Merge pull request #41 from clear-street/runtime-modify-delay-tries-v…

…ault-provider Allows runtime configuration of vault provider retry delay and tries.
clear-street · Jan 11, 2024 · ecafd8e · ecafd8e
2 parents b08e255 + cd435bd
commit ecafd8e
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,24 @@
+# Changelog
+***
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
+
+## Unreleased
+***
+## [3.3.6] - 2023-06-11
+
+### Added
+- `delay` and `tries` to `Vault` constructor for runtime configuration of `retry_call`
+- `delay` default to 60 seconds and `tries` to 5
+
+### Changed
+- Removed `retry` decorator usage in `vault.py`
+- Invokes `vault_client` calls through `retry_call` instead
+
+
+## Released
+***
+
+# TODO
+
diff --git a/gestalt/vault.py b/gestalt/vault.py
@@ -1,27 +1,32 @@
+import os
 from datetime import datetime, timedelta
+from queue import Queue
+from threading import Thread
 from time import sleep
-from gestalt.provider import Provider
+from typing import Any, Dict, List, Optional, Tuple, Union
+
+import hvac  # type: ignore
 import requests
-from requests.exceptions import Timeout
 from jsonpath_ng import parse  # type: ignore
-from typing import Optional, Tuple, Any, Dict, Union, List
-import hvac  # type: ignore
-from queue import Queue
-import os
-from threading import Thread
-from retry import retry
+from requests.exceptions import Timeout
+from retry.api import retry_call
+
+from gestalt.provider import Provider
 
 
 class Vault(Provider):
-    @retry((RuntimeError, Timeout), delay=2, tries=5)  # type: ignore
-    def __init__(self,
-                 cert: Optional[Tuple[str, str]] = None,
-                 role: Optional[str] = None,
-                 jwt: Optional[str] = None,
-                 url: Optional[str] = os.environ.get("VAULT_ADDR"),
-                 token: Optional[str] = os.environ.get("VAULT_TOKEN"),
-                 verify: Optional[bool] = True,
-                 scheme: str = "ref+vault://") -> None:
+    def __init__(
+        self,
+        cert: Optional[Tuple[str, str]] = None,
+        role: Optional[str] = None,
+        jwt: Optional[str] = None,
+        url: Optional[str] = os.environ.get("VAULT_ADDR"),
+        token: Optional[str] = os.environ.get("VAULT_TOKEN"),
+        verify: Optional[bool] = True,
+        scheme: str = "ref+vault://",
+        delay: int = 60,
+        tries: int = 5,
+    ) -> None:
         """Initialized vault client and authenticates vault
 
         Args:
@@ -44,8 +49,16 @@ def __init__(self,
         self._secret_values: Dict[str, Union[str, int, float, bool,
                                              List[Any]]] = dict()
 
+        self.delay = delay
+        self.tries = tries
+
         try:
-            self.vault_client.is_authenticated()
+            retry_call(
+                self.vault_client.is_authenticated,
+                exceptions=(RuntimeError, Timeout),
+                delay=self.delay,
+                tries=self.tries,
+            )
         except requests.exceptions.MissingSchema:
             raise RuntimeError(
                 "Gestalt Error: Unable to connect to vault with the given configuration"
@@ -55,7 +68,13 @@ def __init__(self,
             try:
                 hvac.api.auth_methods.Kubernetes(
                     self.vault_client.adapter).login(role=role, jwt=jwt)
-                token = self.vault_client.auth.token.lookup_self()
+                token = retry_call(
+                    self.vault_client.auth.token.lookup_self,
+                    exceptions=(RuntimeError, Timeout),
+                    delay=self.delay,
+                    tries=self.tries,
+                )
+
                 if token is not None:
                     kubes_token = (
                         "kubernetes",
@@ -85,7 +104,6 @@ def stop(self) -> None:
     def __del__(self) -> None:
         self.stop()
 
-    @retry((RuntimeError, Timeout), delay=3, tries=3)  # type: ignore
     def get(
         self,
         key: str,
@@ -112,7 +130,13 @@ def get(
             return self._secret_values[key]
 
         try:
-            response = self.vault_client.read(path)
+            response = retry_call(
+                self.vault_client.read,
+                fargs=[path],
+                exceptions=(RuntimeError, Timeout),
+                delay=self.delay,
+                tries=self.tries,
+            )
             if response is None:
                 raise RuntimeError("Gestalt Error: No secrets found")
             if response['lease_id']:

diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@ def readme():
     reqs_list = list(map(lambda x: x.rstrip(), reqs))
 
 setup(name='gestalt-cfg',
-      version='3.3.5',
+      version='3.3.6',
       description='A sensible configuration library for Python',
       long_description=readme(),
       long_description_content_type="text/markdown",