Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix forbidden errors when token is about to expire #38

Merged
merged 2 commits into from
Nov 19, 2021
Merged

Fix forbidden errors when token is about to expire #38

merged 2 commits into from
Nov 19, 2021

Conversation

anrock-sc
Copy link

This fixes the edge case when the communication to vault is very slow
and the passed token is about to expire, it can happen that
the call to lookup self returns success but the following vault calls
still run into an error as the token just expired.

This problem becomes more severe as vault communication sometimes
can be quite slow.

This change will fix this edge by calculating the maximal time, a call to
vault will take. That is:

(Read Timeout + Open Timeout + Retry Intervall in Milliseconds / 1000) * Max Retried

This is capped to 60 seconds as the documentation
for the read and open timeout parameters were wrong. As the previous
documentation stated that the timeout parameter are ms valued, they
are actually seconds. See: openTimout and readTimeout

This could cause users to have high values
in these parameters. To prevent continues token refreshing in that case,
the maximal guaranteed token validity is capped to 60 seconds.

I couldn't test my PR with the docker images due to: #37

@anrock-sc
Fixed documentation of open and read timeout form ms -> s
adc8ab5
@anrock-sc
Aquire new token if current token is about to expire
a5d91dd 
This fixes the edge case when the communication to vault is very slow
and the passed token is about to expire, it can happen that
the call to lookup self returns success but the following vault calls
still run into an error as the token just expired.

This change will fix this by calculating the maximal time, a call to
vault will take. This is capped to 60 seconds as the documentation
for the read and open timeout parameters were wrong. As the previous
documentation stated that the timout paramter are ms valued, they
are actually seconds. This could cause users to have high values
in these paramters. To prevent continues token refreshing in that case,
the maximal guaranteed token validity is capped to 60 seconds.
@ltamaster ltamaster self-requested a review November 19, 2021 14:55
ltamaster
ltamaster approved these changes Nov 19, 2021
View reviewed changes
Copy link

@ltamaster ltamaster left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested

@ltamaster ltamaster merged commit 651618b into rundeck-plugins:master Nov 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ltamaster ltamaster ltamaster approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anrock-sc @ltamaster