Skip to content

Commit

Permalink
Merge pull request #7759 from mitake/fix-7724
Browse files Browse the repository at this point in the history 
*: simply ignore ErrAuthNotEnabled in clientv3 if auth is not enabled
  • Loading branch information
@mitake
mitake committed Apr 19, 2017
2 parents 8fa4b8d + e1306bf commit d3456b5
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 13 deletions.
4 changes: 4 additions & 0 deletions auth/store.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,10 @@ func (as *authStore) Authenticate(ctx context.Context, username, password string
}

func (as *authStore) CheckPassword(username, password string) (uint64, error) {
if !as.isAuthEnabled() {
return 0, ErrAuthNotEnabled
}

tx := as.be.BatchTx()
tx.Lock()
defer tx.Unlock()
Expand Down
16 changes: 10 additions & 6 deletions clientv3/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,14 +306,18 @@ func (c *Client) dial(endpoint string, dopts ...grpc.DialOption) (*grpc.ClientCo
defer cancel()
ctx = cctx
}
if err := c.getToken(ctx); err != nil {
if err == ctx.Err() && ctx.Err() != c.ctx.Err() {
err = grpc.ErrClientConnTimeout

err := c.getToken(ctx)
if err != nil {
if toErr(ctx, err) != rpctypes.ErrAuthNotEnabled {
if err == ctx.Err() && ctx.Err() != c.ctx.Err() {
err = grpc.ErrClientConnTimeout
}
return nil, err
}
return nil, err
} else {
opts = append(opts, grpc.WithPerRPCCredentials(c.tokenCred))
}

opts = append(opts, grpc.WithPerRPCCredentials(c.tokenCred))
}

opts = append(opts, c.cfg.DialOptions...)
Expand Down
8 changes: 2 additions & 6 deletions e2e/ctl_v3_auth_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,9 @@ func authDisableTest(cx ctlCtx) {
cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err)
}

// now auth fails unconditionally, note that failed RPC is Authenticate(), not Put()
// now ErrAuthNotEnabled of Authenticate() is simply ignored
cx.user, cx.pass = "test-user", "pass"
if err := ctlV3PutFailAuthDisabled(cx, "hoo", "bar"); err != nil {
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Fatal(err)
}

Expand Down Expand Up @@ -330,10 +330,6 @@ func ctlV3PutFailPerm(cx ctlCtx, key, val string) error {
return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "permission denied")
}

func ctlV3PutFailAuthDisabled(cx ctlCtx, key, val string) error {
return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "authentication is not enabled")
}

func authSetupTestUser(cx ctlCtx) {
if err := ctlV3User(cx, []string{"add", "test-user", "--interactive=false"}, "User test-user created", []string{"pass"}); err != nil {
cx.t.Fatal(err)
Expand Down
4 changes: 3 additions & 1 deletion etcdserver/v3_server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,9 @@ func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest
for {
checkedRevision, err := s.AuthStore().CheckPassword(r.Name, r.Password)
if err != nil {
plog.Errorf("invalid authentication request to user %s was issued", r.Name)
if err != auth.ErrAuthNotEnabled {
plog.Errorf("invalid authentication request to user %s was issued", r.Name)
}
return nil, err
}

Expand Down

0 comments on commit d3456b5

Please sign in to comment.