etcdctl: handle empty key permission correctly #8514
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
heyitsanthony
suggested changes
Sep 7, 2017
| rangeEnd, rerr := rangeEndFromPermFlags(args[2:]) | ||
| if rerr != nil { | ||
| ExitWithError(ExitBadArgs, rerr) | ||
| key := args[2] |
There was a problem hiding this comment.
dedup code into shared function?
key, rangeEnd := permRange(args[2:])There was a problem hiding this comment.
ok, I'll dedup them. Thanks for the comment.
mitake
force-pushed
the
empty-key-perm
branch
from
2824811
to
496f5a7
Compare
|
@heyitsanthony updated based on your comment, could you take a look? |
gyuho
reviewed
Sep 11, 2017
| // so the empty prefix which should be matched with every key must be like this ["\x00", <end>). | ||
| key = "\x00" | ||
| if rolePermPrefix || rolePermFromKey { | ||
| if rolePermPrefix && rolePermFromKey { |
There was a problem hiding this comment.
This if rolePermPrefix && rolePermFromKey block can be before if rolePermPrefix || rolePermFromKey {?
There was a problem hiding this comment.
Yes, they should be swapped clearly... thanks for pointing out!
Current `etcdctl role grant-permission` doesn't handle an empty key
("") correctly. Because the range permissions are treated as
BytesAffineInterval internally, just specifying the empty key as a
beginning of range introduces an invalid permission which doesn't work
and betray users' intuition. This commit fix the way of handling empty
key as a prefix or from key in permission granting.
Fix etcd-io#8494
mitake
force-pushed
the
empty-key-perm
branch
from
496f5a7
to
e4c0e11
Compare
|
@heyitsanthony @gyuho updated based on @gyuho 's latest comment, could you take a look? |
|
@heyitsanthony thanks, I'm merging it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current
etcdctl role grant-permissiondoesn't handle an empty key("") correctly. Because the range permissions are treated as
BytesAffineInterval internally, just specifying the empty key as a
beginning of range introduces an invalid permission which doesn't work
and betray users' intuition. This commit Fix the way of handling empty
key as a prefix or from key in permission granting.
Fix #8494
/cc @zyf0330 @heyitsanthony