From 11a689d06383873eb9f007b12550c5c1adb5cc3f Mon Sep 17 00:00:00 2001
From: Xiang Li <xiangli.cs@gmail.com>
Date: Thu, 20 Aug 2015 16:13:27 -0700
Subject: [PATCH] etcdserver/auth: cache auth enable result

---
 etcdserver/auth/auth.go          |  5 +++++
 etcdserver/auth/auth_requests.go |  6 ++++++
 etcdserver/auth/auth_test.go     | 23 +++++++++++++----------
 3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/etcdserver/auth/auth.go b/etcdserver/auth/auth.go
index 14636bc63..ac3ce92cb 100644
--- a/etcdserver/auth/auth.go
+++ b/etcdserver/auth/auth.go
@@ -93,6 +93,7 @@ type store struct {
 	server      doer
 	timeout     time.Duration
 	ensuredOnce bool
+	enabled     *bool
 }
 
 type User struct {
@@ -398,6 +399,8 @@ func (s *store) EnableAuth() error {
 	}
 	err = s.enableAuth()
 	if err == nil {
+		b := true
+		s.enabled = &b
 		plog.Noticef("auth: enabled auth")
 	} else {
 		plog.Errorf("error enabling auth (%v)", err)
@@ -411,6 +414,8 @@ func (s *store) DisableAuth() error {
 	}
 	err := s.disableAuth()
 	if err == nil {
+		b := false
+		s.enabled = &b
 		plog.Noticef("auth: disabled auth")
 	} else {
 		plog.Errorf("error disabling auth (%v)", err)
diff --git a/etcdserver/auth/auth_requests.go b/etcdserver/auth/auth_requests.go
index 7103578c4..d621ed0ef 100644
--- a/etcdserver/auth/auth_requests.go
+++ b/etcdserver/auth/auth_requests.go
@@ -85,10 +85,15 @@ func (s *store) detectAuth() bool {
 	if s.server == nil {
 		return false
 	}
+	if s.enabled != nil {
+		return *s.enabled
+	}
 	value, err := s.requestResource("/enabled", false)
 	if err != nil {
 		if e, ok := err.(*etcderr.Error); ok {
 			if e.ErrorCode == etcderr.EcodeKeyNotFound {
+				b := false
+				s.enabled = &b
 				return false
 			}
 		}
@@ -102,6 +107,7 @@ func (s *store) detectAuth() bool {
 		plog.Errorf("internal bookkeeping value for enabled isn't valid JSON (%v)", err)
 		return false
 	}
+	s.enabled = &u
 	return u
 }
 
diff --git a/etcdserver/auth/auth_test.go b/etcdserver/auth/auth_test.go
index 704e56ddf..d7f596083 100644
--- a/etcdserver/auth/auth_test.go
+++ b/etcdserver/auth/auth_test.go
@@ -210,7 +210,7 @@ func TestAllUsers(t *testing.T) {
 	}
 	expected := []string{"cat", "dog"}
 
-	s := store{d, testTimeout, false}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: false}
 	users, err := s.AllUsers()
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -238,7 +238,7 @@ func TestGetAndDeleteUser(t *testing.T) {
 	}
 	expected := User{User: "cat", Roles: []string{"animal"}}
 
-	s := store{d, testTimeout, false}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: false}
 	out, err := s.GetUser("cat")
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -275,7 +275,7 @@ func TestAllRoles(t *testing.T) {
 	}
 	expected := []string{"animal", "human", "root"}
 
-	s := store{d, testTimeout, false}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: false}
 	out, err := s.AllRoles()
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -303,7 +303,7 @@ func TestGetAndDeleteRole(t *testing.T) {
 	}
 	expected := Role{Role: "animal"}
 
-	s := store{d, testTimeout, false}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: false}
 	out, err := s.GetRole("animal")
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -350,7 +350,7 @@ func TestEnsure(t *testing.T) {
 		},
 	}
 
-	s := store{d, testTimeout, false}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: false}
 	err := s.ensureAuthDirectories()
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -410,7 +410,7 @@ func TestCreateAndUpdateUser(t *testing.T) {
 	update := User{User: "cat", Grant: []string{"pet"}}
 	expected := User{User: "cat", Roles: []string{"animal", "pet"}}
 
-	s := store{d, testTimeout, true}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: true}
 	out, created, err := s.CreateOrUpdateUser(user)
 	if created == false {
 		t.Error("Should have created user, instead updated?")
@@ -465,7 +465,7 @@ func TestUpdateRole(t *testing.T) {
 	update := Role{Role: "animal", Grant: &Permissions{KV: RWPermission{Read: []string{}, Write: []string{"/animal"}}}}
 	expected := Role{Role: "animal", Permissions: Permissions{KV: RWPermission{Read: []string{"/animal"}, Write: []string{"/animal"}}}}
 
-	s := store{d, testTimeout, true}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: true}
 	out, err := s.UpdateRole(update)
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -496,7 +496,7 @@ func TestCreateRole(t *testing.T) {
 	}
 	r := Role{Role: "animal", Permissions: Permissions{KV: RWPermission{Read: []string{"/animal"}, Write: []string{}}}}
 
-	s := store{d, testTimeout, true}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: true}
 	err := s.CreateRole(Role{Role: "root"})
 	if err == nil {
 		t.Error("Should error creating root role")
@@ -562,7 +562,7 @@ func TestEnableAuth(t *testing.T) {
 		},
 		explicitlyEnabled: false,
 	}
-	s := store{d, testTimeout, true}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: true}
 	err := s.EnableAuth()
 	if err != nil {
 		t.Error("Unexpected error", err)
@@ -605,11 +605,14 @@ func TestDisableAuth(t *testing.T) {
 		},
 		explicitlyEnabled: false,
 	}
-	s := store{d, testTimeout, true}
+	s := store{server: d, timeout: testTimeout, ensuredOnce: true}
 	err := s.DisableAuth()
 	if err == nil {
 		t.Error("Expected error; already disabled")
 	}
+
+	// clear cache
+	s.enabled = nil
 	err = s.DisableAuth()
 	if err != nil {
 		t.Error("Unexpected error", err)