Renew of expired database lease

[mNantern]

Hi 👋!

I have a strange behavior with spring-vault and database lease for Postgres: Vault is configured with a max_ttl of 24h and a default_ttl of 24h.

At the start of our application a database lease is acquired with a TTL of 24 hours. After 23 hours and 59 minutes spring-vault renew the lease which is understandable because of the expiryThreshold being 60 seconds.

And then every 10 seconds a renew is made wich is also understandable because minRenewal is 10 seconds. Unfortunately spring-vault is doing one last request after the lease has been expired by Vault resulting in an error:

Cannot renew lease: Status 400 Bad Request lease not found; nested exception is org.springframework.vault.VaultException: Status 400 Bad Request: lease not found; nested exception is org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: [{"errors":["lease not found"]}
]

See the following screenshot for example:

We can see here that the lease is created at 2022-08-02T10:23:24.657137798Z but the last renew is happening at 2022-08-03T10:23:24.89190918Z so after the expiration date of the lease.

[mp911de]

At first sight, this may seem strange, but time is not an exact science in non-realtime systems. We have all sorts of latencies that add up (network latencies, garbage collection, system interrupts). Additionally, the client does not know the max ttl so we do not know when to stop in the future with requests.

[mNantern]

Thanks for your answer.

Is there some kind of workaround? Or should I ignore the Vault error?

[mp911de]

Or should I ignore the Vault error?

I think you can ignore the issue unless it causes a problem in your code.