[Secure Storage] Update vault request timeout and error handling.

[JoshLind]

Motivation

This PR offers 3 small improvements to the vault secure storage client:

1. First, set the timeout() and timeout_connection() values explicitly. Right now timeout() is not being set, so vault could potentially hang on reads/writes and the client code could block indefinitely.
2. Second, ensure we are calling "ureq::Response.into_string()" on all response handling paths. This is required to clear the response buffers. This relates to: Attempt to return dropped Body to pool algesten/ureq#94
3. Third, use "SyntheticError" and "SerializationError" where appropriate inside the client error handling code instead of "InternalError". "InternalError" is a bit too generic.

Have you read the Contributing Guidelines on pull requests?

Yes.

Test Plan

All tests pass locally.

Related PRs

None, but these changes come as a result of the on-going investigation of: https://github.com/diem/partners/issues/727

[JoshLind]

@mgorven, @davidiw, you may have to come to some sort of compromise regarding these values 😄

[mgorven]

How much work would it be to make these configurable?

[JoshLind]

Per component? e.g., using the config files, I believe a PR was previously started last year but never landed (#5229). Given the amount of code for this, do we think configurable timeouts would be that useful?

[mgorven]

In the Vault backend config section (wherever that gets used). Yes, timeouts are almost always configurable and do get used :-) If they are configurable we can set fairly aggressive defaults, but if that causes issues we can tune them in deployments. If they're hardcoded they have to be much more conservative.

[JoshLind]

That's fair -- if you can see the benefit then I'm happy to do that. Will probably have to do it as a follow up though -- might be too far beyond the scope of this PR 😄

[davidiw]

I think you can attach it as another commit to this PR or you can keep the values at 10_000.
I'm not comfortable changing values without having knobs at this point.

[JoshLind]

Agreed, I've changed them to 10_000 and will then follow up with a configurable timeout PR (I think this will be cleaner/easier to manage).

[davidiw]

why is this a serialization error? I think this is an internal error. Same with above.

[JoshLind]

Sure, although I preferred SerializationError as internally "resp.into_string()" performs serialization of the response (e.g., unchunking of the response bytes and using from_utf8_lossy), so if the call fails, it's a SerializationError. But granted, this is internal to the "resp.into_string()". Happy to revert to "InternalError" or perhaps something else, e.g., "ResponseConversionError"?

[davidiw]

I wouldn't say UTF8 from bytes is serialization in the traditional sense. I guess the question is when would this result in an error? Since it isn't well defined, I called it an internal error. A more accurate statement might be "ResponseParsingError" ? yuck :P

[davidiw]

Actually I'm 100% certain that this should be an internal error, for example, this could be caused by a terminated connection. I'll accept with the assumption we'll revert these back.

[JoshLind]

Okay, cool, thanks @davidiw -- sounds good!

[JoshLind]

Thanks @davidiw 😄
/land

[github-actions]

Cluster Test Result

Compatibility test results for land_b02a891e ==> land_e65cc44e (PR)
1. All instances running land_b02a891e, generating some traffic on network
2. First validator land_b02a891e ==> land_e65cc44e, to validate storage
3. First batch validators (14) land_b02a891e ==> land_e65cc44e, to test consensus
4. Second batch validators (15) land_b02a891e ==> land_e65cc44e, to upgrade rest of the validators
5. All full nodes (30) land_b02a891e ==> land_e65cc44e, to finish the network upgrade
all up : 917 TPS, 4927 ms latency, 6200 ms p99 latency, no expired txns
Logs: http://kibana.ct-0-k8s-testnet.aws.hlw3truzy4ls.com/app/kibana#/discover?_g=(time:(from:'2021-01-12T19:38:41Z',to:'2021-01-12T19:59:59Z'))
Dashboard: http://grafana.ct-0-k8s-testnet.aws.hlw3truzy4ls.com/d/performance/performance?from=1610480321000&to=1610481599000
Validator 1 logs: http://kibana.ct-0-k8s-testnet.aws.hlw3truzy4ls.com/app/kibana#/discover?_g=(time:(from:'2021-01-12T19:38:41Z',to:'2021-01-12T19:59:59Z'))&_a=(columns:!(log),query:(language:kuery,query:'kubernetes.pod_name:"val-1"'),sort:!(!('@timestamp',desc)))

Repro cmd:

./scripts/cti --tag land_b02a891e --cluster-test-tag land_e65cc44e -E RUST_LOG=debug -E BATCH_SIZE=15 -E UPDATE_TO_TAG=land_e65cc44e --report report.json --suite land_blocking_compat

🎉 Land-blocking cluster test passed! 👌

[bors-libra]

💔 Test Failed - commit-workflow

[JoshLind]

/land

[github-actions]

Cluster Test Result

Compatibility test results for land_99a69959 ==> land_7e094ec2 (PR)
1. All instances running land_99a69959, generating some traffic on network
2. First validator land_99a69959 ==> land_7e094ec2, to validate storage
3. First batch validators (14) land_99a69959 ==> land_7e094ec2, to test consensus
4. Second batch validators (15) land_99a69959 ==> land_7e094ec2, to upgrade rest of the validators
5. All full nodes (30) land_99a69959 ==> land_7e094ec2, to finish the network upgrade
all up : 914 TPS, 4954 ms latency, 6250 ms p99 latency, no expired txns
Logs: http://kibana.ct-1-k8s-testnet.aws.hlw3truzy4ls.com/app/kibana#/discover?_g=(time:(from:'2021-01-12T21:28:42Z',to:'2021-01-12T21:49:32Z'))
Dashboard: http://grafana.ct-1-k8s-testnet.aws.hlw3truzy4ls.com/d/performance/performance?from=1610486922000&to=1610488172000
Validator 1 logs: http://kibana.ct-1-k8s-testnet.aws.hlw3truzy4ls.com/app/kibana#/discover?_g=(time:(from:'2021-01-12T21:28:42Z',to:'2021-01-12T21:49:32Z'))&_a=(columns:!(log),query:(language:kuery,query:'kubernetes.pod_name:"val-1"'),sort:!(!('@timestamp',desc)))

Repro cmd:

./scripts/cti --tag land_99a69959 --cluster-test-tag land_7e094ec2 -E RUST_LOG=debug -E BATCH_SIZE=15 -E UPDATE_TO_TAG=land_7e094ec2 --report report.json --suite land_blocking_compat

🎉 Land-blocking cluster test passed! 👌