Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GRPC Gateway authentication fails on version v3.4.* #11414

Closed
Revolution1 opened this issue Dec 2, 2019 · 2 comments · Fixed by #11418
Closed

GRPC Gateway authentication fails on version v3.4.* #11414

Revolution1 opened this issue Dec 2, 2019 · 2 comments · Fixed by #11418
Labels

Comments

@Revolution1
Copy link

I followed the doc here https://github.com/etcd-io/etcd/blob/v3.4.3/Documentation/dev-guide/api_grpc_gateway.md

Run this exact script from the doc:

# create root user
curl -L http://localhost:2379/v3/auth/user/add \
  -X POST -d '{"name": "root", "password": "pass"}'
# {"header":{"cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"1","raft_term":"2"}}

# create root role
curl -L http://localhost:2379/v3/auth/role/add \
  -X POST -d '{"name": "root"}'
# {"header":{"cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"1","raft_term":"2"}}

# grant root role
curl -L http://localhost:2379/v3/auth/user/grant \
  -X POST -d '{"user": "root", "role": "root"}'
# {"header":{"cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"1","raft_term":"2"}}

# enable auth
curl -L http://localhost:2379/v3/auth/enable -X POST -d '{}'
# {"header":{"cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"1","raft_term":"2"}}

# get the auth token for the root user
curl -L http://localhost:2379/v3/auth/authenticate \
  -X POST -d '{"name": "root", "password": "pass"}'
# {"header":{"cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"1","raft_term":"2"},"token":"sssvIpwfnLAcWAQH.9"}

And I get these result

{"header":{"cluster_id":"11588568905070377092","member_id":"128088275939295631","revision":"1","raft_term":"2"}}{"header":{"cluster_id":"11588568905070377092","member_id":"128088275939295631","revision":"1","raft_term":"2"}}{"header":{"cluster_id":"11588568905070377092","member_id":"128088275939295631","revision":"1","raft_term":"2"}}{"header":{"cluster_id":"11588568905070377092","member_id":"128088275939295631","revision":"1","raft_term":"2"}}{"error":"etcdserver: authentication failed, invalid user ID or password","message":"etcdserver: authentication failed, invalid user ID or password","code":3}

Somehow I cannot add user using grpc gayway.

And:

  • Only happens with version >= v3.4.0
  • If I add user using etcdctl, the auth (gen token) api through grpc gatway works well
@jingyih
Copy link
Contributor

jingyih commented Dec 2, 2019

Probably a bug in

if r.Options != nil && !r.Options.NoPassword {

If the request does not have Option field, we should not end up storing empty byte slice hashed as password.

@jingyih
Copy link
Contributor

jingyih commented Dec 2, 2019

@YoyinZyc PTAL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging a pull request may close this issue.

2 participants