Add ability to retry vault token retrieval #442
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change adds the
retryVaultTokenRetrieval
option to the Action that will enable retries for retrieving the Vault token, via the HTTP error retries implemented by thegot
package.The problem I'm encountering is that sometimes the vault token retrieval, via the JWT method, results in a HTTP error, mostly 500s, and these kind of errors are not retried in the current version of vault-action. vault-action simply fails and there's no mitigation. This appears to be because the
got
package, by default, does not retryPOST
request types.So the new
retryVaultTokenRetrieval
option adds thePOST
request to the set of request types thegot
package will retry when the option is specified.Looking through the code, the vault token retrieval in
retrieveToken
is the only place where a POST request is performed, so the enablement of the option should only affect that function.Other options for implementation:
I'm not the biggest fan of the addition of this option and would rather the vault-action always retry failed vault token retrievals, but I'm unsure if the community would appreciate that change in strategy. Alternatively these are the options I've thought of that may or may not be more acceptable than this change. I'm open to opinions.
POST
requests performed withinvault-action
and remove the optionretryVaultTokenRetrieval
. This is a change in behavior that might result in addition Vault server load if retries are added by default.Basically the
POST
request type would be added to the defaultgot
client options.POST
requests happening in this Action, we could refactor the way the client is initiated and passed toretrieveToken
so that only thePOST
requests tried withingetClientToken
are retried.