From 8e05f0221b554cf06774bbbf9eb2fa80498de74f Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@gmail.com>
Date: Tue, 18 Apr 2017 00:00:53 -0700
Subject: [PATCH] *: simply ignore ErrAuthNotEnabled in clientv3 if auth is not
 enabled

Fix https://github.com/coreos/etcd/issues/7724
---
 auth/store.go           |  4 ++++
 clientv3/client.go      | 16 ++++++++++------
 e2e/ctl_v3_auth_test.go |  4 ++--
 etcdserver/v3_server.go |  4 +++-
 4 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/auth/store.go b/auth/store.go
index 33a388a79640..20b57f284897 100644
--- a/auth/store.go
+++ b/auth/store.go
@@ -282,6 +282,10 @@ func (as *authStore) Authenticate(ctx context.Context, username, password string
 }
 
 func (as *authStore) CheckPassword(username, password string) (uint64, error) {
+	if !as.isAuthEnabled() {
+		return 0, ErrAuthNotEnabled
+	}
+
 	tx := as.be.BatchTx()
 	tx.Lock()
 	defer tx.Unlock()
diff --git a/clientv3/client.go b/clientv3/client.go
index 1b6d9b5ba6af..1d3b7e399127 100644
--- a/clientv3/client.go
+++ b/clientv3/client.go
@@ -306,14 +306,18 @@ func (c *Client) dial(endpoint string, dopts ...grpc.DialOption) (*grpc.ClientCo
 			defer cancel()
 			ctx = cctx
 		}
-		if err := c.getToken(ctx); err != nil {
-			if err == ctx.Err() && ctx.Err() != c.ctx.Err() {
-				err = grpc.ErrClientConnTimeout
+
+		err := c.getToken(ctx)
+		if err != nil {
+			if toErr(ctx, err) != rpctypes.ErrAuthNotEnabled {
+				if err == ctx.Err() && ctx.Err() != c.ctx.Err() {
+					err = grpc.ErrClientConnTimeout
+				}
+				return nil, err
 			}
-			return nil, err
+		} else {
+			opts = append(opts, grpc.WithPerRPCCredentials(c.tokenCred))
 		}
-
-		opts = append(opts, grpc.WithPerRPCCredentials(c.tokenCred))
 	}
 
 	opts = append(opts, c.cfg.DialOptions...)
diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go
index 27207d8ac53a..ebeda4c6da84 100644
--- a/e2e/ctl_v3_auth_test.go
+++ b/e2e/ctl_v3_auth_test.go
@@ -88,9 +88,9 @@ func authDisableTest(cx ctlCtx) {
 		cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err)
 	}
 
-	// now auth fails unconditionally, note that failed RPC is Authenticate(), not Put()
+	// now ErrAuthNotEnabled of Authenticate() is simply ignored
 	cx.user, cx.pass = "test-user", "pass"
-	if err := ctlV3PutFailAuthDisabled(cx, "hoo", "bar"); err != nil {
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
 		cx.t.Fatal(err)
 	}
 
diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go
index 09cc3fccd308..a86e07513642 100644
--- a/etcdserver/v3_server.go
+++ b/etcdserver/v3_server.go
@@ -374,7 +374,9 @@ func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest
 	for {
 		checkedRevision, err := s.AuthStore().CheckPassword(r.Name, r.Password)
 		if err != nil {
-			plog.Errorf("invalid authentication request to user %s was issued", r.Name)
+			if err != auth.ErrAuthNotEnabled {
+				plog.Errorf("invalid authentication request to user %s was issued", r.Name)
+			}
 			return nil, err
 		}