From b5faeff233933f550c84875b08d22bd55a083f74 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Fri, 7 Feb 2025 08:45:33 -0500 Subject: [PATCH] vault: fix bug in logging logic around renewals (#25040) In #24409 we fixed a bug where some of the error messages we get from Vault weren't being caught correctly. This fix itself contains a bug where we changed the logic that logged the non-fatal errors so that it logs when there is no renewal error. Ref: https://github.com/hashicorp/nomad/pull/24409 Fixes: https://github.com/hashicorp/nomad/issues/24933 --- .changelog/25040.txt | 3 +++ client/vaultclient/vaultclient.go | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 .changelog/25040.txt diff --git a/.changelog/25040.txt b/.changelog/25040.txt new file mode 100644 index 000000000..fe67f98f9 --- /dev/null +++ b/.changelog/25040.txt @@ -0,0 +1,3 @@ +```release-note:bug +vault: Fixed a bug where successful renewal was logged as an error +``` diff --git a/client/vaultclient/vaultclient.go b/client/vaultclient/vaultclient.go index 4f86a3a01..f83bf13c2 100644 --- a/client/vaultclient/vaultclient.go +++ b/client/vaultclient/vaultclient.go @@ -451,11 +451,11 @@ func (c *vaultClient) renew(req *vaultClientRenewalRequest) error { strings.Contains(errMsg, "permission denied") || strings.Contains(errMsg, "token not found") { fatal = true + } else { + c.logger.Debug("renewal error details", "req.increment", req.increment, "lease_duration", leaseDuration, "renewal_duration", renewalDuration) + c.logger.Error("error during renewal of lease or token failed due to a non-fatal error; retrying", + "error", renewalErr, "period", next) } - } else { - c.logger.Debug("renewal error details", "req.increment", req.increment, "lease_duration", leaseDuration, "renewal_duration", renewalDuration) - c.logger.Error("error during renewal of lease or token failed due to a non-fatal error; retrying", - "error", renewalErr, "period", next) } if c.isTracked(req.id) {