etcdctl/role: reject non-canonical permission path

Non-canonical permission path is useless because the path received
by auth is always canonical, which is due to our ServeMux always
redirects request to canonical path().

This helps users to detect path permission setting error early.

Ref: http://godoc.org/net/http#ServeMux

etcdctl/command/role_commands.go

@@ -23,6 +23,7 @@ import (
 	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/codegangsta/cli"
 	"github.com/coreos/etcd/Godeps/_workspace/src/golang.org/x/net/context"
 	"github.com/coreos/etcd/client"
+	"github.com/coreos/etcd/pkg/pathutil"
 )
 
 func NewRoleCommands() cli.Command {
@@ -152,6 +153,10 @@ func roleGrantRevoke(c *cli.Context, grant bool) {
 		fmt.Fprintln(os.Stderr, "No path specified; please use `-path`")
 		os.Exit(1)
 	}
+	if pathutil.CanonicalURLPath(path) != path {
+		fmt.Fprintf(os.Stderr, "Not canonical path; please use `-path=%s`\n", pathutil.CanonicalURLPath(path))
+		os.Exit(1)
+	}
 
 	read := c.Bool("read")
 	write := c.Bool("write")