[WI] Vault renew self fails

[ygersie]

With workload identity I found myself in a scenario where Vault token renewal fails indefinitely. It looks like determining if this is a fatal error doesn't work correctly as the error is different than what is in this list: https://github.com/hashicorp/nomad/blob/36522ec6320b9663eca967ba1d6ebe7dfa856327/client/vaultclient/vaultclient.go#L439

    2024-08-22T18:45:35.294+0200 [ERROR] client.vault: error during renewal of lease or token failed due to a non-fatal error; retrying: name=default
  error=
  | failed to renew the vault token: Error making API request.
  |
  | URL: PUT http://localhost:8200/v1/auth/token/renew-self
  | Code: 400. Errors:
  |
  | * lease expired

In my setup this will never resolve I assume because of:

  template {
    vault_retry {
      attempts    = 0
      backoff     = "250ms"
      max_backoff = "5m"
    }
  }