Skip to content

Commit

Permalink
Merge pull request #8524 from hashicorp/b-vault-health-checks
Browse files Browse the repository at this point in the history
Skip checking Vault health
  • Loading branch information
Mahmood Ali authored Aug 11, 2020
2 parents b5ef217 + a3b4f06 commit 104ab50
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 11 deletions.
22 changes: 12 additions & 10 deletions nomad/vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -482,17 +482,18 @@ OUTER:
case <-v.tomb.Dying():
return
case <-retryTimer.C:
// Ensure the API is reachable
if !initStatus {
if _, err := v.clientSys.Sys().InitStatus(); err != nil {
v.logger.Warn("failed to contact Vault API", "retry", v.config.ConnectionRetryIntv, "error", err)
retryTimer.Reset(v.config.ConnectionRetryIntv)
continue OUTER
}
initStatus = true
}
// Retry validating the token till success
if err := v.parseSelfToken(); err != nil {
// if parsing token fails, try to distinguish legitimate token error from transient Vault initialization/connection issue
if !initStatus {
if _, err := v.clientSys.Sys().Health(); err != nil {
v.logger.Warn("failed to contact Vault API", "retry", v.config.ConnectionRetryIntv, "error", err)
retryTimer.Reset(v.config.ConnectionRetryIntv)
continue OUTER
}
initStatus = true
}

v.logger.Error("failed to validate self token/role", "retry", v.config.ConnectionRetryIntv, "error", err)
retryTimer.Reset(v.config.ConnectionRetryIntv)
v.l.Lock()
Expand All @@ -501,6 +502,7 @@ OUTER:
v.l.Unlock()
continue OUTER
}

break OUTER
}
}
Expand Down Expand Up @@ -1288,7 +1290,7 @@ func (v *vaultClient) revokeDaemon() {
case <-v.tomb.Dying():
return
case now := <-ticker.C:
if established, _ := v.ConnectionEstablished(); !established {
if established, err := v.ConnectionEstablished(); !established || err != nil {
continue
}

Expand Down
3 changes: 2 additions & 1 deletion nomad/vault_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1016,6 +1016,7 @@ func TestVaultClient_LookupToken_RateLimit(t *testing.T) {

// Spin up many requests. These should block
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

cancels := 0
numRequests := 20
Expand All @@ -1029,7 +1030,7 @@ func TestVaultClient_LookupToken_RateLimit(t *testing.T) {
cancels += 1
return
}
t.Fatalf("self lookup failed: %v", err)
t.Errorf("self lookup failed: %v", err)
return
}

Expand Down

0 comments on commit 104ab50

Please sign in to comment.