Fix exponential backoff for api.LifetimeWatcher by andrewstucki · Pull Request #26383 · hashicorp/vault
I just opened up a bug for this PR, this fixes it. Here's the original context from the bug:
Describe the bug
We were using the Vault LifetimeWatcher from the api package in an internal project and noticed an issue with the backoff behavior of token renewal that was causing a bunch of our tests to fail when we upgraded to a new version of Vault.
The bug is here:
| var sleepDuration time.Duration | |
| if errorBackoff == nil { | |
| sleepDuration = r.calculateSleepDuration(remainingLeaseDuration, priorDuration) | |
| } else if errorBackoff.NextBackOff() == backoff.Stop { | |
| return err | |
| } |
sleepDuration appears to be the time.Duration used prior to re-running the renewal loop. In the case when errBackoff is nil, then a simple backoff duration is calculated based on the call to calculateSleepDuration. If errBackoff is not nil then sleepDuration is never set and the timeout in the following select block immediately fires again.
In our testing environment this was caught because our mock Vault server was returning an invalid response, so the renew operation was failing and we were getting an inordinate amount of immediate retries.
The fix is just refactoring the above block to capture the errBackoff.NextBackoff() value as sleepDuration.
fixes: #26382