search

ansible-collections / community.hashi_vault

Ansible collection for managing and working with HashiCorp Vault.
https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/index.html
GNU General Public License v3.0
81 stars 62 forks source link

hashi_vault connection - add option to control timeout #99

Closed briantist closed 3 years ago

briantist commented 3 years ago
SUMMARY

The timeout is currently fixed to hvac's default of 30s with no way to customize it.

When everything is working correctly it's unlikely it'll ever be hit. When a URL is bad or the server is down, 30s can feel like a lifetime. As I implement retry support (#71), I realize that this point compounds a lot if the request is hanging waiting for a timeout on every retry as well.

When the request legitimately needs to take longer (some auth methods or secret engines could presumably take time), it would be impossible for it to ever finish.

Note on the above: I have seen a case of AWS auth for example being hit so often that it triggers throttling errors on the AWS APIs, and Vault's internal retries (which are not configurable) have it keep it going for longer than 30s, and in this case the timeout for this plugin proved problematic, as it was our main way of triggering widespread AWS auth calls and we couldn't get the "real" response from the Vault server.

There should be a configurable timeout option to better control this.

ISSUE TYPE
COMPONENT NAME

hashi_vault

ADDITIONAL INFORMATION