Added store username and password support

cmd/common.go

@@ -52,6 +52,8 @@ type CommonConfig struct {
 	KubeContext          string
 	KubeNamespace        string
 	StoreTimeout         time.Duration
+	StoreUsername        string
+	StorePassword        string
 }
 
 func AddCommonFlags(cmd *cobra.Command, cfg *CommonConfig) {
@@ -64,6 +66,8 @@ func AddCommonFlags(cmd *cobra.Command, cfg *CommonConfig) {
 	cmd.PersistentFlags().StringVar(&cfg.StoreKeyFile, "store-key", "", "private key file for client identification to the store")
 	cmd.PersistentFlags().BoolVar(&cfg.StoreSkipTlsVerify, "store-skip-tls-verify", false, "skip store certificate verification (insecure!!!)")
 	cmd.PersistentFlags().StringVar(&cfg.StoreCAFile, "store-ca-file", "", "verify certificates of HTTPS-enabled store servers using this CA bundle")
+	cmd.PersistentFlags().StringVar(&cfg.StoreUsername, "store-username", "", "Username for client identification to the store")
+	cmd.PersistentFlags().StringVar(&cfg.StorePassword, "store-password", "", "Password for client identification to the store")
 	cmd.PersistentFlags().StringVar(&cfg.MetricsListenAddress, "metrics-listen-address", "", "metrics listen address i.e \"0.0.0.0:8080\" (disabled by default)")
 	cmd.PersistentFlags().StringVar(&cfg.KubeResourceKind, "kube-resource-kind", "", `the k8s resource kind to be used to store stolon clusterdata and do sentinel leader election (only "configmap" is currently supported)`)
 
@@ -106,14 +110,39 @@ func CheckCommonConfig(cfg *CommonConfig) error {
 		return fmt.Errorf("store backend type required")
 	}
 
+	checkCredentials := func() error {
+		if cfg.StoreUsername == "" && cfg.StorePassword != "" {
+			return fmt.Errorf("missing store username")
+		}
+		if cfg.StoreUsername != "" && cfg.StorePassword == "" {
+			return fmt.Errorf("missing store password")
+		}
+		return nil
+	}
+
 	switch cfg.StoreBackend {
 	case "consul":
+		if err := checkCredentials(); err != nil {
+			return err
+		}
 	case "etcd":
 		// etcd is old alias for etcdv2
 		cfg.StoreBackend = "etcdv2"
+		if err := checkCredentials(); err != nil {
+			return err
+		}
 	case "etcdv2":
+		if err := checkCredentials(); err != nil {
+			return err
+		}
 	case "etcdv3":
+		if err := checkCredentials(); err != nil {
+			return err
+		}
 	case "kubernetes":
+		if cfg.StoreUsername != "" || cfg.StorePassword != "" {
+			return fmt.Errorf("kubernetes store does not support username and password")
+		}
 		if cfg.KubeResourceKind == "" {
 			return fmt.Errorf("unspecified kubernetes resource kind")
 		}
@@ -151,6 +180,8 @@ func NewKVStore(cfg *CommonConfig) (store.KVStore, error) {
 		KeyFile:       cfg.StoreKeyFile,
 		CAFile:        cfg.StoreCAFile,
 		SkipTLSVerify: cfg.StoreSkipTlsVerify,
+		Username:      cfg.StoreUsername,
+		Password:      cfg.StorePassword,
 	})
 }
 

doc/commands/stolon-keeper.md

@@ -44,6 +44,8 @@ stolon-keeper [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
       --uid string                      keeper uid (must be unique in the cluster and can contain only lower-case letters, numbers and the underscore character). If not provided a random uid will be generated.
 ```
 

doc/commands/stolon-proxy.md

@@ -30,6 +30,8 @@ stolon-proxy [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
       --tcp-keepalive-count int         set tcp keepalive probe count number
       --tcp-keepalive-idle int          set tcp keepalive idle (seconds)
       --tcp-keepalive-interval int      set tcp keepalive interval (seconds)

doc/commands/stolon-sentinel.md

@@ -28,6 +28,8 @@ stolon-sentinel [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ###### Auto generated by spf13/cobra on 24-Feb-2021

doc/commands/stolonctl.md

@@ -29,6 +29,8 @@ stolonctl [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_clusterdata.md

@@ -30,6 +30,8 @@ Manage current cluster data
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_clusterdata_read.md

@@ -35,6 +35,8 @@ stolonctl clusterdata read [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_clusterdata_write.md

@@ -36,6 +36,8 @@ stolonctl clusterdata write [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_failkeeper.md

@@ -34,6 +34,8 @@ stolonctl failkeeper [keeper uid] [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_init.md

@@ -36,6 +36,8 @@ stolonctl init [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_promote.md

@@ -35,6 +35,8 @@ stolonctl promote [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_register.md

@@ -45,6 +45,8 @@ stolonctl register [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_removekeeper.md

@@ -34,6 +34,8 @@ stolonctl removekeeper [keeper uid] [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_spec.md

@@ -35,6 +35,8 @@ stolonctl spec [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_status.md

@@ -35,6 +35,8 @@ stolonctl status [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_update.md

@@ -36,6 +36,8 @@ stolonctl update [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

doc/commands/stolonctl_version.md

@@ -34,6 +34,8 @@ stolonctl version [flags]
       --store-prefix string             the store base prefix (default "stolon/cluster")
       --store-skip-tls-verify           skip store certificate verification (insecure!!!)
       --store-timeout duration          store request timeout (default 5s)
+      --store-username string           username for client identification to the store
+      --store-password string           password for client identification to the store
 ```
 
 ### SEE ALSO

internal/store/kvbacked.go

@@ -71,6 +71,8 @@ type Config struct {
 	KeyFile       string
 	CAFile        string
 	SkipTLSVerify bool
+	Username      string
+	Password      string
 }
 
 // KVPair represents {Key, Value, Lastindex} tuple
@@ -174,6 +176,8 @@ func NewKVStore(cfg Config) (KVStore, error) {
 		config := &libkvstore.Config{
 			TLS:               tlsConfig,
 			ConnectionTimeout: cfg.Timeout,
+			Username:          cfg.Username,
+			Password:          cfg.Password,
 		}
 
 		store, err := libkv.NewStore(kvBackend, addrs, config)
@@ -188,6 +192,8 @@ func NewKVStore(cfg Config) (KVStore, error) {
 			DialTimeout:          20 * time.Second,
 			DialKeepAliveTime:    1 * time.Second,
 			DialKeepAliveTimeout: cfg.Timeout,
+			Username:             cfg.Username,
+			Password:             cfg.Password,
 		}
 
 		c, err := etcdclientv3.New(config)