lburgazzoli
commented
3 months ago @Rmarian, do you have time to work on a pr to fix the issue ?
Closed Rmarian closed 3 months ago
lburgazzoli
commented
3 months ago @Rmarian, do you have time to work on a pr to fix the issue ?
Rmarian
commented
3 months ago @lburgazzoli yes, I already have the fix locally. I can open a PR soon.
Rmarian
commented
3 months ago @lburgazzoli So in the end the PR fix is a bit different than what I initially planned.
It turned out that the fact that etcd was returning "auth: revision in header is old" was a bug in 3.5.0 since fixed by https://github.com/etcd-io/etcd/pull/13308
However even after testing with 3.5.10 I got another failure "etcdserver: revision of auth store is old".
So I added this error to the retry condition as well and now all seems fine.
Looks like in the original fix, https://github.com/etcd-io/etcd/pull/13308, the condition was not added as re-tryable but I don't know why.
Versions
Describe the bug When using jetcd with authentication enabled, if the cached JWT token becomes invalid because it's revision has become obsolete and etcd responds with "auth: revision in header is old" error, jetcd fails to refresh the token and instead reuses the same one until it expires normally.
To Reproduce
Expected behavior The instantiated jetcd client continues to work but instead on every subsequent request the error "io.grpc.StatusRuntimeException: UNKNOWN: auth: revision in header is old" is returned
Additional context Seems like the auth token validity logic must be updated in io.etcd.jetcd.support.Errors:
public static boolean isInvalidTokenError(Status status) { return (status.getCode() == Code.UNAUTHENTICATED || status.getCode() == Code.UNKNOWN) && "etcdserver: invalid auth token".equals(status.getDescription()); }An extra check for "auth: revision in header is old" should be added here.After I added this my tests worked fine.