func getResilientClient() *pester.Client { tr := &http.Transport{ MaxIdleConnsPerHost: 32, TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).Dial, } c := &http.Client{ Transport: tr, Timeout: time.Duration(30 * time.Second), } client := pester.NewExtendedClient(c) client.Backoff = pester.ExponentialBackoff client.MaxRetries = 5 client.Concurrency = 1 return client }
// RawRequest performs the raw request given. This request may be against // a Vault server not configured with this client. This is an advanced operation // that generally won't need to be called externally. func (c *Client) RawRequest(r *Request) (*Response, error) { redirectCount := 0 START: req, err := r.ToHTTP() if err != nil { return nil, err } client := pester.NewExtendedClient(c.config.HttpClient) client.Backoff = pester.LinearJitterBackoff client.MaxRetries = c.config.MaxRetries var result *Response resp, err := client.Do(req) if resp != nil { result = &Response{Response: resp} } if err != nil { if strings.Contains(err.Error(), "tls: oversized") { err = fmt.Errorf( "%s\n\n"+ "This error usually means that the server is running with TLS disabled\n"+ "but the client is configured to use TLS. Please either enable TLS\n"+ "on the server or run the client with -address set to an address\n"+ "that uses the http protocol:\n\n"+ " vault <command> -address http://<address>\n\n"+ "You can also set the VAULT_ADDR environment variable:\n\n\n"+ " VAULT_ADDR=http://<address> vault <command>\n\n"+ "where <address> is replaced by the actual address to the server.", err) } return result, err } // Check for a redirect, only allowing for a single redirect if (resp.StatusCode == 301 || resp.StatusCode == 302 || resp.StatusCode == 307) && redirectCount == 0 { // Parse the updated location respLoc, err := resp.Location() if err != nil { return result, err } // Ensure a protocol downgrade doesn't happen if req.URL.Scheme == "https" && respLoc.Scheme != "https" { return result, fmt.Errorf("redirect would cause protocol downgrade") } // Update the request r.URL = respLoc // Reset the request body if any if err := r.ResetJSONBody(); err != nil { return result, err } // Retry the request redirectCount++ goto START } if err := result.Error(); err != nil { return result, err } return result, nil }