Search service - add resilience for AAD tenant migrations (#526)

* Search service - add resilience for AAD tenant migrations * Update comment
NuGet · May 21, 2019 · 3089f84 · 3089f84
1 parent 0c09757
commit 3089f84
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/src/NuGet.Services.BasicSearch/Startup.cs b/src/NuGet.Services.BasicSearch/Startup.cs
@@ -11,7 +11,9 @@
 using System.Web.Cors;
 using Lucene.Net.Store;
 using Microsoft.ApplicationInsights.Extensibility;
+using Microsoft.Azure.KeyVault;
 using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using Microsoft.Owin;
 using Microsoft.Owin.Cors;
 using Microsoft.Owin.FileSystems;
@@ -43,7 +45,7 @@ public void Configuration(IAppBuilder app, IConfigurationFactory configFactory,
             ILoader loader)
         {
             _configFactory = configFactory;
-            var config = _configFactory.Get<BasicSearchConfiguration>().Result;
+            var config = GetConfiguration().Result;
 
             // Configure
             if ( ! string.IsNullOrEmpty(config.ApplicationInsightsInstrumentationKey))
@@ -210,6 +212,25 @@ public void Configuration(IAppBuilder app)
             Configuration(app, new ConfigurationFactory(configurationProvider), null, null);
         }
 
+        private async Task<BasicSearchConfiguration> GetConfiguration()
+        {
+            try
+            {
+                return await _configFactory.Get<BasicSearchConfiguration>();
+            }
+            catch (KeyVaultClientException e) 
+            {
+                // The status code we expect is (e.Status == HttpStatusCode.Unauthorized || e.Status == HttpStatusCode.Forbidden) but the catch is not explicit since confidence here is low.
+
+                // A hack related to: https://github.com/nuget/engineering/issues/2412 This can be removed/ignored after AAD tenant migration.
+                TokenCache.DefaultShared.Clear();
+
+                _logger.LogWarning("Failed to get config from KeyVault. Cleared token cache. Error details: {Error}", e.ToString());
+            }
+
+            return await _configFactory.Get<BasicSearchConfiguration>();
+        }
+
         private async void ReopenCallback(object state)
         {
             try
@@ -228,7 +249,7 @@ private async void ReopenCallback(object state)
                 {
                     var stopwatch = Stopwatch.StartNew();
 
-                    var newConfig = await _configFactory.Get<BasicSearchConfiguration>();
+                    var newConfig = await GetConfiguration();
                     _searcherManager.MaybeReopen(newConfig);
 
                     stopwatch.Stop();