From 9b2646eaf970340103cf6b6d885fb4daf167fd58 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 21 Sep 2020 11:05:44 -0400 Subject: [PATCH] Fix retry behavior with KMS recovery and misleading error message (#391) --- api/client.go | 19 +++++++++++++++++-- internal/auth/password/repository_account.go | 2 +- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/api/client.go b/api/client.go index 905b27aa43..996a8aa046 100644 --- a/api/client.go +++ b/api/client.go @@ -676,7 +676,7 @@ func (c *Client) NewRequest(ctx context.Context, method, requestPath string, bod Host: u.Host, } req.Header = headers - req.Header.Add("authorization", "Bearer "+token) + req.Header.Set("authorization", "Bearer "+token) req.Header.Set("content-type", "application/json") if ctx != nil { req = req.WithContext(ctx) @@ -701,6 +701,7 @@ func (c *Client) Do(r *retryablehttp.Request) (*Response, error) { httpClient := c.config.HttpClient timeout := c.config.Timeout token := c.config.Token + recoveryKmsWrapper := c.config.RecoveryKmsWrapper outputCurlString := c.config.OutputCurlString c.modifyLock.RUnlock() @@ -737,7 +738,21 @@ func (c *Client) Do(r *retryablehttp.Request) (*Response, error) { } if checkRetry == nil { - checkRetry = retryablehttp.DefaultRetryPolicy + checkRetry = func(ctx context.Context, resp *http.Response, err error) (bool, error) { + if recoveryKmsWrapper != nil && + resp != nil && + resp.Request != nil { + token, err = recovery.GenerateRecoveryToken(ctx, recoveryKmsWrapper) + if err != nil { + return false, fmt.Errorf("error generating recovery KMS workflow token: %w", err) + } + if resp.Request.Header == nil { + resp.Request.Header = make(http.Header) + } + resp.Request.Header.Set("authorization", "Bearer "+token) + } + return retryablehttp.DefaultRetryPolicy(ctx, resp, err) + } } client := &retryablehttp.Client{ diff --git a/internal/auth/password/repository_account.go b/internal/auth/password/repository_account.go index 7a8ed77beb..eecbf85108 100644 --- a/internal/auth/password/repository_account.go +++ b/internal/auth/password/repository_account.go @@ -42,7 +42,7 @@ func (r *Repository) CreateAccount(ctx context.Context, scopeId string, a *Accou return nil, fmt.Errorf("create: password account: scope id empty: %w", db.ErrInvalidParameter) } if !validLoginName(a.LoginName) { - return nil, fmt.Errorf("create: password account: invalid user name: %w", db.ErrInvalidParameter) + return nil, fmt.Errorf("create: password account: invalid login name; must be all-lowercase alphanumeric: %w", db.ErrInvalidParameter) } cc, err := r.currentConfig(ctx, a.AuthMethodId)