Merge pull request #12549 from bbiao/bugfix/refresh_token

client/v3: clear auth token when encounter ErrInvalidAuthToken
2020-12-29 22:08:14 -05:00 · 2020-12-29 22:08:14 -05:00 · a4570a60e7
parent a1ff0d5373 af4ef4ec04
commit a4570a60e7
1 changed files with 9 additions and 0 deletions
--- a/client/v3/retry_interceptor.go
+++ b/client/v3/retry_interceptor.go
@ -74,6 +74,12 @@ func (c *Client) unaryClientInterceptor(logger *zap.Logger, optFuncs ...retryOpt
 				continue
 			}
 			if callOpts.retryAuth && rpctypes.Error(lastErr) == rpctypes.ErrInvalidAuthToken {
+				// clear auth token before refreshing it.
+				// call c.Auth.Authenticate with an invalid token will always fail the auth check on the server-side,
+				// if the server has not apply the patch of pr #12165 (https://github.com/etcd-io/etcd/pull/12165)
+				// and a rpctypes.ErrInvalidAuthToken will recursively call c.getToken until system run out of resource.
+				c.authTokenBundle.UpdateAuthToken("")
+
 				gterr := c.getToken(ctx)
 				if gterr != nil {
 					logger.Warn(
@ -240,6 +246,9 @@ func (s *serverStreamingRetryingStream) receiveMsgAndIndicateRetry(m interface{}
 		return true, err
 	}
 	if s.callOpts.retryAuth && rpctypes.Error(err) == rpctypes.ErrInvalidAuthToken {
+		// clear auth token to avoid failure when call getToken
+		s.client.authTokenBundle.UpdateAuthToken("")
+
 		gterr := s.client.getToken(s.ctx)
 		if gterr != nil {
 			s.client.lg.Warn("retry failed to fetch new auth token", zap.Error(gterr))