-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
INFRA-42849 | Add retries to token generation #10
INFRA-42849 | Add retries to token generation #10
Conversation
BhavikaSharma
commented
Sep 10, 2024
- Add retries to token generation
- Add exponential backoff on failures
6aa4168
to
7b3b349
Compare
README.md
Outdated
@@ -26,8 +26,12 @@ limitations under the License. | |||
|
|||
- Run `./devel/run-test-vault.sh` in a terminal. Keep this open. This will print useful logs from the vault server | |||
- Run `source ./devel/argocd-login.sh` in a new session. It is important to source this script as the exported variables are needed later. | |||
- You will likely need to run `okta-kube-token` and create an escalation request like the following first: | |||
``` | |||
kubectl escalation -n $KUBE_NS --context $KUBE_CONTEXT request "Vault plugin test" --approve |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a Splunk specific escalation implementation. Should not be added to this readme.
internal/plugin/client.go
Outdated
totalRetries = 4 | ||
) | ||
|
||
var retryWaitSeconds = []time.Duration{0, 1, 3, 5} // first value should remain 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aggressive retry would actually make this worse. The backoff might need to be a bit more gentle.
0, 3, 5, 10
projectClient := clientCtx.client | ||
response, err = projectClient.CreateToken(clientCtx.clientContext, createTokenRequest) | ||
|
||
if err == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
small nitpick but in golang its typica to check if the error != nil and error out if true instead of checking if it is nil and putting the logic in the brackets
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me know if you guys think otherwise but we have to check that the err is nil. When the err is nil, we want to break out of the loop. If we only return failure when err is not nil, when there is no error, it will go through the loop again and do a retry even when we don't want to.
Happy to discuss further if you see an alternative.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
couldn't you just add a break so that it doesn't continue loop again when no error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The if-statement to check the break condition would be on if err == nil
though so we would still need to check for this condition. This solution would require us to do two checks (technically 3 since there's an && needed and this check should already be encompassed by the for loop condition). I.e.:
for retries < totalRetries {
logic
if err != nil && retries < totalRetries -1 {
return error
} else if err == nil {
break
}
logic
}
Happy to implement it this way if you still think it's better but if we're checking for if err == nil
anyway in this solution, and also since the for loop is already handling the retries < totalRetries
seems like it makes sense to not make the changes. Let me know if you think otherwise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, in this case I think
err == nil {
//early exit
}
is cleaner than:
err != nil {
continue
} else {
//exit
}
I think the loop could look cleaner if we used for retries := range(retryWaitSeconds)
. Avoids having to increment
var response *project.ProjectTokenResponse | ||
var err error | ||
|
||
for retries < totalRetries { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to have a separate variable for number of totalRetries, will this always be the same as range(retryWaitSeconds)
?