGRPCMemberExist,
grpc.ErrorDesc(ErrGRPCPeerURLExist): ErrGRPCPeerURLExist, grpc.ErrorDesc(ErrGRPCPeerURLExist): ErrGRPCPeerURLExist,
grpc.ErrorDesc(ErrGRPCMemberBadURLs): ErrGRPCMemberBadURLs, grpc.ErrorDesc(ErrGRPCMemberNotEnoughStarted): ErrGRPCMemberNotEnoughStarted,
grpc.ErrorDesc(ErrGRPCMemberNotFound): ErrGRPCMemberNotFound, grpc.ErrorDesc(ErrGRPCMemberBadURLs): ErrGRPCMemberBadURLs,
grpc.ErrorDesc(ErrGRPCMemberNotFound): ErrGRPCMemberNotFound,
grpc.ErrorDesc(ErrGRPCRequestTooLarge): ErrGRPCRequestTooLarge, grpc.ErrorDesc(ErrGRPCRequestTooLarge): ErrGRPCRequestTooLarge,
grpc.ErrorDesc(ErrGRPCRequestTooManyRequests): ErrGRPCRequestTooManyRequests,
grpc.ErrorDesc(ErrGRPCRootUserNotExist): ErrGRPCRootUserNotExist, grpc.ErrorDesc(ErrGRPCRootUserNotExist): ErrGRPCRootUserNotExist,
grpc.ErrorDesc(ErrGRPCRootRoleNotExist): ErrGRPCRootRoleNotExist, grpc.ErrorDesc(ErrGRPCRootRoleNotExist): ErrGRPCRootRoleNotExist,
grpc.ErrorDesc(ErrGRPCUserAlreadyExist): ErrGRPCUserAlreadyExist, grpc.ErrorDesc(ErrGRPCUserAlreadyExist): ErrGRPCUserAlreadyExist,
grpc.ErrorDesc(ErrGRPCUserEmpty): ErrGRPCUserEmpty,
grpc.ErrorDesc(ErrGRPCUserNotFound): ErrGRPCUserNotFound, grpc.ErrorDesc(ErrGRPCUserNotFound): ErrGRPCUserNotFound,
grpc.ErrorDesc(ErrGRPCRoleAlreadyExist): ErrGRPCRoleAlreadyExist, grpc.ErrorDesc(ErrGRPCRoleAlreadyExist): ErrGRPCRoleAlreadyExist,
grpc.ErrorDesc(ErrGRPCRoleNotFound): ErrGRPCRoleNotFound, grpc.ErrorDesc(ErrGRPCRoleNotFound): ErrGRPCRoleNotFound,
...@@ -85,6 +93,8 @@ var ( ...@@ -85,6 +93,8 @@ var (
grpc.ErrorDesc(ErrGRPCPermissionDenied): ErrGRPCPermissionDenied, grpc.ErrorDesc(ErrGRPCPermissionDenied): ErrGRPCPermissionDenied,
grpc.ErrorDesc(ErrGRPCRoleNotGranted): ErrGRPCRoleNotGranted, grpc.ErrorDesc(ErrGRPCRoleNotGranted): ErrGRPCRoleNotGranted,
grpc.ErrorDesc(ErrGRPCPermissionNotGranted): ErrGRPCPermissionNotGranted, grpc.ErrorDesc(ErrGRPCPermissionNotGranted): ErrGRPCPermissionNotGranted,
grpc.ErrorDesc(ErrGRPCAuthNotEnabled): ErrGRPCAuthNotEnabled,
grpc.ErrorDesc(ErrGRPCInvalidAuthToken): ErrGRPCInvalidAuthToken,
grpc.ErrorDesc(ErrGRPCNoLeader): ErrGRPCNoLeader, grpc.ErrorDesc(ErrGRPCNoLeader): ErrGRPCNoLeader,
grpc.ErrorDesc(ErrGRPCNotCapable): ErrGRPCNotCapable, grpc.ErrorDesc(ErrGRPCNotCapable): ErrGRPCNotCapable,
...@@ -106,16 +116,19 @@ var ( ...@@ -106,16 +116,19 @@ var (
ErrLeaseNotFound = Error(ErrGRPCLeaseNotFound) ErrLeaseNotFound = Error(ErrGRPCLeaseNotFound)
ErrLeaseExist = Error(ErrGRPCLeaseExist) ErrLeaseExist = Error(ErrGRPCLeaseExist)
ErrMemberExist = Error(ErrGRPCMemberExist) ErrMemberExist = Error(ErrGRPCMemberExist)
ErrPeerURLExist = Error(ErrGRPCPeerURLExist) ErrPeerURLExist = Error(ErrGRPCPeerURLExist)
ErrMemberBadURLs = Error(ErrGRPCMemberBadURLs) ErrMemberNotEnoughStarted = Error(ErrGRPCMemberNotEnoughStarted)
ErrMemberNotFound = Error(ErrGRPCMemberNotFound) ErrMemberBadURLs = Error(ErrGRPCMemberBadURLs)
ErrMemberNotFound = Error(ErrGRPCMemberNotFound)
ErrRequestTooLarge = Error(ErrGRPCRequestTooLarge) ErrRequestTooLarge = Error(ErrGRPCRequestTooLarge)
ErrTooManyRequests = Error(ErrGRPCRequestTooManyRequests)
ErrRootUserNotExist = Error(ErrGRPCRootUserNotExist) ErrRootUserNotExist = Error(ErrGRPCRootUserNotExist)
ErrRootRoleNotExist = Error(ErrGRPCRootRoleNotExist) ErrRootRoleNotExist = Error(ErrGRPCRootRoleNotExist)
ErrUserAlreadyExist = Error(ErrGRPCUserAlreadyExist) ErrUserAlreadyExist = Error(ErrGRPCUserAlreadyExist)
ErrUserEmpty = Error(ErrGRPCUserEmpty)
ErrUserNotFound = Error(ErrGRPCUserNotFound) ErrUserNotFound = Error(ErrGRPCUserNotFound)
ErrRoleAlreadyExist = Error(ErrGRPCRoleAlreadyExist) ErrRoleAlreadyExist = Error(ErrGRPCRoleAlreadyExist)
ErrRoleNotFound = Error(ErrGRPCRoleNotFound) ErrRoleNotFound = Error(ErrGRPCRoleNotFound)
...@@ -123,6 +136,8 @@ var ( ...@@ -123,6 +136,8 @@ var (
ErrPermissionDenied = Error(ErrGRPCPermissionDenied) ErrPermissionDenied = Error(ErrGRPCPermissionDenied)
ErrRoleNotGranted = Error(ErrGRPCRoleNotGranted) ErrRoleNotGranted = Error(ErrGRPCRoleNotGranted)
ErrPermissionNotGranted = Error(ErrGRPCPermissionNotGranted) ErrPermissionNotGranted = Error(ErrGRPCPermissionNotGranted)
ErrAuthNotEnabled = Error(ErrGRPCAuthNotEnabled)
ErrInvalidAuthToken = Error(ErrGRPCInvalidAuthToken)
ErrNoLeader = Error(ErrGRPCNoLeader) ErrNoLeader = Error(ErrGRPCNoLeader)
ErrNotCapable = Error(ErrGRPCNotCapable) ErrNotCapable = Error(ErrGRPCNotCapable)
......
...@@ -18,6 +18,7 @@ import ( ...@@ -18,6 +18,7 @@ import (
"github.com/coreos/etcd/auth" "github.com/coreos/etcd/auth"
"github.com/coreos/etcd/etcdserver" "github.com/coreos/etcd/etcdserver"
"github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes" "github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes"
"github.com/coreos/etcd/etcdserver/membership"
"github.com/coreos/etcd/lease" "github.com/coreos/etcd/lease"
"github.com/coreos/etcd/mvcc" "github.com/coreos/etcd/mvcc"
"google.golang.org/grpc" "google.golang.org/grpc"
...@@ -26,17 +27,29 @@ import ( ...@@ -26,17 +27,29 @@ import (
func togRPCError(err error) error { func togRPCError(err error) error {
switch err { switch err {
case membership.ErrIDRemoved:
return rpctypes.ErrGRPCMemberNotFound
case membership.ErrIDNotFound:
return rpctypes.ErrGRPCMemberNotFound
case membership.ErrIDExists:
return rpctypes.ErrGRPCMemberExist
case membership.ErrPeerURLexists:
return rpctypes.ErrGRPCPeerURLExist
case etcdserver.ErrNotEnoughStartedMembers:
return rpctypes.ErrMemberNotEnoughStarted
case mvcc.ErrCompacted: case mvcc.ErrCompacted:
return rpctypes.ErrGRPCCompacted return rpctypes.ErrGRPCCompacted
case mvcc.ErrFutureRev: case mvcc.ErrFutureRev:
return rpctypes.ErrGRPCFutureRev return rpctypes.ErrGRPCFutureRev
case lease.ErrLeaseNotFound: case lease.ErrLeaseNotFound:
return rpctypes.ErrGRPCLeaseNotFound return rpctypes.ErrGRPCLeaseNotFound
// TODO: handle error from raft and timeout
case etcdserver.ErrRequestTooLarge: case etcdserver.ErrRequestTooLarge:
return rpctypes.ErrGRPCRequestTooLarge return rpctypes.ErrGRPCRequestTooLarge
case etcdserver.ErrNoSpace: case etcdserver.ErrNoSpace:
return rpctypes.ErrGRPCNoSpace return rpctypes.ErrGRPCNoSpace
case etcdserver.ErrTooManyRequests:
return rpctypes.ErrTooManyRequests
case etcdserver.ErrNoLeader: case etcdserver.ErrNoLeader:
return rpctypes.ErrGRPCNoLeader return rpctypes.ErrGRPCNoLeader
...@@ -48,6 +61,13 @@ func togRPCError(err error) error { ...@@ -48,6 +61,13 @@ func togRPCError(err error) error {
return rpctypes.ErrGRPCTimeoutDueToLeaderFail return rpctypes.ErrGRPCTimeoutDueToLeaderFail
case etcdserver.ErrTimeoutDueToConnectionLost: case etcdserver.ErrTimeoutDueToConnectionLost:
return rpctypes.ErrGRPCTimeoutDueToConnectionLost return rpctypes.ErrGRPCTimeoutDueToConnectionLost
case etcdserver.ErrUnhealthy:
return rpctypes.ErrGRPCUnhealthy
case lease.ErrLeaseNotFound:
return rpctypes.ErrGRPCLeaseNotFound
case lease.ErrLeaseExists:
return rpctypes.ErrGRPCLeaseExist
case auth.ErrRootUserNotExist: case auth.ErrRootUserNotExist:
return rpctypes.ErrGRPCRootUserNotExist return rpctypes.ErrGRPCRootUserNotExist
...@@ -55,6 +75,8 @@ func togRPCError(err error) error { ...@@ -55,6 +75,8 @@ func togRPCError(err error) error {
return rpctypes.ErrGRPCRootRoleNotExist return rpctypes.ErrGRPCRootRoleNotExist
case auth.ErrUserAlreadyExist: case auth.ErrUserAlreadyExist:
return rpctypes.ErrGRPCUserAlreadyExist return rpctypes.ErrGRPCUserAlreadyExist
case auth.ErrUserEmpty:
return rpctypes.ErrGRPCUserEmpty
case auth.ErrUserNotFound: case auth.ErrUserNotFound:
return rpctypes.ErrGRPCUserNotFound return rpctypes.ErrGRPCUserNotFound
case auth.ErrRoleAlreadyExist: case auth.ErrRoleAlreadyExist:
...@@ -69,7 +91,11 @@ func togRPCError(err error) error { ...@@ -69,7 +91,11 @@ func togRPCError(err error) error {
return rpctypes.ErrGRPCRoleNotGranted return rpctypes.ErrGRPCRoleNotGranted
case auth.ErrPermissionNotGranted: case auth.ErrPermissionNotGranted:
return rpctypes.ErrGRPCPermissionNotGranted return rpctypes.ErrGRPCPermissionNotGranted
case auth.ErrAuthNotEnabled:
return rpctypes.ErrGRPCAuthNotEnabled
case auth.ErrInvalidAuthToken:
return rpctypes.ErrGRPCInvalidAuthToken
default: default:
return grpc.Errorf(codes.Internal, err.Error()) return grpc.Errorf(codes.Unknown, err.Error())
} }
} }
...@@ -92,6 +92,7 @@ type serverWatchStream struct { ...@@ -92,6 +92,7 @@ type serverWatchStream struct {
mu sync.Mutex mu sync.Mutex
// progress tracks the watchID that stream might need to send // progress tracks the watchID that stream might need to send
// progress to. // progress to.
// TODO: combine progress and prevKV into a single struct?
progress map[mvcc.WatchID]bool progress map[mvcc.WatchID]bool
prevKV map[mvcc.WatchID]bool prevKV map[mvcc.WatchID]bool
...@@ -130,10 +131,14 @@ func (ws *watchServer) Watch(stream pb.Watch_WatchServer) (err error) { ...@@ -130,10 +131,14 @@ func (ws *watchServer) Watch(stream pb.Watch_WatchServer) (err error) {
// but when stream.Context().Done() is closed, the stream's recv // but when stream.Context().Done() is closed, the stream's recv
// may continue to block since it uses a different context, leading to // may continue to block since it uses a different context, leading to
// deadlock when calling sws.close(). // deadlock when calling sws.close().
go func() { errc <- sws.recvLoop() }() go func() {
if rerr := sws.recvLoop(); rerr != nil {
errc <- rerr
}
}()
select { select {
case err = <-errc: case err = <-errc:
close(sws.ctrlStream)
case <-stream.Context().Done(): case <-stream.Context().Done():
err = stream.Context().Err() err = stream.Context().Err()
// the only server-side cancellation is noleader for now. // the only server-side cancellation is noleader for now.
...@@ -146,7 +151,6 @@ func (ws *watchServer) Watch(stream pb.Watch_WatchServer) (err error) { ...@@ -146,7 +151,6 @@ func (ws *watchServer) Watch(stream pb.Watch_WatchServer) (err error) {
} }
func (sws *serverWatchStream) recvLoop() error { func (sws *serverWatchStream) recvLoop() error {
defer close(sws.ctrlStream)
for { for {
req, err := sws.gRPCStream.Recv() req, err := sws.gRPCStream.Recv()
if err == io.EOF { if err == io.EOF {
...@@ -171,12 +175,14 @@ func (sws *serverWatchStream) recvLoop() error { ...@@ -171,12 +175,14 @@ func (sws *serverWatchStream) recvLoop() error {
// support >= key queries // support >= key queries
creq.RangeEnd = []byte{} creq.RangeEnd = []byte{}
} }
filters := FiltersFromRequest(creq)
wsrev := sws.watchStream.Rev() wsrev := sws.watchStream.Rev()
rev := creq.StartRevision rev := creq.StartRevision
if rev == 0 { if rev == 0 {
rev = wsrev + 1 rev = wsrev + 1
} }
id := sws.watchStream.Watch(creq.Key, creq.RangeEnd, rev) id := sws.watchStream.Watch(creq.Key, creq.RangeEnd, rev, filters...)
if id != -1 { if id != -1 {
sws.mu.Lock() sws.mu.Lock()
if creq.ProgressNotify { if creq.ProgressNotify {
...@@ -353,3 +359,25 @@ func (sws *serverWatchStream) newResponseHeader(rev int64) *pb.ResponseHeader { ...@@ -353,3 +359,25 @@ func (sws *serverWatchStream) newResponseHeader(rev int64) *pb.ResponseHeader {
RaftTerm: sws.raftTimer.Term(), RaftTerm: sws.raftTimer.Term(),
} }
} }
func filterNoDelete(e mvccpb.Event) bool {
return e.Type == mvccpb.DELETE
}
func filterNoPut(e mvccpb.Event) bool {
return e.Type == mvccpb.PUT
}
func FiltersFromRequest(creq *pb.WatchCreateRequest) []mvcc.FilterFunc {
filters := make([]mvcc.FilterFunc, 0, len(creq.Filters))
for _, ft := range creq.Filters {
switch ft {
case pb.WatchCreateRequest_NOPUT:
filters = append(filters, filterNoPut)
case pb.WatchCreateRequest_NODELETE:
filters = append(filters, filterNoDelete)
default:
}
}
return filters
}
...@@ -35,7 +35,7 @@ const ( ...@@ -35,7 +35,7 @@ const (
// to apply functions instead of a valid txn ID. // to apply functions instead of a valid txn ID.
noTxn = -1 noTxn = -1
warnApplyDuration = 10 * time.Millisecond warnApplyDuration = 100 * time.Millisecond
) )
type applyResult struct { type applyResult struct {
...@@ -258,7 +258,9 @@ func (a *applierV3backend) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResp ...@@ -258,7 +258,9 @@ func (a *applierV3backend) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResp
} }
limit := r.Limit limit := r.Limit
if r.SortOrder != pb.RangeRequest_NONE { if r.SortOrder != pb.RangeRequest_NONE ||
r.MinModRevision != 0 || r.MaxModRevision != 0 ||
r.MinCreateRevision != 0 || r.MaxCreateRevision != 0 {
// fetch everything; sort and truncate afterwards // fetch everything; sort and truncate afterwards
limit = 0 limit = 0
} }
...@@ -285,7 +287,31 @@ func (a *applierV3backend) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResp ...@@ -285,7 +287,31 @@ func (a *applierV3backend) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResp
} }
} }
if r.SortOrder != pb.RangeRequest_NONE { if r.MaxModRevision != 0 {
f := func(kv *mvccpb.KeyValue) bool { return kv.ModRevision > r.MaxModRevision }
pruneKVs(rr, f)
}
if r.MinModRevision != 0 {
f := func(kv *mvccpb.KeyValue) bool { return kv.ModRevision < r.MinModRevision }
pruneKVs(rr, f)
}
if r.MaxCreateRevision != 0 {
f := func(kv *mvccpb.KeyValue) bool { return kv.CreateRevision > r.MaxCreateRevision }
pruneKVs(rr, f)
}
if r.MinCreateRevision != 0 {
f := func(kv *mvccpb.KeyValue) bool { return kv.CreateRevision < r.MinCreateRevision }
pruneKVs(rr, f)
}
sortOrder := r.SortOrder
if r.SortTarget != pb.RangeRequest_KEY && sortOrder == pb.RangeRequest_NONE {
// Since current mvcc.Range implementation returns results
// sorted by keys in lexiographically ascending order,
// sort ASCEND by default only when target is not 'KEY'
sortOrder = pb.RangeRequest_ASCEND
}
if sortOrder != pb.RangeRequest_NONE {
var sorter sort.Interface var sorter sort.Interface
switch { switch {
case r.SortTarget == pb.RangeRequest_KEY: case r.SortTarget == pb.RangeRequest_KEY:
...@@ -300,9 +326,9 @@ func (a *applierV3backend) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResp ...@@ -300,9 +326,9 @@ func (a *applierV3backend) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResp
sorter = &kvSortByValue{&kvSort{rr.KVs}} sorter = &kvSortByValue{&kvSort{rr.KVs}}
} }
switch { switch {
case r.SortOrder == pb.RangeRequest_ASCEND: case sortOrder == pb.RangeRequest_ASCEND:
sort.Sort(sorter) sort.Sort(sorter)
case r.SortOrder == pb.RangeRequest_DESCEND: case sortOrder == pb.RangeRequest_DESCEND:
sort.Sort(sort.Reverse(sorter)) sort.Sort(sort.Reverse(sorter))
} }
} }
...@@ -345,34 +371,23 @@ func (a *applierV3backend) Txn(rt *pb.TxnRequest) (*pb.TxnResponse, error) { ...@@ -345,34 +371,23 @@ func (a *applierV3backend) Txn(rt *pb.TxnRequest) (*pb.TxnResponse, error) {
return nil, err return nil, err
} }
revision := a.s.KV().Rev()
// When executing the operations of txn, we need to hold the txn lock. // When executing the operations of txn, we need to hold the txn lock.
// So the reader will not see any intermediate results. // So the reader will not see any intermediate results.
txnID := a.s.KV().TxnBegin() txnID := a.s.KV().TxnBegin()
defer func() {
err := a.s.KV().TxnEnd(txnID)
if err != nil {
panic(fmt.Sprint("unexpected error when closing txn", txnID))
}
}()
resps := make([]*pb.ResponseOp, len(reqs)) resps := make([]*pb.ResponseOp, len(reqs))
changedKV := false
for i := range reqs { for i := range reqs {
if reqs[i].GetRequestRange() == nil {
changedKV = true
}
resps[i] = a.applyUnion(txnID, reqs[i]) resps[i] = a.applyUnion(txnID, reqs[i])
} }
if changedKV { err := a.s.KV().TxnEnd(txnID)
revision += 1 if err != nil {
panic(fmt.Sprint("unexpected error when closing txn", txnID))
} }
txnResp := &pb.TxnResponse{} txnResp := &pb.TxnResponse{}
txnResp.Header = &pb.ResponseHeader{} txnResp.Header = &pb.ResponseHeader{}
txnResp.Header.Revision = revision txnResp.Header.Revision = a.s.KV().Rev()
txnResp.Responses = resps txnResp.Responses = resps
txnResp.Succeeded = ok txnResp.Succeeded = ok
return txnResp, nil return txnResp, nil
...@@ -436,6 +451,10 @@ func (a *applierV3backend) applyCompare(c *pb.Compare) (int64, bool) { ...@@ -436,6 +451,10 @@ func (a *applierV3backend) applyCompare(c *pb.Compare) (int64, bool) {
if result != 0 { if result != 0 {
return rev, false return rev, false
} }
case pb.Compare_NOT_EQUAL:
if result == 0 {
return rev, false
}
case pb.Compare_GREATER: case pb.Compare_GREATER:
if result != 1 { if result != 1 {
return rev, false return rev, false
...@@ -454,7 +473,7 @@ func (a *applierV3backend) applyUnion(txnID int64, union *pb.RequestOp) *pb.Resp ...@@ -454,7 +473,7 @@ func (a *applierV3backend) applyUnion(txnID int64, union *pb.RequestOp) *pb.Resp
if tv.RequestRange != nil { if tv.RequestRange != nil {
resp, err := a.Range(txnID, tv.RequestRange) resp, err := a.Range(txnID, tv.RequestRange)
if err != nil { if err != nil {
panic("unexpected error during txn") plog.Panicf("unexpected error during txn: %v", err)
} }
return &pb.ResponseOp{Response: &pb.ResponseOp_ResponseRange{ResponseRange: resp}} return &pb.ResponseOp{Response: &pb.ResponseOp_ResponseRange{ResponseRange: resp}}
} }
...@@ -462,7 +481,7 @@ func (a *applierV3backend) applyUnion(txnID int64, union *pb.RequestOp) *pb.Resp ...@@ -462,7 +481,7 @@ func (a *applierV3backend) applyUnion(txnID int64, union *pb.RequestOp) *pb.Resp
if tv.RequestPut != nil { if tv.RequestPut != nil {
resp, err := a.Put(txnID, tv.RequestPut) resp, err := a.Put(txnID, tv.RequestPut)
if err != nil { if err != nil {
panic("unexpected error during txn") plog.Panicf("unexpected error during txn: %v", err)
} }
return &pb.ResponseOp{Response: &pb.ResponseOp_ResponsePut{ResponsePut: resp}} return &pb.ResponseOp{Response: &pb.ResponseOp_ResponsePut{ResponsePut: resp}}
} }
...@@ -470,7 +489,7 @@ func (a *applierV3backend) applyUnion(txnID int64, union *pb.RequestOp) *pb.Resp ...@@ -470,7 +489,7 @@ func (a *applierV3backend) applyUnion(txnID int64, union *pb.RequestOp) *pb.Resp
if tv.RequestDeleteRange != nil { if tv.RequestDeleteRange != nil {
resp, err := a.DeleteRange(txnID, tv.RequestDeleteRange) resp, err := a.DeleteRange(txnID, tv.RequestDeleteRange)
if err != nil { if err != nil {
panic("unexpected error during txn") plog.Panicf("unexpected error during txn: %v", err)
} }
return &pb.ResponseOp{Response: &pb.ResponseOp_ResponseDeleteRange{ResponseDeleteRange: resp}} return &pb.ResponseOp{Response: &pb.ResponseOp_ResponseDeleteRange{ResponseDeleteRange: resp}}
} }
...@@ -500,7 +519,7 @@ func (a *applierV3backend) LeaseGrant(lc *pb.LeaseGrantRequest) (*pb.LeaseGrantR ...@@ -500,7 +519,7 @@ func (a *applierV3backend) LeaseGrant(lc *pb.LeaseGrantRequest) (*pb.LeaseGrantR
resp := &pb.LeaseGrantResponse{} resp := &pb.LeaseGrantResponse{}
if err == nil { if err == nil {
resp.ID = int64(l.ID) resp.ID = int64(l.ID)
resp.TTL = l.TTL resp.TTL = l.TTL()
resp.Header = &pb.ResponseHeader{Revision: a.s.KV().Rev()} resp.Header = &pb.ResponseHeader{Revision: a.s.KV().Rev()}
} }
...@@ -784,3 +803,36 @@ func compareInt64(a, b int64) int { ...@@ -784,3 +803,36 @@ func compareInt64(a, b int64) int {
func isGteRange(rangeEnd []byte) bool { func isGteRange(rangeEnd []byte) bool {
return len(rangeEnd) == 1 && rangeEnd[0] == 0 return len(rangeEnd) == 1 && rangeEnd[0] == 0
} }
func noSideEffect(r *pb.InternalRaftRequest) bool {
return r.Range != nil || r.AuthUserGet != nil || r.AuthRoleGet != nil
}
func removeNeedlessRangeReqs(txn *pb.TxnRequest) {
f := func(ops []*pb.RequestOp) []*pb.RequestOp {
j := 0
for i := 0; i < len(ops); i++ {
if _, ok := ops[i].Request.(*pb.RequestOp_RequestRange); ok {
continue
}
ops[j] = ops[i]
j++
}
return ops[:j]
}
txn.Success = f(txn.Success)
txn.Failure = f(txn.Failure)
}
func pruneKVs(rr *mvcc.RangeResult, isPrunable func(*mvccpb.KeyValue) bool) {
j := 0
for i := range rr.KVs {
rr.KVs[j] = rr.KVs[i]
if !isPrunable(&rr.KVs[i]) {
j++
}
}
rr.KVs = rr.KVs[:j]
}
...@@ -27,8 +27,9 @@ type authApplierV3 struct { ...@@ -27,8 +27,9 @@ type authApplierV3 struct {
// mu serializes Apply so that user isn't corrupted and so that // mu serializes Apply so that user isn't corrupted and so that
// serialized requests don't leak data from TOCTOU errors // serialized requests don't leak data from TOCTOU errors
mu sync.Mutex mu sync.Mutex
user string
authInfo auth.AuthInfo
} }
func newAuthApplierV3(as auth.AuthStore, base applierV3) *authApplierV3 { func newAuthApplierV3(as auth.AuthStore, base applierV3) *authApplierV3 {
...@@ -41,45 +42,57 @@ func (aa *authApplierV3) Apply(r *pb.InternalRaftRequest) *applyResult { ...@@ -41,45 +42,57 @@ func (aa *authApplierV3) Apply(r *pb.InternalRaftRequest) *applyResult {
if r.Header != nil { if r.Header != nil {
// backward-compatible with pre-3.0 releases when internalRaftRequest // backward-compatible with pre-3.0 releases when internalRaftRequest
// does not have header field // does not have header field
aa.user = r.Header.Username aa.authInfo.Username = r.Header.Username
aa.authInfo.Revision = r.Header.AuthRevision
} }
if needAdminPermission(r) && !aa.as.IsAdminPermitted(aa.user) { if needAdminPermission(r) {
aa.user = "" if err := aa.as.IsAdminPermitted(&aa.authInfo); err != nil {
return &applyResult{err: auth.ErrPermissionDenied} aa.authInfo.Username = ""
aa.authInfo.Revision = 0
return &applyResult{err: err}
}
} }
ret := aa.applierV3.Apply(r) ret := aa.applierV3.Apply(r)
aa.user = "" aa.authInfo.Username = ""
aa.authInfo.Revision = 0
return ret return ret
} }
func (aa *authApplierV3) Put(txnID int64, r *pb.PutRequest) (*pb.PutResponse, error) { func (aa *authApplierV3) Put(txnID int64, r *pb.PutRequest) (*pb.PutResponse, error) {
if !aa.as.IsPutPermitted(aa.user, r.Key) { if err := aa.as.IsPutPermitted(&aa.authInfo, r.Key); err != nil {
return nil, auth.ErrPermissionDenied return nil, err
} }
if r.PrevKv && !aa.as.IsRangePermitted(aa.user, r.Key, nil) { if r.PrevKv {
return nil, auth.ErrPermissionDenied err := aa.as.IsRangePermitted(&aa.authInfo, r.Key, nil)
if err != nil {
return nil, err
}
} }
return aa.applierV3.Put(txnID, r) return aa.applierV3.Put(txnID, r)
} }
func (aa *authApplierV3) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResponse, error) { func (aa *authApplierV3) Range(txnID int64, r *pb.RangeRequest) (*pb.RangeResponse, error) {
if !aa.as.IsRangePermitted(aa.user, r.Key, r.RangeEnd) { if err := aa.as.IsRangePermitted(&aa.authInfo, r.Key, r.RangeEnd); err != nil {
return nil, auth.ErrPermissionDenied return nil, err
} }
return aa.applierV3.Range(txnID, r) return aa.applierV3.Range(txnID, r)
} }
func (aa *authApplierV3) DeleteRange(txnID int64, r *pb.DeleteRangeRequest) (*pb.DeleteRangeResponse, error) { func (aa *authApplierV3) DeleteRange(txnID int64, r *pb.DeleteRangeRequest) (*pb.DeleteRangeResponse, error) {
if !aa.as.IsDeleteRangePermitted(aa.user, r.Key, r.RangeEnd) { if err := aa.as.IsDeleteRangePermitted(&aa.authInfo, r.Key, r.RangeEnd); err != nil {
return nil, auth.ErrPermissionDenied return nil, err
} }
if r.PrevKv && !aa.as.IsRangePermitted(aa.user, r.Key, r.RangeEnd) { if r.PrevKv {
return nil, auth.ErrPermissionDenied err := aa.as.IsRangePermitted(&aa.authInfo, r.Key, r.RangeEnd)
if err != nil {
return nil, err
}
} }
return aa.applierV3.DeleteRange(txnID, r) return aa.applierV3.DeleteRange(txnID, r)
} }
func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool { func checkTxnReqsPermission(as auth.AuthStore, ai *auth.AuthInfo, reqs []*pb.RequestOp) error {
for _, requ := range reqs { for _, requ := range reqs {
switch tv := requ.Request.(type) { switch tv := requ.Request.(type) {
case *pb.RequestOp_RequestRange: case *pb.RequestOp_RequestRange:
...@@ -87,8 +100,8 @@ func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool { ...@@ -87,8 +100,8 @@ func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool {
continue continue
} }
if !aa.as.IsRangePermitted(aa.user, tv.RequestRange.Key, tv.RequestRange.RangeEnd) { if err := as.IsRangePermitted(ai, tv.RequestRange.Key, tv.RequestRange.RangeEnd); err != nil {
return false return err
} }
case *pb.RequestOp_RequestPut: case *pb.RequestOp_RequestPut:
...@@ -96,8 +109,8 @@ func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool { ...@@ -96,8 +109,8 @@ func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool {
continue continue
} }
if !aa.as.IsPutPermitted(aa.user, tv.RequestPut.Key) { if err := as.IsPutPermitted(ai, tv.RequestPut.Key); err != nil {
return false return err
} }
case *pb.RequestOp_RequestDeleteRange: case *pb.RequestOp_RequestDeleteRange:
...@@ -105,29 +118,42 @@ func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool { ...@@ -105,29 +118,42 @@ func (aa *authApplierV3) checkTxnReqsPermission(reqs []*pb.RequestOp) bool {
continue continue
} }
if tv.RequestDeleteRange.PrevKv && !aa.as.IsRangePermitted(aa.user, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd) { if tv.RequestDeleteRange.PrevKv {
return false err := as.IsRangePermitted(ai, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd)
if err != nil {
return err
}
}
err := as.IsDeleteRangePermitted(ai, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd)
if err != nil {
return err
} }
} }
} }
return true return nil
} }
func (aa *authApplierV3) Txn(rt *pb.TxnRequest) (*pb.TxnResponse, error) { func checkTxnAuth(as auth.AuthStore, ai *auth.AuthInfo, rt *pb.TxnRequest) error {
for _, c := range rt.Compare { for _, c := range rt.Compare {
if !aa.as.IsRangePermitted(aa.user, c.Key, nil) { if err := as.IsRangePermitted(ai, c.Key, nil); err != nil {
return nil, auth.ErrPermissionDenied return err
} }
} }
if err := checkTxnReqsPermission(as, ai, rt.Success); err != nil {
if !aa.checkTxnReqsPermission(rt.Success) { return err
return nil, auth.ErrPermissionDenied
} }
if !aa.checkTxnReqsPermission(rt.Failure) { if err := checkTxnReqsPermission(as, ai, rt.Failure); err != nil {
return nil, auth.ErrPermissionDenied return err
} }
return nil
}
func (aa *authApplierV3) Txn(rt *pb.TxnRequest) (*pb.TxnResponse, error) {
if err := checkTxnAuth(aa.as, &aa.authInfo, rt); err != nil {
return nil, err
}
return aa.applierV3.Txn(rt) return aa.applierV3.Txn(rt)
} }
......
This source diff could not be displayed because it is too large. You can view the blob instead.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment