line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
9
|
|
|
9
|
|
69
|
use utf8; |
|
9
|
|
|
|
|
21
|
|
|
9
|
|
|
|
|
74
|
|
2
|
|
|
|
|
|
|
package Net::Etcd::Auth; |
3
|
|
|
|
|
|
|
|
4
|
9
|
|
|
9
|
|
399
|
use strict; |
|
9
|
|
|
|
|
22
|
|
|
9
|
|
|
|
|
217
|
|
5
|
9
|
|
|
9
|
|
46
|
use warnings; |
|
9
|
|
|
|
|
21
|
|
|
9
|
|
|
|
|
302
|
|
6
|
|
|
|
|
|
|
|
7
|
|
|
|
|
|
|
=encoding utf8 |
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
=cut |
10
|
|
|
|
|
|
|
|
11
|
9
|
|
|
9
|
|
54
|
use JSON; |
|
9
|
|
|
|
|
18
|
|
|
9
|
|
|
|
|
70
|
|
12
|
9
|
|
|
9
|
|
1227
|
use Carp; |
|
9
|
|
|
|
|
20
|
|
|
9
|
|
|
|
|
869
|
|
13
|
9
|
|
|
9
|
|
65
|
use Types::Standard qw(Str); |
|
9
|
|
|
|
|
21
|
|
|
9
|
|
|
|
|
85
|
|
14
|
9
|
|
|
9
|
|
7521
|
use Net::Etcd::Auth::Role; |
|
9
|
|
|
|
|
41
|
|
|
9
|
|
|
|
|
354
|
|
15
|
|
|
|
|
|
|
|
16
|
9
|
|
|
9
|
|
88
|
use Moo; |
|
9
|
|
|
|
|
23
|
|
|
9
|
|
|
|
|
49
|
|
17
|
|
|
|
|
|
|
with 'Net::Etcd::Role::Actions'; |
18
|
9
|
|
|
9
|
|
3694
|
use namespace::clean; |
|
9
|
|
|
|
|
23
|
|
|
9
|
|
|
|
|
133
|
|
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
=head1 NAME |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
Net::Etcd::Auth |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
=cut |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
our $VERSION = '0.021'; |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
=head1 DESCRIPTION |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
Authentication |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
=cut |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
=head1 SYNOPSIS |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
Steps to enable authentication. |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
# add user |
40
|
|
|
|
|
|
|
$etcd->user({ name => 'root', password => 'toor' })->add; |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
# add role |
43
|
|
|
|
|
|
|
$etcd->role({ name => 'root' })->add; |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
# grant role |
46
|
|
|
|
|
|
|
$etcd->user_role({ user => 'root', role => 'root' })->grant; |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
# enable auth |
49
|
|
|
|
|
|
|
$etcd->auth()->enable; |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
=cut |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
=head2 endpoint |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
=cut |
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
has endpoint => ( |
58
|
|
|
|
|
|
|
is => 'ro', |
59
|
|
|
|
|
|
|
isa => Str, |
60
|
|
|
|
|
|
|
); |
61
|
|
|
|
|
|
|
|
62
|
|
|
|
|
|
|
=head2 name |
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
Defaults to $etcd->name |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
=cut |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
has name => ( |
69
|
|
|
|
|
|
|
is => 'lazy', |
70
|
|
|
|
|
|
|
); |
71
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
sub _build_name { |
73
|
0
|
|
|
0
|
|
|
my ($self) = @_; |
74
|
0
|
|
|
|
|
|
my $user = $self->etcd->name; |
75
|
0
|
0
|
|
|
|
|
return $user if $user; |
76
|
0
|
|
|
|
|
|
return; |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
=head2 password |
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
Defaults to $etcd->password |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
=cut |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
has password => ( |
86
|
|
|
|
|
|
|
is => 'lazy', |
87
|
|
|
|
|
|
|
); |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
sub _build_password { |
90
|
0
|
|
|
0
|
|
|
my ($self) = @_; |
91
|
0
|
|
|
|
|
|
my $pwd = $self->etcd->password; |
92
|
0
|
0
|
|
|
|
|
return $pwd if $pwd; |
93
|
0
|
|
|
|
|
|
return; |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
=head1 PUBLIC METHODS |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
=head2 authenticate |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
Returns token with valid authentication. The token must then be passed in the Authorization header. |
101
|
|
|
|
|
|
|
The module handles passing, storing and refreshing of the token for you as long as you define a name |
102
|
|
|
|
|
|
|
and password. |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
# authenticate etcd as root |
105
|
|
|
|
|
|
|
$etcd = Net::Etcd->new({ name => 'root', password => 'toor' }); |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
# switch to non root user |
108
|
|
|
|
|
|
|
$etcd->auth({ name => $user, password => $pass })->authenticate; |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
=cut |
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
sub authenticate { |
113
|
0
|
|
|
0
|
1
|
|
my ( $self, $options ) = @_; |
114
|
0
|
|
|
|
|
|
local $@; |
115
|
0
|
|
|
|
|
|
$self->{endpoint} = '/auth/authenticate'; |
116
|
0
|
0
|
0
|
|
|
|
return unless ($self->password && $self->name); |
117
|
0
|
|
|
|
|
|
$self->request; |
118
|
0
|
|
|
|
|
|
my $auth; |
119
|
0
|
|
|
|
|
|
eval { $auth = from_json($self->{response}{content}) }; |
|
0
|
|
|
|
|
|
|
120
|
0
|
0
|
|
|
|
|
if ($@) { |
121
|
0
|
|
|
|
|
|
$self->{response}{content} = 'error: ' . $@; |
122
|
0
|
|
|
|
|
|
return; |
123
|
|
|
|
|
|
|
} |
124
|
0
|
0
|
0
|
|
|
|
if ($auth && defined $auth->{token}) { |
125
|
0
|
|
|
|
|
|
$self->etcd->{auth_token} = $auth->{token}; |
126
|
|
|
|
|
|
|
} |
127
|
0
|
|
|
|
|
|
return; |
128
|
|
|
|
|
|
|
} |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
=head2 enable |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
Enable authentication. |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
$etcd->auth()->enable; |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
=cut |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
sub enable { |
139
|
0
|
|
|
0
|
1
|
|
my ( $self, $options ) = @_; |
140
|
0
|
|
|
|
|
|
$self->{endpoint} = '/auth/enable'; |
141
|
0
|
|
|
|
|
|
$self->{json_args} = '{}'; |
142
|
0
|
|
|
|
|
|
$self->request; |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
# init token |
145
|
0
|
|
|
|
|
|
$self->etcd->auth()->authenticate; |
146
|
0
|
|
|
|
|
|
return $self; |
147
|
|
|
|
|
|
|
} |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=head2 disable |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
Disable authentication, this requires a valid root password. |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
$etcd->auth({ name => 'root', password => $pass })->disable; |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
=cut |
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
sub disable { |
158
|
0
|
|
|
0
|
1
|
|
my ( $self, $options ) = @_; |
159
|
0
|
|
|
|
|
|
$self->{endpoint} = '/auth/disable'; |
160
|
0
|
0
|
0
|
|
|
|
confess 'root name and password required for ' . __PACKAGE__ . '->disable' |
161
|
|
|
|
|
|
|
unless ($self->password && $self->name); |
162
|
0
|
|
|
|
|
|
$self->request; |
163
|
0
|
|
|
|
|
|
$self->etcd->clear_auth_token; |
164
|
0
|
|
|
|
|
|
return $self; |
165
|
|
|
|
|
|
|
} |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
1; |