From 05074af56353aca8ccc37db9e69d31c8e8934418 Mon Sep 17 00:00:00 2001
From: Max Wagner <3364111+wagnerm@users.noreply.github.com>
Date: Wed, 22 Mar 2023 15:34:31 -0600
Subject: [PATCH] Add option to retry Vault Token retrieval

Sometimes we might encounter errors when retrieving the Vault token
using a method like JWT. In those cases, the action does not retry the
request today because the got package does not try POST requests by default.

This change adds an option called retryVaultTokenRetrieval that will
add the POST method to the retriable methods got uses. The post method
is not used in any other place in this action, so having the POST method
added to the defaultOptions seems okay for now.
---
 action.yml    | 3 +++
 src/action.js | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/action.yml b/action.yml
index 073f579..e182e43 100644
--- a/action.yml
+++ b/action.yml
@@ -79,6 +79,9 @@ inputs:
   secretEncodingType:
     description: 'The encoding type of the secret to decode. If not specified, the secret will not be decoded. Supported values: base64, hex, utf8'
     required: false
+  retryVaultTokenRetrieval:
+    description: 'Enable retrying retrieval of Vault server tokens. If not specified the token request to the Vault server will only be tried once.'
+    required: false
 runs:
   using: 'node16'
   main: 'dist/index.js'
diff --git a/src/action.js b/src/action.js
index b898005..256980c 100644
--- a/src/action.js
+++ b/src/action.js
@@ -31,6 +31,7 @@ async function exportSecrets() {
         headers: {},
         https: {},
         retry: {
+            methods: [...got.defaults.options.retry.methods],
             statusCodes: [
                 ...got.defaults.options.retry.statusCodes,
                 // Vault returns 412 when the token in use hasn't yet been replicated
@@ -68,6 +69,11 @@ async function exportSecrets() {
         defaultOptions.headers["X-Vault-Namespace"] = vaultNamespace;
     }
 
+    const retryVaultTokenRetrieval = (core.getInput('retryVaultTokenRetrieval', { required: false }) || 'false').toLowerCase() != 'false';
+    if (retryVaultTokenRetrieval === true) {
+        defaultOptions.retry.methods.push('POST');
+    }
+
     const vaultToken = await retrieveToken(vaultMethod, got.extend(defaultOptions));
     defaultOptions.headers['X-Vault-Token'] = vaultToken;
     const client = got.extend(defaultOptions);