Skip to content

Commit

Permalink
only retry when encountering a Vault non-InvalidData error
Browse files Browse the repository at this point in the history 
Signed-off-by: Tim Ramlot <[email protected]>
  • Loading branch information
@inteon
inteon committed Jun 20, 2024
1 parent c91273a commit c680694
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
3 changes: 2 additions & 1 deletion internal/vault/vault.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import (
internalinformers "github.com/cert-manager/cert-manager/internal/informers"
v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors"
"github.com/cert-manager/cert-manager/pkg/util/pki"
)

Expand Down Expand Up @@ -220,7 +221,7 @@ func (v *Vault) setToken(ctx context.Context, client Client) error {
return nil
}

return fmt.Errorf("error initializing Vault client: tokenSecretRef, appRoleSecretRef, or Kubernetes auth role not set")
return cmerrors.NewInvalidData("error initializing Vault client: tokenSecretRef, appRoleSecretRef, or Kubernetes auth role not set")
}

func (v *Vault) newConfig() (*vault.Config, error) {
Expand Down
7 changes: 6 additions & 1 deletion pkg/controller/certificaterequests/vault/vault.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
crutil "github.com/cert-manager/cert-manager/pkg/controller/certificaterequests/util"
"github.com/cert-manager/cert-manager/pkg/issuer"
logf "github.com/cert-manager/cert-manager/pkg/logs"
cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors"
)

const (
Expand Down Expand Up @@ -87,11 +88,15 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v
return nil, nil
}

// TODO: distinguish between network errors and other which might warrant a failure.
if err != nil {
message := "Failed to initialise vault client for signing"
v.reporter.Pending(cr, err, "VaultInitError", message)
log.Error(err, message)

if cmerrors.IsInvalidData(err) {
return nil, nil // Don't retry, wait for the issuer to be updated
}

return nil, err // Return error to requeue and retry
}

Expand Down

0 comments on commit c680694

Please sign in to comment.