Merge pull request #59 from Infisical/retry-on-request-error

feat: retry on request error

Author: varonix0

client.go

@@ -6,15 +6,20 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+
 	"math"
 	"math/rand"
 	"net"
+	"os"
 	"reflect"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+
 	"github.com/go-resty/resty/v2"
 	"github.com/hashicorp/golang-lru/v2/expirable"
 	api "github.com/infisical/go-sdk/packages/api/auth"
@@ -42,6 +47,8 @@ type InfisicalClient struct {
 	dynamicSecrets DynamicSecretsInterface
 	kms            KmsInterface
 	ssh            SshInterface
+
+	logger zerolog.Logger
 }
 
 type InfisicalClientInterface interface {
@@ -54,6 +61,56 @@ type InfisicalClientInterface interface {
 	Ssh() SshInterface
 }
 
+type ExponentialBackoffStrategy struct {
+	// Base delay between retries. Defaults to 1 second
+	BaseDelay time.Duration
+
+	// Maximum number of retries. Defaults to 3
+	MaxRetries int
+
+	// Maximum delay between retries. Defaults to 30 seconds
+	MaxDelay time.Duration
+}
+
+func (s *ExponentialBackoffStrategy) GetDelay(retryCount int) time.Duration {
+
+	if s.BaseDelay == 0 {
+		s.BaseDelay = 1 * time.Second
+	}
+
+	if s.MaxDelay == 0 {
+		s.MaxDelay = 30 * time.Second
+	}
+
+	if s.MaxRetries == 0 {
+		s.MaxRetries = 3
+	}
+
+	delay := s.BaseDelay * time.Duration(math.Pow(2, float64(retryCount)))
+
+	// if delay is greater than the user-configured max delay, set the delay to the max delay
+	if delay > s.MaxDelay {
+		delay = s.MaxDelay
+	}
+
+	return s.Jitter(delay)
+}
+
+func (s *ExponentialBackoffStrategy) Jitter(delay time.Duration) time.Duration {
+	// 20% jitter, negative and positive
+
+	jitterFactor := 0.2
+
+	// generates random value in [-0.2, +0.2] range
+	randomFactor := (rand.Float64()*2 - 1) * jitterFactor
+	jitter := time.Duration(randomFactor * float64(delay))
+	return delay + jitter
+}
+
+type RetryRequestsConfig struct {
+	ExponentialBackoff *ExponentialBackoffStrategy
+}
+
 type Config struct {
 	SiteUrl              string `default:"https://app.infisical.com"`
 	CaCertificate        string
@@ -62,6 +119,52 @@ type Config struct {
 	SilentMode           bool   `default:"false"`            // If enabled, the SDK will not print any warnings to the console.
 	CacheExpiryInSeconds int    // Defines how long certain API responses should be cached in memory, in seconds. When set to a positive value, responses from specific fetch API requests (like secret fetching) will be cached for this duration. Set to 0 to disable caching. Defaults to 0.
 	CustomHeaders        map[string]string
+	RetryRequestsConfig  *RetryRequestsConfig
+}
+
+func setupLogger() zerolog.Logger {
+	// very annoying but zerolog doesn't allow us to change one color without changing all of them
+	// these are the default colors for each level, except for warn
+	levelColors := map[string]string{
+		"trace": "\033[35m", // magenta
+		"debug": "\033[33m", // yellow
+		"info":  "\033[32m", // green
+		"warn":  "\033[33m", // yellow (this one is custom, the default is red \033[31m)
+		"error": "\033[31m", // red
+		"fatal": "\033[31m", // red
+		"panic": "\033[31m", // red
+	}
+
+	// map full level names to abbreviated forms (default zerolog behavior)
+	// see consoleDefaultFormatLevel, in zerolog for example
+	levelAbbrev := map[string]string{
+		"trace": "TRC",
+		"debug": "DBG",
+		"info":  "INF",
+		"warn":  "WRN",
+		"error": "ERR",
+		"fatal": "FTL",
+		"panic": "PNC",
+	}
+
+	logger := log.Output(zerolog.ConsoleWriter{
+		Out:        os.Stderr,
+		TimeFormat: time.RFC3339,
+		FormatLevel: func(i interface{}) string {
+			level := fmt.Sprintf("%s", i)
+			color := levelColors[level]
+			if color == "" {
+				color = "\033[0m" // no color for unknown levels
+			}
+			abbrev := levelAbbrev[level]
+			if abbrev == "" {
+				abbrev = strings.ToUpper(level) // fallback to uppercase if unknown
+			}
+			return color + abbrev + "\033[0m"
+		},
+	})
+
+	return logger
 }
 
 func setDefaults(cfg *Config) {
@@ -133,7 +236,11 @@ func (c *InfisicalClient) setPlainAccessToken(accessToken string) {
 }
 
 func NewInfisicalClient(context context.Context, config Config) InfisicalClientInterface {
-	client := &InfisicalClient{}
+	logger := setupLogger()
+
+	client := &InfisicalClient{
+		logger: logger,
+	}
 	setDefaults(&config)
 	client.UpdateConfiguration(config) // set httpClient and config
 
@@ -169,16 +276,32 @@ func (c *InfisicalClient) UpdateConfiguration(config Config) {
 			SetHeader("User-Agent", config.UserAgent).
 			SetBaseURL(config.SiteUrl)
 
-		c.httpClient.SetRetryCount(3).
+		maxRetries := 3
+		maxWaitTime := 30 * time.Second
+
+		if config.RetryRequestsConfig != nil && config.RetryRequestsConfig.ExponentialBackoff != nil {
+			maxRetries = config.RetryRequestsConfig.ExponentialBackoff.MaxRetries
+			maxWaitTime = 10 * time.Minute
+		}
+
+		c.httpClient.SetRetryCount(maxRetries).
 			SetRetryWaitTime(1 * time.Second).
-			SetRetryMaxWaitTime(30 * time.Second).
-			SetRetryAfter(func(c *resty.Client, r *resty.Response) (time.Duration, error) {
+			SetRetryMaxWaitTime(maxWaitTime).
+			SetRetryAfter(func(rc *resty.Client, r *resty.Response) (time.Duration, error) {
+
+				if config.RetryRequestsConfig != nil && config.RetryRequestsConfig.ExponentialBackoff != nil {
+					delay := config.RetryRequestsConfig.ExponentialBackoff.GetDelay(r.Request.Attempt)
+					if !config.SilentMode {
+						util.PrintWarning(c.logger, fmt.Sprintf("Request failed, [url=%s] [status=%d] [method=%s]\nRetrying in %s (attempt %d)", r.Request.URL, r.StatusCode(), r.Request.Method, delay.String(), r.Request.Attempt))
+					}
+					return delay, nil
+				}
 
 				attempt := r.Request.Attempt + 1
 				if attempt <= 0 {
 					attempt = 1
 				}
-				waitTime := math.Min(float64(c.RetryWaitTime)*math.Pow(2, float64(attempt-1)), float64(c.RetryMaxWaitTime))
+				waitTime := math.Min(float64(rc.RetryWaitTime)*math.Pow(2, float64(attempt-1)), float64(rc.RetryMaxWaitTime))
 
 				// Add jitter of +/-20%
 				jitterFactor := 0.8 + (rand.Float64() * 0.4)
@@ -189,11 +312,19 @@ func (c *InfisicalClient) UpdateConfiguration(config Config) {
 			}).
 			AddRetryCondition(func(r *resty.Response, err error) bool {
 				// don't retry if there's no error or it's a timeout
-				if err == nil || errors.Is(err, context.DeadlineExceeded) {
+				if errors.Is(err, context.DeadlineExceeded) {
+					return false
+				}
+
+				if err == nil && r == nil {
 					return false
 				}
 
-				errMsg := err.Error()
+				if config.RetryRequestsConfig != nil && config.RetryRequestsConfig.ExponentialBackoff != nil {
+					if (r != nil && r.IsError()) || err != nil {
+						return r.Request.Attempt <= config.RetryRequestsConfig.ExponentialBackoff.MaxRetries
+					}
+				}
 
 				networkErrors := []string{
 					"connection refused",
@@ -219,9 +350,14 @@ func (c *InfisicalClient) UpdateConfiguration(config Config) {
 					return true
 				}
 
-				for _, netErr := range networkErrors {
-					if strings.Contains(strings.ToLower(errMsg), netErr) {
-						isConditionMet = true
+				if err != nil {
+					for _, netErr := range networkErrors {
+						errMsg := err.Error()
+
+						if strings.Contains(strings.ToLower(errMsg), netErr) {
+							isConditionMet = true
+							break
+						}
 					}
 				}
 
@@ -242,11 +378,11 @@ func (c *InfisicalClient) UpdateConfiguration(config Config) {
 	if config.CaCertificate != "" {
 		caCertPool, err := x509.SystemCertPool()
 		if err != nil && !config.SilentMode {
-			util.PrintWarning(fmt.Sprintf("failed to load system root CA pool: %v", err))
+			util.PrintWarning(c.logger, fmt.Sprintf("failed to load system root CA pool: %v", err))
 		}
 
 		if ok := caCertPool.AppendCertsFromPEM([]byte(config.CaCertificate)); !ok && !config.SilentMode {
-			util.PrintWarning("failed to append CA certificate")
+			util.PrintWarning(c.logger, "failed to append CA certificate")
 		}
 
 		tlsConfig := &tls.Config{
@@ -371,7 +507,7 @@ func (c *InfisicalClient) handleTokenLifeCycle(context context.Context) {
 
 					if !config.SilentMode && !warningPrinted && tokenDetails.AccessTokenMaxTTL != 0 && tokenDetails.ExpiresIn != 0 {
 						if tokenDetails.AccessTokenMaxTTL < 60 || tokenDetails.ExpiresIn < 60 {
-							util.PrintWarning("Machine Identity access token TTL or max TTL is less than 60 seconds. This may cause excessive API calls, and you may be subject to rate-limits.")
+							util.PrintWarning(c.logger, "Machine Identity access token TTL or max TTL is less than 60 seconds. This may cause excessive API calls, and you may be subject to rate-limits.")
 						}
 						warningPrinted = true
 					}
@@ -387,7 +523,7 @@ func (c *InfisicalClient) handleTokenLifeCycle(context context.Context) {
 						newToken, err := authStrategies[c.authMethod](clientCredential)
 
 						if err != nil && !config.SilentMode {
-							util.PrintWarning(fmt.Sprintf("Failed to re-authenticate: %s\n", err.Error()))
+							util.PrintWarning(c.logger, fmt.Sprintf("Failed to re-authenticate: %s\n", err.Error()))
 						} else {
 							c.setAccessToken(newToken, c.credential, c.authMethod)
 							c.mu.Lock()
@@ -403,7 +539,7 @@ func (c *InfisicalClient) handleTokenLifeCycle(context context.Context) {
 							// If renewing would exceed max TTL, directly re-authenticate
 							newToken, err := authStrategies[c.authMethod](clientCredential)
 							if err != nil && !config.SilentMode {
-								util.PrintWarning(fmt.Sprintf("Failed to re-authenticate: %s\n", err.Error()))
+								util.PrintWarning(c.logger, fmt.Sprintf("Failed to re-authenticate: %s\n", err.Error()))
 							} else {
 								c.setAccessToken(newToken, c.credential, c.authMethod)
 								c.mu.Lock()
@@ -416,12 +552,12 @@ func (c *InfisicalClient) handleTokenLifeCycle(context context.Context) {
 
 							if err != nil {
 								if !config.SilentMode {
-									util.PrintWarning(fmt.Sprintf("Failed to renew access token: %s\n\nAttempting to re-authenticate.", err.Error()))
+									util.PrintWarning(c.logger, fmt.Sprintf("Failed to renew access token: %s\n\nAttempting to re-authenticate.", err.Error()))
 								}
 
 								newToken, err := authStrategies[c.authMethod](clientCredential)
 								if err != nil && !config.SilentMode {
-									util.PrintWarning(fmt.Sprintf("Failed to re-authenticate: %s\n", err.Error()))
+									util.PrintWarning(c.logger, fmt.Sprintf("Failed to re-authenticate: %s\n", err.Error()))
 								} else {
 									c.setAccessToken(newToken, c.credential, c.authMethod)
 									c.mu.Lock()

go.mod

@@ -35,7 +35,10 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/oracle/oci-go-sdk/v65 v65.95.2 // indirect
+	github.com/rs/zerolog v1.34.0 // indirect
 	github.com/sony/gobreaker v0.5.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.opencensus.io v0.24.0 // indirect

go.sum

@@ -37,6 +37,7 @@ github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -53,6 +54,7 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-resty/resty/v2 v2.13.1 h1:x+LHXBI2nMB1vqndymf26quycC4aggYJ7DECYbiz03g=
 github.com/go-resty/resty/v2 v2.13.1/go.mod h1:GznXlLxkq6Nh4sU59rPmUw3VtgpO3aS96ORAI6Q7d+0=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -88,11 +90,20 @@ github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBY
 github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/oracle/oci-go-sdk/v65 v65.95.2 h1:0HJ0AgpLydp/DtvYrF2d4str2BjXOVAeNbuW7E07g94=
 github.com/oracle/oci-go-sdk/v65 v65.95.2/go.mod h1:u6XRPsw9tPziBh76K7GrrRXPa8P8W3BQeqJ6ZZt9VLA=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
+github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
+github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg=
 github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -166,8 +177,11 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=

packages/util/helper.go

@@ -6,13 +6,13 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"os"
 	"sort"
 	"strings"
 	"time"
 
 	"github.com/go-resty/resty/v2"
 	"github.com/infisical/go-sdk/packages/models"
+	"github.com/rs/zerolog"
 )
 
 func AppendAPIEndpoint(siteUrl string) string {
@@ -28,8 +28,8 @@ func AppendAPIEndpoint(siteUrl string) string {
 	return siteUrl + "/api"
 }
 
-func PrintWarning(message string) {
-	fmt.Fprintf(os.Stderr, "[Infisical] Warning: %v \n", message)
+func PrintWarning(logger zerolog.Logger, message string) {
+	logger.Warn().Msgf("[Infisical] Warning: %v", message)
 }
 
 func EnsureUniqueSecretsByKey(secrets *[]models.Secret, skipUniqueKey bool) {