client/v3: clear auth token when encounter ErrInvalidAuthToken

Old etcdserver which have not apply pr of etcd-io#12165 will check auth token even if the request is an Authenticate request. If the client has a invalid auth token, it will not able to update it's token, since the Authenticate has a invalid auth token. This fix clear the auth token when encounter an ErrInvalidAuthToken to talk with old version etcd servers. Fix etcd-io#12385 with etcd-io#12165 and etcd-io#12264
bbiao · Dec 14, 2020 · 748715d · 748715d
1 parent a3174d0
commit 748715d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/client/v3/retry_interceptor.go b/client/v3/retry_interceptor.go
@@ -74,6 +74,12 @@ func (c *Client) unaryClientInterceptor(logger *zap.Logger, optFuncs ...retryOpt
 				continue
 			}
 			if callOpts.retryAuth && rpctypes.Error(lastErr) == rpctypes.ErrInvalidAuthToken {
+				// clear auth token befault refreshing it.
+				// call c.Auth.Authenticate with an invalid token will always fail the auth check on the server-side,
+				// if the server has not apply the patch of pr #12165 (https://github.com/etcd-io/etcd/pull/12165)
+				// and a rpctypes.ErrInvalidAuthToken will recursively call c.getToken until system run out of resource.
+				c.authTokenBundle.UpdateAuthToken("")
+
 				gterr := c.getToken(ctx)
 				if gterr != nil {
 					logger.Warn(