Continuous watching session after role revocation

[saimikiry]

Hi! I was reviewing the functions of etcd and saw this scenario.

The user with read/write access to the key starts a watching session.

The administrator performs any of the following actions:

• revoke the user's role;
• change the user's password;
• delete the user.

After this, the watching session remains active.

Was it intended to be this way? Thanks!

[ahrtr]

Is this your production use case?

It should be a known "issue" and by design. The role & permission update can't break the existing on-going watcher. Once the watch stops and starts again, it will get permission deny response.

We don't have a plan to change this behaviour for now. cc @mitake