Why does the etcd's `authStore` read and set revision from boltdb when handling AuthEnable requests, instead of adding revision? #15857

Phoenix500526 · 2023-05-09T09:34:44Z

Phoenix500526
May 9, 2023

Hi, everyone. I'm a newbie to etcd and have a problem with some code implemented in the etcd.

Let's look at the implementation of the AuthEnable method first (reference: AuthEnable ):

func (as *authStore) AuthEnable() error {
	as.enabledMu.Lock()
	defer as.enabledMu.Unlock()
	if as.enabled {
		as.lg.Info("authentication is already enabled; ignored auth enable request")
		return nil
	}
	tx := as.be.BatchTx()
	tx.Lock()
	defer func() {
		tx.Unlock()
		as.be.ForceCommit()
	}()

	u := tx.UnsafeGetUser(rootUser)
	if u == nil {
		return ErrRootUserNotExist
	}

	if !hasRootRole(u) {
		return ErrRootRoleNotExist
	}

	tx.UnsafeSaveAuthEnabled(true)
	as.enabled = true
	as.tokenProvider.enable()

	as.refreshRangePermCache(tx)

	as.setRevision(tx.UnsafeReadAuthRevision())

	as.lg.Info("enabled authentication")
	return nil
}

func (as *authStore) AuthDisable() {
	as.enabledMu.Lock()
	defer as.enabledMu.Unlock()
	if !as.enabled {
		return
	}
	b := as.be
	tx := b.BatchTx()
	tx.Lock()
	tx.UnsafeSaveAuthEnabled(false)
	as.commitRevision(tx)
	tx.Unlock()
	b.ForceCommit()
	as.enabled = false
	as.tokenProvider.disable()
	as.lg.Info("disabled authentication")
}

func (as *authStore) commitRevision(tx AuthBatchTx) {
	atomic.AddUint64(&as.revision, 1)
	tx.UnsafeSaveAuthRevision(as.Revision())
}

The authStore increases the revision of the authStore when handling Auth-related requests, such as AuthDisable, UserAdd, etc. However, the AuthEnable implementation in different logic, as it reads the revision value from the underlying boltdb and uses that value to override the authStore.revision, which confuses me:

Why is it designed this way? Are there any special reasons, like consistency or something like that?
Why can't AuthEnable just increment revision directly like what AuthDisable does?

Can anybody tell me why? Thanks in advance.