diff --git a/cmd/common.go b/cmd/common.go index 56943e905..b88a7074e 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -52,6 +52,8 @@ type CommonConfig struct { KubeContext string KubeNamespace string StoreTimeout time.Duration + StoreUsername string + StorePassword string } func AddCommonFlags(cmd *cobra.Command, cfg *CommonConfig) { @@ -64,6 +66,8 @@ func AddCommonFlags(cmd *cobra.Command, cfg *CommonConfig) { cmd.PersistentFlags().StringVar(&cfg.StoreKeyFile, "store-key", "", "private key file for client identification to the store") cmd.PersistentFlags().BoolVar(&cfg.StoreSkipTlsVerify, "store-skip-tls-verify", false, "skip store certificate verification (insecure!!!)") cmd.PersistentFlags().StringVar(&cfg.StoreCAFile, "store-ca-file", "", "verify certificates of HTTPS-enabled store servers using this CA bundle") + cmd.PersistentFlags().StringVar(&cfg.StoreUsername, "store-username", "", "Username for client identification to the store") + cmd.PersistentFlags().StringVar(&cfg.StorePassword, "store-password", "", "Password for client identification to the store") cmd.PersistentFlags().StringVar(&cfg.MetricsListenAddress, "metrics-listen-address", "", "metrics listen address i.e \"0.0.0.0:8080\" (disabled by default)") cmd.PersistentFlags().StringVar(&cfg.KubeResourceKind, "kube-resource-kind", "", `the k8s resource kind to be used to store stolon clusterdata and do sentinel leader election (only "configmap" is currently supported)`) @@ -106,14 +110,39 @@ func CheckCommonConfig(cfg *CommonConfig) error { return fmt.Errorf("store backend type required") } + checkCredentials := func() error { + if cfg.StoreUsername == "" && cfg.StorePassword != "" { + return fmt.Errorf("missing store username") + } + if cfg.StoreUsername != "" && cfg.StorePassword == "" { + return fmt.Errorf("missing store password") + } + return nil + } + switch cfg.StoreBackend { case "consul": + if err := checkCredentials(); err != nil { + return err + } case "etcd": // etcd is old alias for etcdv2 cfg.StoreBackend = "etcdv2" + if err := checkCredentials(); err != nil { + return err + } case "etcdv2": + if err := checkCredentials(); err != nil { + return err + } case "etcdv3": + if err := checkCredentials(); err != nil { + return err + } case "kubernetes": + if cfg.StoreUsername != "" || cfg.StorePassword != "" { + return fmt.Errorf("kubernetes store does not support username and password") + } if cfg.KubeResourceKind == "" { return fmt.Errorf("unspecified kubernetes resource kind") } @@ -151,6 +180,8 @@ func NewKVStore(cfg *CommonConfig) (store.KVStore, error) { KeyFile: cfg.StoreKeyFile, CAFile: cfg.StoreCAFile, SkipTLSVerify: cfg.StoreSkipTlsVerify, + Username: cfg.StoreUsername, + Password: cfg.StorePassword, }) } diff --git a/doc/commands/stolon-keeper.md b/doc/commands/stolon-keeper.md index a18311910..e577a01f8 100644 --- a/doc/commands/stolon-keeper.md +++ b/doc/commands/stolon-keeper.md @@ -44,6 +44,8 @@ stolon-keeper [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store --uid string keeper uid (must be unique in the cluster and can contain only lower-case letters, numbers and the underscore character). If not provided a random uid will be generated. ``` diff --git a/doc/commands/stolon-proxy.md b/doc/commands/stolon-proxy.md index df2f661c3..9bde5585f 100644 --- a/doc/commands/stolon-proxy.md +++ b/doc/commands/stolon-proxy.md @@ -30,6 +30,8 @@ stolon-proxy [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store --tcp-keepalive-count int set tcp keepalive probe count number --tcp-keepalive-idle int set tcp keepalive idle (seconds) --tcp-keepalive-interval int set tcp keepalive interval (seconds) diff --git a/doc/commands/stolon-sentinel.md b/doc/commands/stolon-sentinel.md index b8e3b34ff..092884b53 100644 --- a/doc/commands/stolon-sentinel.md +++ b/doc/commands/stolon-sentinel.md @@ -28,6 +28,8 @@ stolon-sentinel [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ###### Auto generated by spf13/cobra on 24-Feb-2021 diff --git a/doc/commands/stolonctl.md b/doc/commands/stolonctl.md index 0547f75f0..90d4bd86e 100644 --- a/doc/commands/stolonctl.md +++ b/doc/commands/stolonctl.md @@ -29,6 +29,8 @@ stolonctl [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_clusterdata.md b/doc/commands/stolonctl_clusterdata.md index 3b889bd00..6d04d5163 100644 --- a/doc/commands/stolonctl_clusterdata.md +++ b/doc/commands/stolonctl_clusterdata.md @@ -30,6 +30,8 @@ Manage current cluster data --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_clusterdata_read.md b/doc/commands/stolonctl_clusterdata_read.md index 09be2561e..4e0640fd0 100644 --- a/doc/commands/stolonctl_clusterdata_read.md +++ b/doc/commands/stolonctl_clusterdata_read.md @@ -35,6 +35,8 @@ stolonctl clusterdata read [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_clusterdata_write.md b/doc/commands/stolonctl_clusterdata_write.md index d8c81e36d..e0eaeb9fd 100644 --- a/doc/commands/stolonctl_clusterdata_write.md +++ b/doc/commands/stolonctl_clusterdata_write.md @@ -36,6 +36,8 @@ stolonctl clusterdata write [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_failkeeper.md b/doc/commands/stolonctl_failkeeper.md index 5148a592d..ae8317813 100644 --- a/doc/commands/stolonctl_failkeeper.md +++ b/doc/commands/stolonctl_failkeeper.md @@ -34,6 +34,8 @@ stolonctl failkeeper [keeper uid] [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_init.md b/doc/commands/stolonctl_init.md index d39c41ffc..89e01d598 100644 --- a/doc/commands/stolonctl_init.md +++ b/doc/commands/stolonctl_init.md @@ -36,6 +36,8 @@ stolonctl init [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_promote.md b/doc/commands/stolonctl_promote.md index f3282eb9e..8b651f22e 100644 --- a/doc/commands/stolonctl_promote.md +++ b/doc/commands/stolonctl_promote.md @@ -35,6 +35,8 @@ stolonctl promote [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_register.md b/doc/commands/stolonctl_register.md index 00d343f28..d5e67da81 100644 --- a/doc/commands/stolonctl_register.md +++ b/doc/commands/stolonctl_register.md @@ -45,6 +45,8 @@ stolonctl register [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_removekeeper.md b/doc/commands/stolonctl_removekeeper.md index 1c65a00d6..f9f64149d 100644 --- a/doc/commands/stolonctl_removekeeper.md +++ b/doc/commands/stolonctl_removekeeper.md @@ -34,6 +34,8 @@ stolonctl removekeeper [keeper uid] [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_spec.md b/doc/commands/stolonctl_spec.md index e967557ae..347363143 100644 --- a/doc/commands/stolonctl_spec.md +++ b/doc/commands/stolonctl_spec.md @@ -35,6 +35,8 @@ stolonctl spec [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_status.md b/doc/commands/stolonctl_status.md index f175aeb80..fcf9da8f0 100644 --- a/doc/commands/stolonctl_status.md +++ b/doc/commands/stolonctl_status.md @@ -35,6 +35,8 @@ stolonctl status [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_update.md b/doc/commands/stolonctl_update.md index ce8e40805..86d11ecf4 100644 --- a/doc/commands/stolonctl_update.md +++ b/doc/commands/stolonctl_update.md @@ -36,6 +36,8 @@ stolonctl update [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/doc/commands/stolonctl_version.md b/doc/commands/stolonctl_version.md index ac3ac5234..b2a4ab2c0 100644 --- a/doc/commands/stolonctl_version.md +++ b/doc/commands/stolonctl_version.md @@ -34,6 +34,8 @@ stolonctl version [flags] --store-prefix string the store base prefix (default "stolon/cluster") --store-skip-tls-verify skip store certificate verification (insecure!!!) --store-timeout duration store request timeout (default 5s) + --store-username string username for client identification to the store + --store-password string password for client identification to the store ``` ### SEE ALSO diff --git a/internal/store/kvbacked.go b/internal/store/kvbacked.go index faa1cc615..5c43e0da6 100644 --- a/internal/store/kvbacked.go +++ b/internal/store/kvbacked.go @@ -71,6 +71,8 @@ type Config struct { KeyFile string CAFile string SkipTLSVerify bool + Username string + Password string } // KVPair represents {Key, Value, Lastindex} tuple @@ -174,6 +176,8 @@ func NewKVStore(cfg Config) (KVStore, error) { config := &libkvstore.Config{ TLS: tlsConfig, ConnectionTimeout: cfg.Timeout, + Username: cfg.Username, + Password: cfg.Password, } store, err := libkv.NewStore(kvBackend, addrs, config) @@ -188,6 +192,8 @@ func NewKVStore(cfg Config) (KVStore, error) { DialTimeout: 20 * time.Second, DialKeepAliveTime: 1 * time.Second, DialKeepAliveTimeout: cfg.Timeout, + Username: cfg.Username, + Password: cfg.Password, } c, err := etcdclientv3.New(config)