From 084e5317811530424d7e386afd3f6de6226fa0c7 Mon Sep 17 00:00:00 2001 From: Chris Zembower Date: Wed, 10 Aug 2022 15:08:06 -0400 Subject: [PATCH 1/5] add backoff --- vault/resource_generic_secret.go | 14 +++++++++++--- vault/resource_kv_secret_v2.go | 14 ++++++++++++-- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/vault/resource_generic_secret.go b/vault/resource_generic_secret.go index d9c3b69be..ba5f87c73 100644 --- a/vault/resource_generic_secret.go +++ b/vault/resource_generic_secret.go @@ -4,7 +4,9 @@ import ( "encoding/json" "fmt" "log" + "time" + "github.com/cenkalti/backoff/v4" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-vault/internal/consts" @@ -146,9 +148,15 @@ func genericSecretResourceWrite(d *schema.ResourceData, meta interface{}) error } log.Printf("[DEBUG] Writing generic Vault secret to %s", path) - _, err = client.Logical().Write(path, data) - if err != nil { - return fmt.Errorf("error writing to Vault: %s", err) + if err := backoff.RetryNotify(func() error { + _, err := client.Logical().Write(path, data) + return err + }, backoff.WithMaxRetries( + backoff.NewConstantBackOff(time.Millisecond*500), 10), + func(err error, duration time.Duration) { + log.Printf("[WARN] create generic secret %q failed, retrying in %s", path, duration) + }); err != nil { + return fmt.Errorf("error creating generic secret: %s", err) } d.SetId(originalPath) diff --git a/vault/resource_kv_secret_v2.go b/vault/resource_kv_secret_v2.go index ae1508a13..b4c0c8f09 100644 --- a/vault/resource_kv_secret_v2.go +++ b/vault/resource_kv_secret_v2.go @@ -5,7 +5,9 @@ import ( "encoding/json" "fmt" "log" + "time" + "github.com/cenkalti/backoff/v4" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -134,8 +136,16 @@ func kvSecretV2Write(ctx context.Context, d *schema.ResourceData, meta interface data[k] = d.Get(k) } - if _, err := client.Logical().Write(path, data); err != nil { - return diag.Errorf("error writing secret data to %s, err=%s", path, err) + log.Printf("[DEBUG] creating KVV2 secret %s", path) + if err := backoff.RetryNotify(func() error { + _, err := client.Logical().Write(path, data) + return err + }, backoff.WithMaxRetries( + backoff.NewConstantBackOff(time.Millisecond*500), 10), + func(err error, duration time.Duration) { + log.Printf("[WARN] create KVV2 %q failed, retrying in %s", path, duration) + }); err != nil { + return diag.Errorf("error creating KVV2 secret: %s", err) } d.SetId(path) From e6ac3d08363f0a785cfb69fbd72035307a2f97e7 Mon Sep 17 00:00:00 2001 From: Chris Zembower Date: Thu, 11 Aug 2022 10:55:35 -0400 Subject: [PATCH 2/5] cleanup --- vault/resource_generic_secret.go | 22 +++++++++++++--------- vault/resource_kv_secret_v2.go | 20 ++++++++++++-------- 2 files changed, 25 insertions(+), 17 deletions(-) diff --git a/vault/resource_generic_secret.go b/vault/resource_generic_secret.go index ba5f87c73..c91abe651 100644 --- a/vault/resource_generic_secret.go +++ b/vault/resource_generic_secret.go @@ -147,15 +147,19 @@ func genericSecretResourceWrite(d *schema.ResourceData, meta interface{}) error } - log.Printf("[DEBUG] Writing generic Vault secret to %s", path) - if err := backoff.RetryNotify(func() error { - _, err := client.Logical().Write(path, data) - return err - }, backoff.WithMaxRetries( - backoff.NewConstantBackOff(time.Millisecond*500), 10), - func(err error, duration time.Duration) { - log.Printf("[WARN] create generic secret %q failed, retrying in %s", path, duration) - }); err != nil { + writeData := func() error { + if _, err := client.Logical().Write(path, data); err != nil { + return err + } + return nil + } + + bo := backoff.WithMaxRetries(backoff.NewConstantBackOff(time.Millisecond*500), 10) + + log.Printf("[DEBUG] Writing generic Vault secret to %s", path) + if err := backoff.RetryNotify(writeData, bo, func(err error, duration time.Duration) { + log.Printf("[WARN] create generic secret %q failed, retrying in %s", path, duration) + }); err != nil { return fmt.Errorf("error creating generic secret: %s", err) } diff --git a/vault/resource_kv_secret_v2.go b/vault/resource_kv_secret_v2.go index b4c0c8f09..5598e1b3e 100644 --- a/vault/resource_kv_secret_v2.go +++ b/vault/resource_kv_secret_v2.go @@ -136,15 +136,19 @@ func kvSecretV2Write(ctx context.Context, d *schema.ResourceData, meta interface data[k] = d.Get(k) } + writeData := func() error { + if _, err := client.Logical().Write(path, data); err != nil { + return err + } + return nil + } + + bo := backoff.WithMaxRetries(backoff.NewConstantBackOff(time.Millisecond*500), 10) + log.Printf("[DEBUG] creating KVV2 secret %s", path) - if err := backoff.RetryNotify(func() error { - _, err := client.Logical().Write(path, data) - return err - }, backoff.WithMaxRetries( - backoff.NewConstantBackOff(time.Millisecond*500), 10), - func(err error, duration time.Duration) { - log.Printf("[WARN] create KVV2 %q failed, retrying in %s", path, duration) - }); err != nil { + if err := backoff.RetryNotify(writeData, bo, func(err error, duration time.Duration) { + log.Printf("[WARN] create KVV2 %q failed, retrying in %s", path, duration) + }); err != nil { return diag.Errorf("error creating KVV2 secret: %s", err) } From 7eab326c49af4a63dfdbbdf95275d8b2a8d8b41f Mon Sep 17 00:00:00 2001 From: Chris Zembower Date: Fri, 12 Aug 2022 16:50:37 -0400 Subject: [PATCH 3/5] check that error is http 400 --- vault/resource_generic_secret.go | 8 +++++++- vault/resource_kv_secret_v2.go | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/vault/resource_generic_secret.go b/vault/resource_generic_secret.go index c91abe651..98eb740cf 100644 --- a/vault/resource_generic_secret.go +++ b/vault/resource_generic_secret.go @@ -4,10 +4,12 @@ import ( "encoding/json" "fmt" "log" + "net/http" "time" "github.com/cenkalti/backoff/v4" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/vault/api" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" @@ -149,7 +151,11 @@ func genericSecretResourceWrite(d *schema.ResourceData, meta interface{}) error writeData := func() error { if _, err := client.Logical().Write(path, data); err != nil { - return err + if respErr, ok := err.(*api.ResponseError); ok && (respErr.StatusCode == http.StatusBadRequest) { + return err + } else { + return backoff.Permanent(err) + } } return nil } diff --git a/vault/resource_kv_secret_v2.go b/vault/resource_kv_secret_v2.go index 5598e1b3e..b2f0b75da 100644 --- a/vault/resource_kv_secret_v2.go +++ b/vault/resource_kv_secret_v2.go @@ -5,11 +5,13 @@ import ( "encoding/json" "fmt" "log" + "net/http" "time" "github.com/cenkalti/backoff/v4" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/vault/api" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" @@ -138,7 +140,11 @@ func kvSecretV2Write(ctx context.Context, d *schema.ResourceData, meta interface writeData := func() error { if _, err := client.Logical().Write(path, data); err != nil { - return err + if respErr, ok := err.(*api.ResponseError); ok && (respErr.StatusCode == http.StatusBadRequest) { + return err + } else { + return backoff.Permanent(err) + } } return nil } From 84d144bf67412084460b5100893c8e6cc4f3424c Mon Sep 17 00:00:00 2001 From: Ben Ash <32777270+benashz@users.noreply.github.com> Date: Fri, 30 Sep 2022 11:07:52 -0400 Subject: [PATCH 4/5] Update vault/resource_kv_secret_v2.go --- vault/resource_kv_secret_v2.go | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/vault/resource_kv_secret_v2.go b/vault/resource_kv_secret_v2.go index b2f0b75da..386665484 100644 --- a/vault/resource_kv_secret_v2.go +++ b/vault/resource_kv_secret_v2.go @@ -138,25 +138,8 @@ func kvSecretV2Write(ctx context.Context, d *schema.ResourceData, meta interface data[k] = d.Get(k) } - writeData := func() error { - if _, err := client.Logical().Write(path, data); err != nil { - if respErr, ok := err.(*api.ResponseError); ok && (respErr.StatusCode == http.StatusBadRequest) { - return err - } else { - return backoff.Permanent(err) - } - } - return nil - } - - bo := backoff.WithMaxRetries(backoff.NewConstantBackOff(time.Millisecond*500), 10) - - log.Printf("[DEBUG] creating KVV2 secret %s", path) - if err := backoff.RetryNotify(writeData, bo, func(err error, duration time.Duration) { - log.Printf("[WARN] create KVV2 %q failed, retrying in %s", path, duration) - }); err != nil { - return diag.Errorf("error creating KVV2 secret: %s", err) - } + if _, err := client.Logical().Write(path, data); err != nil { + return diag.Errorf("error writing secret data to %s, err=%s", path, err) d.SetId(path) From cea68eae331680957b5762341b55c39ac8fb98ee Mon Sep 17 00:00:00 2001 From: Ben Ash <32777270+benashz@users.noreply.github.com> Date: Fri, 30 Sep 2022 11:16:18 -0400 Subject: [PATCH 5/5] Apply suggestions from code review --- vault/resource_kv_secret_v2.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/vault/resource_kv_secret_v2.go b/vault/resource_kv_secret_v2.go index 386665484..ae1508a13 100644 --- a/vault/resource_kv_secret_v2.go +++ b/vault/resource_kv_secret_v2.go @@ -5,13 +5,9 @@ import ( "encoding/json" "fmt" "log" - "net/http" - "time" - "github.com/cenkalti/backoff/v4" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/vault/api" "github.com/hashicorp/terraform-provider-vault/internal/consts" "github.com/hashicorp/terraform-provider-vault/internal/provider" @@ -140,6 +136,7 @@ func kvSecretV2Write(ctx context.Context, d *schema.ResourceData, meta interface if _, err := client.Logical().Write(path, data); err != nil { return diag.Errorf("error writing secret data to %s, err=%s", path, err) + } d.SetId(path)