Better error catching for app role check

Catch when vault is sealed. Retries are only necessary for the internal server error (which indicates a DB failure). Change-Id: I5aae05dd2902094874500022ac18661a24f5726d Related-Bug: #1866150
2020-08-10 15:49:52 -07:00 · 2020-08-10 15:49:52 -07:00 · ed8ddb8caa
parent 3e48efe85b
commit ed8ddb8caa
2 changed files with 4 additions and 1 deletions
--- a/src/lib/charm/vault.py
+++ b/src/lib/charm/vault.py
@ -236,6 +236,8 @@ def get_client(url=None):

@tenacity.retry(wait=tenacity.wait_exponential(multiplier=1, max=60),
                stop=tenacity.stop_after_attempt(8),
+                retry=tenacity.retry_if_exception_type(
+                    hvac.exceptions.InternalServerError),
                reraise=True)
 def get_local_client():
    """Provide a client for talking to the vault api
--- a/src/reactive/vault_handlers.py
+++ b/src/reactive/vault_handlers.py
@ -727,7 +727,8 @@ def client_approle_authorized():
        vault.get_local_client()
        return True
    except (vault.hvac.exceptions.InternalServerError,
-            vault.VaultNotReady):
+            vault.VaultNotReady,
+            vault.hvac.exceptions.VaultDown):
        log("InternalServerError: Unable to athorize approle. "
            "This may indicate failure to communicate with the database ",
            "WARNING")