diff --git a/client/v3/retry_interceptor.go b/client/v3/retry_interceptor.go index 9ce2c7696a7..218381d9380 100644 --- a/client/v3/retry_interceptor.go +++ b/client/v3/retry_interceptor.go @@ -74,7 +74,7 @@ func (c *Client) unaryClientInterceptor(optFuncs ...retryOption) grpc.UnaryClien // its the callCtx deadline or cancellation, in which case try again. continue } - if callOpts.retryAuth && rpctypes.Error(lastErr) == rpctypes.ErrInvalidAuthToken { + if c.shouldRefreshToken(lastErr, callOpts) { // clear auth token before refreshing it. // call c.Auth.Authenticate with an invalid token will always fail the auth check on the server-side, // if the server has not apply the patch of pr #12165 (https://github.com/etcd-io/etcd/pull/12165) @@ -149,6 +149,17 @@ func (c *Client) streamClientInterceptor(optFuncs ...retryOption) grpc.StreamCli } } +// shouldRefreshToken checks whether there's a need to refresh the token based on the error and callOptions, +// and returns a boolean value. +func (c *Client) shouldRefreshToken(err error, callOpts *options) bool { + if rpctypes.Error(err) == rpctypes.ErrUserEmpty { + // refresh the token when username, password is present but the server returns ErrUserEmpty + // which is possible when the client token is cleared somehow + return c.authTokenBundle != nil // equal to c.Username != "" && c.Password != "" + } + return callOpts.retryAuth && rpctypes.Error(err) == rpctypes.ErrInvalidAuthToken +} + // type serverStreamingRetryingStream is the implementation of grpc.ClientStream that acts as a // proxy to the underlying call. If any of the RecvMsg() calls fail, it will try to reestablish // a new ClientStream according to the retry policy. @@ -246,7 +257,7 @@ func (s *serverStreamingRetryingStream) receiveMsgAndIndicateRetry(m interface{} // its the callCtx deadline or cancellation, in which case try again. return true, err } - if s.callOpts.retryAuth && rpctypes.Error(err) == rpctypes.ErrInvalidAuthToken { + if s.client.shouldRefreshToken(err, s.callOpts) { // clear auth token to avoid failure when call getToken s.client.authTokenBundle.UpdateAuthToken("")