gered/vault-sidekick
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #51 from munnerz/jitter

Browse source 
Add support for optional jitter parameter on CN
This commit is contained in:
Rohith Jayawardene 2017-09-19 10:04:20 +01:00 committed by GitHub
parent 6f9107baa0 17ff26ba79
commit 943e085884
4 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -147,3 +147,4 @@ bundle format is very similar in the sense it similar takes the private key and
- **fmt**: (format) allows you to specify the output format of the resource / secret, e.g json, yaml, ini, txt - **fmt**: (format) allows you to specify the output format of the resource / secret, e.g json, yaml, ini, txt
- **exec** (execute) execute's a command when resource is updated or changed - **exec** (execute) execute's a command when resource is updated or changed
- **retries**: (retries) the maximum number of times to retry retrieving a resource. If not set, resources will be retried indefinitely - **retries**: (retries) the maximum number of times to retry retrieving a resource. If not set, resources will be retried indefinitely
* **jitter**: (jitter) an optional maximum jitter duration. If specified, a random duration between 0 and `jitter` will be subtracted from the renewal time for the resource

7
vault_resource.go
View file

@ -48,6 +48,10 @@ const (
optionMode = "mode" optionMode = "mode"
// optionMaxRetries is the maximum number of retries that should be attempted // optionMaxRetries is the maximum number of retries that should be attempted
optionMaxRetries = "retries" optionMaxRetries = "retries"
// optionMaxJitter is the maximum amount of jitter that should be applied
// to updates for this resource. If non-zero, a random value between 0 and
// maxJitter will be subtracted from the update period.
optionMaxJitter = "jitter"
// defaultSize sets the default size of a generic secret // defaultSize sets the default size of a generic secret
defaultSize = 20 defaultSize = 20
) )
@ -117,6 +121,9 @@ type VaultResource struct {
// retries is the number of times this resource has been retried since it // retries is the number of times this resource has been retried since it
// last succeeded // last succeeded
retries int retries int
// maxJitter is the maximum jitter duration to use for this resource when
// performing renewals
maxJitter time.Duration
} }
// GetFilename generates a resource filename by default the resource name and resource type, which // GetFilename generates a resource filename by default the resource name and resource type, which

6
vault_resources.go
View file

@ -137,6 +137,12 @@ func (r *VaultResources) Set(value string) error {
return fmt.Errorf("the retries option: %s is invalid, should be an integer", value) return fmt.Errorf("the retries option: %s is invalid, should be an integer", value)
} }
rn.maxRetries = int(maxRetries) rn.maxRetries = int(maxRetries)
case optionMaxJitter:
maxJitter, err := time.ParseDuration(value)
if err != nil {
return fmt.Errorf("the jitter option: %s is invalid, should be in duration format", value)
}
rn.maxJitter = maxJitter
default: default:
rn.options[name] = value rn.options[name] = value
} }

7
watched_resource.go
View file

@ -57,6 +57,13 @@ func (r *watchedResource) notifyOnRenewal(ch chan *watchedResource) {
} }
r.renewalTime = r.calculateRenewal() r.renewalTime = r.calculateRenewal()
} }
if r.resource.maxJitter != 0 {
glog.V(4).Infof("using maxJitter (%s) to calculate renewal time", r.resource.maxJitter)
r.renewalTime = time.Duration(getDurationWithin(
int((r.renewalTime-r.resource.maxJitter)/time.Second),
int(r.renewalTime/time.Second),
))
}
glog.V(3).Infof("setting a renewal notification on resource: %s, time: %s", r.resource, r.renewalTime) glog.V(3).Infof("setting a renewal notification on resource: %s, time: %s", r.resource, r.renewalTime)
// step: wait for the duration // step: wait for the duration
<-time.After(r.renewalTime) <-time.After(r.renewalTime)