CLI command: etcdctl auth status

[tarcinil]

Issue

I am using Chef to create my cluster and ensure everything is idempotent.

At present, you have to issue another etcdctl auth enable and check for the output

Authentication Enabled

and skip the execute's output if it has it.

There is no current getter

[root@default-centos-7 etcd]# /opt/etcd/etcdctl auth --help
NAME:
	auth - Enable or disable authentication

USAGE:
	etcdctl auth <enable or disable> [flags]

API VERSION:
	3.4


COMMANDS:
	disable	Disables authentication
	enable	Enables authentication

OPTIONS:

This also causes log entries every hour when Chef is running to manage drift.

{"level":"info","ts":"2020-01-13T19:30:59.767Z","caller":"auth/store.go:221","msg":"authentication is already enabled; ignored auth enable request"}

Proposal

Create a new function under auth that allows someone to fetch the status of the authentication system.

etcdctl auth status

This will create a better expectation when creating secure etcd clusters when using config management systems as we will have a standard way of testing if authentication is already enabled that isn't attempting to run a setter on the cluster.

Details

[root@REDACTED etcd]# /opt/etcd/etcd --version
etcd Version: 3.4.3
Git SHA: 3cf2f69
Go Version: go1.12.12
Go OS/Arch: linux/amd64

[root@REDACTED etcd]# /opt/etcd/etcdctl version
etcdctl version: 3.4.3
API version: 3.4

[xiang90]

@tarcinil do you want to work on this new subcommand?

[tarcinil]

I have written some work on this but I would only call it a scaffolding for the command entry point to the internal Raft stuff (I don't know much from there). I have written in Go before but it has been sometime. Why don't I push up my work tonight and see what you think?