Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timeout SDK Go for AKV when trying an inexisting AKV #16371

Closed
Rikonimo opened this issue Dec 1, 2021 · 5 comments
Closed

Timeout SDK Go for AKV when trying an inexisting AKV #16371

Rikonimo opened this issue Dec 1, 2021 · 5 comments
Assignees
@seankane-msft
Labels
Client This issue points to a problem in the data-plane of the library. KeyVault needs-author-feedback Workflow: More information is needed from author to address the issue. no-recent-activity There has been no recent activity on this issue.

Comments

@Rikonimo
Copy link

Rikonimo commented Dec 1, 2021

We use the Azure SDK for GO to call the Azure Rest API for the key-vault to help us in getting the secrets and sync them into the K8s secrets in our namespaces.

However we found that incase of a non-existing Keyvault (for Example due to a wrong configuration by the user ) , the API keeps on trying to reach this wrong address until it times out after quite long time (7-8 minutes) giving a DNS error :

-- Original Error: Get "https://test-sync-time-dummy.vault.azure.net/secrets/hello/?api-version=2016-10-01\": dial tcp: lookup test-sync-time-dummy.vault.azure.net on 10.224.0.10:53: no such host"

The error makes sense however we were looking for a way to configure the timeout threshold needed to get this response . the API Parameters does not contain such parameter . The problem is that the API call keeps the operator process busy and doesn’t release it to continue processing the other secrets defined in the Custom resources , causing them to pile up waiting for their turn in the queue which can cause huge delays in the synchronization process between key-vault and k8s secrets.

Is there a way to tune such timeout property from the Azure DNS , or can we raise such request to our Microsoft partners to find a way if we can add such timeout parameter to our API call to the key-vault ?
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Dec 1, 2021
@tombuildsstuff tombuildsstuff mentioned this issue Dec 1, 2021
Closed
@RickWinter
Copy link
Member

@Rikonimo Can you clarify which SDK you are using. Is it azsecrets ?

@RickWinter RickWinter added Client This issue points to a problem in the data-plane of the library. KeyVault needs-author-feedback Workflow: More information is needed from author to address the issue. labels Dec 1, 2021
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Dec 1, 2021
@seankane-msft seankane-msft self-assigned this Dec 1, 2021
@seankane-msft seankane-msft mentioned this issue Dec 1, 2021
Merged
@seankane-msft
Copy link
Member

Assuming you are using the new libraries (azkeys and azsecrets here) you can use the context.Context parameter to set a timeout. Here is a code snippet that shows how to set a 10 second timeout:

func Example() {
	fakeKVUrl := "https://test-sync-time-dummy.vault.azure.net/"
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	handle(err)

	client, err := NewClient(fakeKVUrl, cred, nil)
	handle(err)

	c := context.Background()
	c, cancelFunc := context.WithTimeout(c, 10*time.Second)
	defer cancelFunc()

	_, err = client.GetSecret(c, "nonexistentsecret", nil)
	handle(err)
}

@ghost ghost added the no-recent-activity There has been no recent activity on this issue. label Dec 8, 2021
@ghost
Copy link

ghost commented Dec 8, 2021

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

@ghost ghost closed this as completed Dec 23, 2021
@magodo
Copy link
Contributor

magodo commented Dec 23, 2021

This issue still remains, reopening it.

@magodo magodo reopened this Dec 23, 2021
@ghost ghost removed the no-recent-activity There has been no recent activity on this issue. label Dec 23, 2021
@ghost ghost added the no-recent-activity There has been no recent activity on this issue. label Dec 30, 2021
@ghost
Copy link

ghost commented Dec 30, 2021

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

@ghost ghost closed this as completed Jan 14, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@seankane-msft seankane-msft

Labels
Client This issue points to a problem in the data-plane of the library. KeyVault needs-author-feedback Workflow: More information is needed from author to address the issue. no-recent-activity There has been no recent activity on this issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@RickWinter @magodo @Rikonimo @seankane-msft