Browse Source

etcdctl/role: reject non-canonical permission path

Non-canonical permission path is useless because the path received
by auth is always canonical, which is due to our ServeMux always
redirects request to canonical path().

This helps users to detect path permission setting error early.

Ref: http://godoc.org/net/http#ServeMux
Yicheng Qin 11 năm trước cách đây
mục cha
commit
fab3feab66
1 tập tin đã thay đổi với 5 bổ sung0 xóa
  1. 5 0
      etcdctl/command/role_commands.go

+ 5 - 0
etcdctl/command/role_commands.go

@@ -23,6 +23,7 @@ import (
 	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/codegangsta/cli"
 	"github.com/coreos/etcd/Godeps/_workspace/src/golang.org/x/net/context"
 	"github.com/coreos/etcd/client"
+	"github.com/coreos/etcd/pkg/pathutil"
 )
 
 func NewRoleCommands() cli.Command {
@@ -152,6 +153,10 @@ func roleGrantRevoke(c *cli.Context, grant bool) {
 		fmt.Fprintln(os.Stderr, "No path specified; please use `-path`")
 		os.Exit(1)
 	}
+	if pathutil.CanonicalURLPath(path) != path {
+		fmt.Fprintf(os.Stderr, "Not canonical path; please use `-path=%s`\n", pathutil.CanonicalURLPath(path))
+		os.Exit(1)
+	}
 
 	read := c.Bool("read")
 	write := c.Bool("write")