consul icon indicating copy to clipboard operation
consul copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Remove unnecessary custom retry logic associated with Consul's usage of the Vault API

Open clly opened this issue 2 years ago • 3 comments

Feature Description

Once we've upgraded to a later version of protobuf we can also upgrade to a newer version of vault/api. This will pull in improvements but the biggest known win is that the vault LifetimeWatcher will automatically backoff on Vault errors and allow us to remove out our own backoff logic. The backoff logic was added in https://github.com/hashicorp/consul/pull/12607 to prevent thousands of requests to Vault if the authentication method becomes invalid.

The protobuf changes are completed: https://github.com/hashicorp/consul/issues/10471

clly avatar Mar 24 '22 20:03 clly

@clly , @rboyer : Why upgrade to Vault API 1.1.1 specifically? If I understand correctly, we currently use Vault 1.0.5. The latest Vault API version is 1.8.2.

jkirschner-hashicorp avatar Dec 21 '22 14:12 jkirschner-hashicorp

Vault 1.1.1 was the lowest API version with the referenced changes. Consul could upgrade as high as it would like to go and I am on board with going to latest.

clly avatar Dec 21 '22 18:12 clly

https://github.com/hashicorp/consul/pull/15970 updated the Vault API to 1.8.2 for Consul 1.15.0+.

We believe that makes the backoff logic introduced by #12607 no longer necessary. It's a small internal cleanup to remove that unnecessary logic.

jkirschner-hashicorp avatar Jan 27 '23 16:01 jkirschner-hashicorp