From bf3b914930321c9d7c909b5a4daccb4758f36d1d Mon Sep 17 00:00:00 2001 From: windmgc Date: Tue, 11 Jun 2024 19:55:57 +0800 Subject: [PATCH] fix(vault): reset retry count when resolve successfully --- kong/pdk/vault.lua | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kong/pdk/vault.lua b/kong/pdk/vault.lua index 2bf6ef0dc21..6cbda46df9d 100644 --- a/kong/pdk/vault.lua +++ b/kong/pdk/vault.lua @@ -1281,6 +1281,8 @@ local function new(self) local ok, err = get_from_vault(reference, strategy, config, new_cache_key, parsed_reference) if not ok then local retry_count = tonumber(SECRETS_CACHE:get(SECRETS_RETRY_KEY_PREFIX .. new_cache_key) or 0, 10) + -- secrets that are failed resolving for more than SECRETS_RETRY_COUNT_THRESHOLD + -- times will be removed from the cache and stop rotation if retry_count >= SECRETS_RETRY_COUNT_THRESHOLD then SECRETS_CACHE:delete(new_cache_key) SECRETS_CACHE:delete(SECRETS_RETRY_KEY_PREFIX .. new_cache_key) @@ -1290,6 +1292,9 @@ local function new(self) SECRETS_CACHE:incr(SECRETS_RETRY_KEY_PREFIX .. new_cache_key, 1, 0) end return nil, fmt("could not retrieve value for reference %s (%s)", reference, err) + + else + SECRETS_CACHE:delete(SECRETS_RETRY_KEY_PREFIX .. new_cache_key) end return true