From 2a4217340ec2ee72ef2e8ea1ee87826609ca94f4 Mon Sep 17 00:00:00 2001 From: Joe Betz Date: Fri, 11 Oct 2019 00:17:00 -0700 Subject: [PATCH] Revert #83735: Update etcd client to 3.3.16 --- go.mod | 4 +- go.sum | 4 +- .../src/k8s.io/apiextensions-apiserver/go.mod | 2 +- .../src/k8s.io/apiextensions-apiserver/go.sum | 4 +- staging/src/k8s.io/apiserver/go.mod | 2 +- staging/src/k8s.io/apiserver/go.sum | 4 +- staging/src/k8s.io/kube-aggregator/go.sum | 4 +- .../src/k8s.io/legacy-cloud-providers/go.sum | 2 +- staging/src/k8s.io/sample-apiserver/go.sum | 4 +- .../balancer/resolver/endpoint/endpoint.go | 23 +++---- .../github.com/coreos/etcd/clientv3/client.go | 47 ++++++-------- .../coreos/etcd/clientv3/credentials/BUILD | 1 - .../etcd/clientv3/credentials/credentials.go | 64 +++++++------------ vendor/github.com/coreos/etcd/embed/config.go | 22 +++---- .../etcd/etcdserver/api/v2http/client.go | 10 +-- .../coreos/etcd/mvcc/backend/backend.go | 2 +- vendor/github.com/coreos/etcd/mvcc/kvstore.go | 33 +++------- vendor/github.com/coreos/etcd/mvcc/metrics.go | 34 ---------- .../coreos/etcd/pkg/testutil/leak.go | 12 ++-- .../coreos/etcd/pkg/transport/listener.go | 9 +-- .../github.com/coreos/etcd/version/version.go | 2 +- vendor/modules.txt | 2 +- 22 files changed, 101 insertions(+), 190 deletions(-) diff --git a/go.mod b/go.mod index c3ac873d09e..0bc9a4ad2c2 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/containerd/typeurl v0.0.0-20190228175220-2a93cfde8c20 // indirect github.com/containernetworking/cni v0.7.1 github.com/coredns/corefile-migration v1.0.2 - github.com/coreos/etcd v3.3.16+incompatible + github.com/coreos/etcd v3.3.15+incompatible github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea github.com/coreos/rkt v1.30.0 // indirect @@ -227,7 +227,7 @@ replace ( github.com/containernetworking/cni => github.com/containernetworking/cni v0.7.1 github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.2 github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.1-coreos.6 - github.com/coreos/etcd => github.com/coreos/etcd v3.3.16+incompatible + github.com/coreos/etcd => github.com/coreos/etcd v3.3.15+incompatible github.com/coreos/go-etcd => github.com/coreos/go-etcd v2.0.0+incompatible github.com/coreos/go-oidc => github.com/coreos/go-oidc v2.1.0+incompatible github.com/coreos/go-semver => github.com/coreos/go-semver v0.3.0 diff --git a/go.sum b/go.sum index f204ba41ee0..76161371ca1 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/coredns/corefile-migration v1.0.2 h1:kQga1ATFIZdkBtU6c/oJdtASLcCRkDh3 github.com/coredns/corefile-migration v1.0.2/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= github.com/coreos/bbolt v1.3.1-coreos.6 h1:uTXKg9gY70s9jMAKdfljFQcuh4e/BXOM+V+d00KFj3A= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.16+incompatible h1:hQaR//OAeI1FQ3G5bGRL9VpFOCurqnEHSup4W693Tb4= -github.com/coreos/etcd v3.3.16+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.15+incompatible h1:+9RjdC18gMxNQVvSiXvObLu29mOFmkgdsB4cRTlV+EE= +github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= diff --git a/staging/src/k8s.io/apiextensions-apiserver/go.mod b/staging/src/k8s.io/apiextensions-apiserver/go.mod index 7e4a450edd0..10e5f6aa3f7 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/go.mod +++ b/staging/src/k8s.io/apiextensions-apiserver/go.mod @@ -5,7 +5,7 @@ module k8s.io/apiextensions-apiserver go 1.12 require ( - github.com/coreos/etcd v3.3.16+incompatible + github.com/coreos/etcd v3.3.15+incompatible github.com/emicklei/go-restful v2.9.5+incompatible github.com/go-openapi/errors v0.19.2 github.com/go-openapi/spec v0.19.2 diff --git a/staging/src/k8s.io/apiextensions-apiserver/go.sum b/staging/src/k8s.io/apiextensions-apiserver/go.sum index c5a0d5bac73..44d18b3328d 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/go.sum +++ b/staging/src/k8s.io/apiextensions-apiserver/go.sum @@ -39,8 +39,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/coreos/bbolt v1.3.1-coreos.6 h1:uTXKg9gY70s9jMAKdfljFQcuh4e/BXOM+V+d00KFj3A= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.16+incompatible h1:hQaR//OAeI1FQ3G5bGRL9VpFOCurqnEHSup4W693Tb4= -github.com/coreos/etcd v3.3.16+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.15+incompatible h1:+9RjdC18gMxNQVvSiXvObLu29mOFmkgdsB4cRTlV+EE= +github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= diff --git a/staging/src/k8s.io/apiserver/go.mod b/staging/src/k8s.io/apiserver/go.mod index 047e94b8481..080c61145a3 100644 --- a/staging/src/k8s.io/apiserver/go.mod +++ b/staging/src/k8s.io/apiserver/go.mod @@ -7,7 +7,7 @@ go 1.12 require ( github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/coreos/bbolt v1.3.1-coreos.6 // indirect - github.com/coreos/etcd v3.3.16+incompatible + github.com/coreos/etcd v3.3.15+incompatible github.com/coreos/go-oidc v2.1.0+incompatible github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e diff --git a/staging/src/k8s.io/apiserver/go.sum b/staging/src/k8s.io/apiserver/go.sum index 669cf625eec..ae7a4f9918a 100644 --- a/staging/src/k8s.io/apiserver/go.sum +++ b/staging/src/k8s.io/apiserver/go.sum @@ -31,8 +31,8 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/coreos/bbolt v1.3.1-coreos.6 h1:uTXKg9gY70s9jMAKdfljFQcuh4e/BXOM+V+d00KFj3A= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.16+incompatible h1:hQaR//OAeI1FQ3G5bGRL9VpFOCurqnEHSup4W693Tb4= -github.com/coreos/etcd v3.3.16+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.15+incompatible h1:+9RjdC18gMxNQVvSiXvObLu29mOFmkgdsB4cRTlV+EE= +github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= diff --git a/staging/src/k8s.io/kube-aggregator/go.sum b/staging/src/k8s.io/kube-aggregator/go.sum index 32a3c1f3278..c12cf24ff98 100644 --- a/staging/src/k8s.io/kube-aggregator/go.sum +++ b/staging/src/k8s.io/kube-aggregator/go.sum @@ -33,8 +33,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/coreos/bbolt v1.3.1-coreos.6 h1:uTXKg9gY70s9jMAKdfljFQcuh4e/BXOM+V+d00KFj3A= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.16+incompatible h1:hQaR//OAeI1FQ3G5bGRL9VpFOCurqnEHSup4W693Tb4= -github.com/coreos/etcd v3.3.16+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.15+incompatible h1:+9RjdC18gMxNQVvSiXvObLu29mOFmkgdsB4cRTlV+EE= +github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= diff --git a/staging/src/k8s.io/legacy-cloud-providers/go.sum b/staging/src/k8s.io/legacy-cloud-providers/go.sum index 8e35ad969ab..f8fd01217f5 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/go.sum +++ b/staging/src/k8s.io/legacy-cloud-providers/go.sum @@ -43,7 +43,7 @@ github.com/blang/semver v3.5.0+incompatible h1:CGxCgetQ64DKk7rdZ++Vfnb1+ogGNnB17 github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.16+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= diff --git a/staging/src/k8s.io/sample-apiserver/go.sum b/staging/src/k8s.io/sample-apiserver/go.sum index 9fa46c4fe29..0457029a5ba 100644 --- a/staging/src/k8s.io/sample-apiserver/go.sum +++ b/staging/src/k8s.io/sample-apiserver/go.sum @@ -33,8 +33,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/coreos/bbolt v1.3.1-coreos.6 h1:uTXKg9gY70s9jMAKdfljFQcuh4e/BXOM+V+d00KFj3A= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.16+incompatible h1:hQaR//OAeI1FQ3G5bGRL9VpFOCurqnEHSup4W693Tb4= -github.com/coreos/etcd v3.3.16+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.15+incompatible h1:+9RjdC18gMxNQVvSiXvObLu29mOFmkgdsB4cRTlV+EE= +github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= diff --git a/vendor/github.com/coreos/etcd/clientv3/balancer/resolver/endpoint/endpoint.go b/vendor/github.com/coreos/etcd/clientv3/balancer/resolver/endpoint/endpoint.go index 864b5df6426..1f32039e37b 100644 --- a/vendor/github.com/coreos/etcd/clientv3/balancer/resolver/endpoint/endpoint.go +++ b/vendor/github.com/coreos/etcd/clientv3/balancer/resolver/endpoint/endpoint.go @@ -16,9 +16,7 @@ package endpoint import ( - "context" "fmt" - "net" "net/url" "strings" "sync" @@ -230,18 +228,13 @@ func ParseTarget(target string) (string, string, error) { return parts[0], parts[1], nil } -// Dialer dials a endpoint using net.Dialer. -// Context cancelation and timeout are supported. -func Dialer(ctx context.Context, dialEp string) (net.Conn, error) { - proto, host, _ := ParseEndpoint(dialEp) - select { - case <-ctx.Done(): - return nil, ctx.Err() - default: +// ParseHostPort splits a ":" string into the host and port parts. +// The port part is optional. +func ParseHostPort(hostPort string) (host string, port string) { + parts := strings.SplitN(hostPort, ":", 2) + host = parts[0] + if len(parts) > 1 { + port = parts[1] } - dialer := &net.Dialer{} - if deadline, ok := ctx.Deadline(); ok { - dialer.Deadline = deadline - } - return dialer.DialContext(ctx, proto, host) + return host, port } diff --git a/vendor/github.com/coreos/etcd/clientv3/client.go b/vendor/github.com/coreos/etcd/clientv3/client.go index 4c9df7a19a3..64ac2da1502 100644 --- a/vendor/github.com/coreos/etcd/clientv3/client.go +++ b/vendor/github.com/coreos/etcd/clientv3/client.go @@ -25,13 +25,13 @@ import ( "sync" "time" + "github.com/google/uuid" "github.com/coreos/etcd/clientv3/balancer" "github.com/coreos/etcd/clientv3/balancer/picker" "github.com/coreos/etcd/clientv3/balancer/resolver/endpoint" "github.com/coreos/etcd/clientv3/credentials" "github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes" "github.com/coreos/etcd/pkg/logutil" - "github.com/google/uuid" "go.uber.org/zap" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -226,17 +226,24 @@ func (c *Client) dialSetupOpts(creds grpccredentials.TransportCredentials, dopts } opts = append(opts, dopts...) - dialer := endpoint.Dialer + // Provide a net dialer that supports cancelation and timeout. + f := func(dialEp string, t time.Duration) (net.Conn, error) { + proto, host, _ := endpoint.ParseEndpoint(dialEp) + select { + case <-c.ctx.Done(): + return nil, c.ctx.Err() + default: + } + dialer := &net.Dialer{Timeout: t} + return dialer.DialContext(c.ctx, proto, host) + } + opts = append(opts, grpc.WithDialer(f)) + if creds != nil { opts = append(opts, grpc.WithTransportCredentials(creds)) - // gRPC load balancer workaround. See credentials.transportCredential for details. - if credsDialer, ok := creds.(TransportCredentialsWithDialer); ok { - dialer = credsDialer.Dialer - } } else { opts = append(opts, grpc.WithInsecure()) } - opts = append(opts, grpc.WithContextDialer(dialer)) // Interceptor retry and backoff. // TODO: Replace all of clientv3/retry.go with interceptor based retry, or with @@ -255,10 +262,7 @@ func (c *Client) dialSetupOpts(creds grpccredentials.TransportCredentials, dopts // Dial connects to a single endpoint using the client's config. func (c *Client) Dial(ep string) (*grpc.ClientConn, error) { - creds, err := c.directDialCreds(ep) - if err != nil { - return nil, err - } + creds := c.directDialCreds(ep) // Use the grpc passthrough resolver to directly dial a single endpoint. // This resolver passes through the 'unix' and 'unixs' endpoints schemes used // by etcd without modification, allowing us to directly dial endpoints and @@ -361,8 +365,8 @@ func (c *Client) dial(target string, creds grpccredentials.TransportCredentials, return conn, nil } -func (c *Client) directDialCreds(ep string) (grpccredentials.TransportCredentials, error) { - _, host, scheme := endpoint.ParseEndpoint(ep) +func (c *Client) directDialCreds(ep string) grpccredentials.TransportCredentials { + _, hostPort, scheme := endpoint.ParseEndpoint(ep) creds := c.creds if len(scheme) != 0 { creds = c.processCreds(scheme) @@ -371,17 +375,12 @@ func (c *Client) directDialCreds(ep string) (grpccredentials.TransportCredential // Set the server name must to the endpoint hostname without port since grpc // otherwise attempts to check if x509 cert is valid for the full endpoint // including the scheme and port, which fails. - overrideServerName, _, err := net.SplitHostPort(host) - if err != nil { - // Either the host didn't have a port or the host could not be parsed. Either way, continue with the - // original host string. - overrideServerName = host - } - clone.OverrideServerName(overrideServerName) + host, _ := endpoint.ParseHostPort(hostPort) + clone.OverrideServerName(host) creds = clone } } - return creds, nil + return creds } func (c *Client) dialWithBalancerCreds(ep string) grpccredentials.TransportCredentials { @@ -660,9 +659,3 @@ func IsConnCanceled(err error) bool { // <= gRPC v1.7.x returns 'errors.New("grpc: the client connection is closing")' return strings.Contains(err.Error(), "grpc: the client connection is closing") } - -// TransportCredentialsWithDialer is for a gRPC load balancer workaround. See credentials.transportCredential for details. -type TransportCredentialsWithDialer interface { - grpccredentials.TransportCredentials - Dialer(ctx context.Context, dialEp string) (net.Conn, error) -} diff --git a/vendor/github.com/coreos/etcd/clientv3/credentials/BUILD b/vendor/github.com/coreos/etcd/clientv3/credentials/BUILD index 169cc39b0ad..305f0712987 100644 --- a/vendor/github.com/coreos/etcd/clientv3/credentials/BUILD +++ b/vendor/github.com/coreos/etcd/clientv3/credentials/BUILD @@ -7,7 +7,6 @@ go_library( importpath = "github.com/coreos/etcd/clientv3/credentials", visibility = ["//visibility:public"], deps = [ - "//vendor/github.com/coreos/etcd/clientv3/balancer/resolver/endpoint:go_default_library", "//vendor/github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes:go_default_library", "//vendor/google.golang.org/grpc/credentials:go_default_library", ], diff --git a/vendor/github.com/coreos/etcd/clientv3/credentials/credentials.go b/vendor/github.com/coreos/etcd/clientv3/credentials/credentials.go index 2dc2012924e..e5a55667fe6 100644 --- a/vendor/github.com/coreos/etcd/clientv3/credentials/credentials.go +++ b/vendor/github.com/coreos/etcd/clientv3/credentials/credentials.go @@ -22,7 +22,6 @@ import ( "net" "sync" - "github.com/coreos/etcd/clientv3/balancer/resolver/endpoint" "github.com/coreos/etcd/etcdserver/api/v3rpc/rpctypes" grpccredentials "google.golang.org/grpc/credentials" ) @@ -66,37 +65,38 @@ func (b *bundle) NewWithMode(mode string) (grpccredentials.Bundle, error) { } // transportCredential implements "grpccredentials.TransportCredentials" interface. -// transportCredential wraps TransportCredentials to track which -// addresses are dialed for which endpoints, and then sets the authority when checking the endpoint's cert to the -// hostname or IP of the dialed endpoint. -// This is a workaround of a gRPC load balancer issue. gRPC uses the dialed target's service name as the authority when -// checking all endpoint certs, which does not work for etcd servers using their hostname or IP as the Subject Alternative Name -// in their TLS certs. -// To enable, include both WithTransportCredentials(creds) and WithContextDialer(creds.Dialer) -// when dialing. type transportCredential struct { gtc grpccredentials.TransportCredentials - mu sync.Mutex - // addrToEndpoint maps from the connection addresses that are dialed to the hostname or IP of the - // endpoint provided to the dialer when dialing - addrToEndpoint map[string]string } func newTransportCredential(cfg *tls.Config) *transportCredential { return &transportCredential{ - gtc: grpccredentials.NewTLS(cfg), - addrToEndpoint: map[string]string{}, + gtc: grpccredentials.NewTLS(cfg), } } func (tc *transportCredential) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, grpccredentials.AuthInfo, error) { - // Set the authority when checking the endpoint's cert to the hostname or IP of the dialed endpoint - tc.mu.Lock() - dialEp, ok := tc.addrToEndpoint[rawConn.RemoteAddr().String()] - tc.mu.Unlock() - if ok { - _, host, _ := endpoint.ParseEndpoint(dialEp) - authority = host + // Only overwrite when authority is an IP address! + // Let's say, a server runs SRV records on "etcd.local" that resolves + // to "m1.etcd.local", and its SAN field also includes "m1.etcd.local". + // But what if SAN does not include its resolved IP address (e.g. 127.0.0.1)? + // Then, the server should only authenticate using its DNS hostname "m1.etcd.local", + // instead of overwriting it with its IP address. + // And we do not overwrite "localhost" either. Only overwrite IP addresses! + if isIP(authority) { + target := rawConn.RemoteAddr().String() + if authority != target { + // When user dials with "grpc.WithDialer", "grpc.DialContext" "cc.parsedTarget" + // update only happens once. This is problematic, because when TLS is enabled, + // retries happen through "grpc.WithDialer" with static "cc.parsedTarget" from + // the initial dial call. + // If the server authenticates by IP addresses, we want to set a new endpoint as + // a new authority. Otherwise + // "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 192.168.121.180, not 192.168.223.156" + // when the new dial target is "192.168.121.180" whose certificate host name is also "192.168.121.180" + // but client tries to authenticate with previously set "cc.parsedTarget" field "192.168.223.156" + authority = target + } } return tc.gtc.ClientHandshake(ctx, authority, rawConn) } @@ -115,15 +115,8 @@ func (tc *transportCredential) Info() grpccredentials.ProtocolInfo { } func (tc *transportCredential) Clone() grpccredentials.TransportCredentials { - copy := map[string]string{} - tc.mu.Lock() - for k, v := range tc.addrToEndpoint { - copy[k] = v - } - tc.mu.Unlock() return &transportCredential{ - gtc: tc.gtc.Clone(), - addrToEndpoint: copy, + gtc: tc.gtc.Clone(), } } @@ -131,17 +124,6 @@ func (tc *transportCredential) OverrideServerName(serverNameOverride string) err return tc.gtc.OverrideServerName(serverNameOverride) } -func (tc *transportCredential) Dialer(ctx context.Context, dialEp string) (net.Conn, error) { - // Keep track of which addresses are dialed for which endpoints - conn, err := endpoint.Dialer(ctx, dialEp) - if conn != nil { - tc.mu.Lock() - tc.addrToEndpoint[conn.RemoteAddr().String()] = dialEp - tc.mu.Unlock() - } - return conn, err -} - // perRPCCredential implements "grpccredentials.PerRPCCredentials" interface. type perRPCCredential struct { authToken string diff --git a/vendor/github.com/coreos/etcd/embed/config.go b/vendor/github.com/coreos/etcd/embed/config.go index a48de294862..f74ed4b2794 100644 --- a/vendor/github.com/coreos/etcd/embed/config.go +++ b/vendor/github.com/coreos/etcd/embed/config.go @@ -273,17 +273,17 @@ func NewConfig() *Config { TickMs: 100, ElectionMs: 1000, InitialElectionTickAdvance: true, - LPUrls: []url.URL{*lpurl}, - LCUrls: []url.URL{*lcurl}, - APUrls: []url.URL{*apurl}, - ACUrls: []url.URL{*acurl}, - ClusterState: ClusterStateFlagNew, - InitialClusterToken: "etcd-cluster", - StrictReconfigCheck: DefaultStrictReconfigCheck, - LogOutput: DefaultLogOutput, - Metrics: "basic", - EnableV2: DefaultEnableV2, - AuthToken: "simple", + LPUrls: []url.URL{*lpurl}, + LCUrls: []url.URL{*lcurl}, + APUrls: []url.URL{*apurl}, + ACUrls: []url.URL{*acurl}, + ClusterState: ClusterStateFlagNew, + InitialClusterToken: "etcd-cluster", + StrictReconfigCheck: DefaultStrictReconfigCheck, + LogOutput: DefaultLogOutput, + Metrics: "basic", + EnableV2: DefaultEnableV2, + AuthToken: "simple", } cfg.InitialCluster = cfg.InitialClusterFromName(cfg.Name) return cfg diff --git a/vendor/github.com/coreos/etcd/etcdserver/api/v2http/client.go b/vendor/github.com/coreos/etcd/etcdserver/api/v2http/client.go index 14eb2b7d877..6aaf3db360b 100644 --- a/vendor/github.com/coreos/etcd/etcdserver/api/v2http/client.go +++ b/vendor/github.com/coreos/etcd/etcdserver/api/v2http/client.go @@ -73,11 +73,11 @@ func handleV2(mux *http.ServeMux, server etcdserver.ServerV2, timeout time.Durat } mh := &membersHandler{ - sec: sec, - server: server, - cluster: server.Cluster(), - timeout: timeout, - clock: clockwork.NewRealClock(), + sec: sec, + server: server, + cluster: server.Cluster(), + timeout: timeout, + clock: clockwork.NewRealClock(), clientCertAuthEnabled: server.ClientCertAuthEnabled(), } diff --git a/vendor/github.com/coreos/etcd/mvcc/backend/backend.go b/vendor/github.com/coreos/etcd/mvcc/backend/backend.go index 55dc3fce8fd..f7d9e60c2e7 100644 --- a/vendor/github.com/coreos/etcd/mvcc/backend/backend.go +++ b/vendor/github.com/coreos/etcd/mvcc/backend/backend.go @@ -292,7 +292,7 @@ func (b *backend) Defrag() error { func (b *backend) defrag() error { now := time.Now() - + // TODO: make this non-blocking? // lock batchTx to ensure nobody is using previous tx, and then // close previous ongoing tx. diff --git a/vendor/github.com/coreos/etcd/mvcc/kvstore.go b/vendor/github.com/coreos/etcd/mvcc/kvstore.go index ba34cd1f314..dd9f04ae211 100644 --- a/vendor/github.com/coreos/etcd/mvcc/kvstore.go +++ b/vendor/github.com/coreos/etcd/mvcc/kvstore.go @@ -309,7 +309,14 @@ func (s *store) Restore(b backend.Backend) error { } func (s *store) restore() error { - s.setupMetricsReporter() + b := s.b + + reportDbTotalSizeInBytesMu.Lock() + reportDbTotalSizeInBytes = func() float64 { return float64(b.Size()) } + reportDbTotalSizeInBytesMu.Unlock() + reportDbTotalSizeInUseInBytesMu.Lock() + reportDbTotalSizeInUseInBytes = func() float64 { return float64(b.SizeInUse()) } + reportDbTotalSizeInUseInBytesMu.Unlock() min, max := newRevBytes(), newRevBytes() revToBytes(revision{main: 1}, min) @@ -489,30 +496,6 @@ func (s *store) ConsistentIndex() uint64 { return v } -func (s *store) setupMetricsReporter() { - b := s.b - reportDbTotalSizeInBytesMu.Lock() - reportDbTotalSizeInBytes = func() float64 { return float64(b.Size()) } - reportDbTotalSizeInBytesMu.Unlock() - reportDbTotalSizeInUseInBytesMu.Lock() - reportDbTotalSizeInUseInBytes = func() float64 { return float64(b.SizeInUse()) } - reportDbTotalSizeInUseInBytesMu.Unlock() - reportCurrentRevMu.Lock() - reportCurrentRev = func() float64 { - s.revMu.RLock() - defer s.revMu.RUnlock() - return float64(s.currentRev) - } - reportCurrentRevMu.Unlock() - reportCompactRevMu.Lock() - reportCompactRev = func() float64 { - s.revMu.RLock() - defer s.revMu.RUnlock() - return float64(s.compactMainRev) - } - reportCompactRevMu.Unlock() -} - // appendMarkTombstone appends tombstone mark to normal revision bytes. func appendMarkTombstone(b []byte) []byte { if len(b) != revBytesLen { diff --git a/vendor/github.com/coreos/etcd/mvcc/metrics.go b/vendor/github.com/coreos/etcd/mvcc/metrics.go index 32464374683..b753310cff0 100644 --- a/vendor/github.com/coreos/etcd/mvcc/metrics.go +++ b/vendor/github.com/coreos/etcd/mvcc/metrics.go @@ -206,38 +206,6 @@ var ( // highest bucket start of 0.01 sec * 2^14 == 163.84 sec Buckets: prometheus.ExponentialBuckets(.01, 2, 15), }) - - currentRev = prometheus.NewGaugeFunc(prometheus.GaugeOpts{ - Namespace: "etcd_debugging", - Subsystem: "mvcc", - Name: "current_revision", - Help: "The current revision of store.", - }, - func() float64 { - reportCurrentRevMu.RLock() - defer reportCurrentRevMu.RUnlock() - return reportCurrentRev() - }, - ) - // overridden by mvcc initialization - reportCurrentRevMu sync.RWMutex - reportCurrentRev = func() float64 { return 0 } - - compactRev = prometheus.NewGaugeFunc(prometheus.GaugeOpts{ - Namespace: "etcd_debugging", - Subsystem: "mvcc", - Name: "compact_revision", - Help: "The revision of the last compaction in store.", - }, - func() float64 { - reportCompactRevMu.RLock() - defer reportCompactRevMu.RUnlock() - return reportCompactRev() - }, - ) - // overridden by mvcc initialization - reportCompactRevMu sync.RWMutex - reportCompactRev = func() float64 { return 0 } ) func init() { @@ -260,8 +228,6 @@ func init() { prometheus.MustRegister(dbTotalSizeInUse) prometheus.MustRegister(hashDurations) prometheus.MustRegister(hashRevDurations) - prometheus.MustRegister(currentRev) - prometheus.MustRegister(compactRev) } // ReportEventReceived reports that an event is received. diff --git a/vendor/github.com/coreos/etcd/pkg/testutil/leak.go b/vendor/github.com/coreos/etcd/pkg/testutil/leak.go index 91effec1d4c..2ebae1e6e88 100644 --- a/vendor/github.com/coreos/etcd/pkg/testutil/leak.go +++ b/vendor/github.com/coreos/etcd/pkg/testutil/leak.go @@ -70,13 +70,13 @@ func CheckAfterTest(d time.Duration) error { } var bad string badSubstring := map[string]string{ - ").writeLoop(": "a Transport", + ").writeLoop(": "a Transport", "created by net/http/httptest.(*Server).Start": "an httptest.Server", - "timeoutHandler": "a TimeoutHandler", - "net.(*netFD).connect(": "a timing out dial", - ").noteClientGone(": "a closenotifier sender", - ").readLoop(": "a Transport", - ".grpc": "a gRPC resource", + "timeoutHandler": "a TimeoutHandler", + "net.(*netFD).connect(": "a timing out dial", + ").noteClientGone(": "a closenotifier sender", + ").readLoop(": "a Transport", + ".grpc": "a gRPC resource", } var stacks string diff --git a/vendor/github.com/coreos/etcd/pkg/transport/listener.go b/vendor/github.com/coreos/etcd/pkg/transport/listener.go index 60a2f7a3345..48655063f6f 100644 --- a/vendor/github.com/coreos/etcd/pkg/transport/listener.go +++ b/vendor/github.com/coreos/etcd/pkg/transport/listener.go @@ -53,9 +53,6 @@ func wrapTLS(addr, scheme string, tlsinfo *TLSInfo, l net.Listener) (net.Listene if scheme != "https" && scheme != "unixs" { return l, nil } - if tlsinfo != nil && tlsinfo.SkipClientSANVerify { - return NewTLSListener(l, tlsinfo) - } return newTLSListener(l, tlsinfo, checkSAN) } @@ -68,8 +65,6 @@ type TLSInfo struct { CRLFile string InsecureSkipVerify bool - SkipClientSANVerify bool - // ServerName ensures the cert matches the given host in case of discovery / virtual hosting ServerName string @@ -100,7 +95,7 @@ func (info TLSInfo) Empty() bool { return info.CertFile == "" && info.KeyFile == "" } -func SelfCert(dirpath string, hosts []string, additionalUsages ...x509.ExtKeyUsage) (info TLSInfo, err error) { +func SelfCert(dirpath string, hosts []string) (info TLSInfo, err error) { if err = os.MkdirAll(dirpath, 0700); err != nil { return } @@ -129,7 +124,7 @@ func SelfCert(dirpath string, hosts []string, additionalUsages ...x509.ExtKeyUsa NotAfter: time.Now().Add(365 * (24 * time.Hour)), KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: append([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, additionalUsages...), + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } diff --git a/vendor/github.com/coreos/etcd/version/version.go b/vendor/github.com/coreos/etcd/version/version.go index 033b9eb4b1d..607b17071f0 100644 --- a/vendor/github.com/coreos/etcd/version/version.go +++ b/vendor/github.com/coreos/etcd/version/version.go @@ -26,7 +26,7 @@ import ( var ( // MinClusterVersion is the min cluster version this etcd binary is compatible with. MinClusterVersion = "3.0.0" - Version = "3.3.16" + Version = "3.3.15" APIVersion = "unknown" // Git SHA Value will be set during build diff --git a/vendor/modules.txt b/vendor/modules.txt index 39df9e01b97..ad3d86720e8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -194,7 +194,7 @@ github.com/coredns/corefile-migration/migration github.com/coredns/corefile-migration/migration/corefile # github.com/coreos/bbolt v1.3.1-coreos.6 => github.com/coreos/bbolt v1.3.1-coreos.6 github.com/coreos/bbolt -# github.com/coreos/etcd v3.3.16+incompatible => github.com/coreos/etcd v3.3.16+incompatible +# github.com/coreos/etcd v3.3.15+incompatible => github.com/coreos/etcd v3.3.15+incompatible github.com/coreos/etcd/alarm github.com/coreos/etcd/auth github.com/coreos/etcd/auth/authpb