in common/src/main/java/org/jetbrains/teamcity/vault/support/LifecycleAwareSessionManager.java [126:166]
protected boolean renewToken() {
LOG.info("Renewing HashiCorp Vault token");
VaultToken token = this.token;
if (token == null) {
return false;
}
try {
VaultResponse vaultResponse = restOperations.postForObject(
"auth/token/renew-self",
new HttpEntity<Object>(VaultHttpHeaders.from(token)),
VaultResponse.class);
LoginToken renewed = from(vaultResponse.getAuth());
LOG.info(String.format("Received token: LoginToken(renewable=%b, lease_duration=%d):", renewed.isRenewable(), renewed.getLeaseDuration().getSeconds()));
long validTtlThreshold = TimeUnit.MILLISECONDS.toSeconds(refreshTrigger.getValidTtlThreshold());
if (renewed.getLeaseDuration().getSeconds() <= validTtlThreshold) {
LOG.warn(String.format("Token TTL (%s) exceeded validity TTL threshold (%s). Dropping token.",
renewed.getLeaseDuration(), validTtlThreshold));
logger.warning("HashiCorp Vault token exceed validity TTL threshold and would be dropped.");
this.token = null;
return false;
}
this.token = renewed;
LOG.info("Renewed HashiCorp Vault token successfully");
logger.message("Renewed HashiCorp Vault token successfully");
return true;
} catch (HttpStatusCodeException e) {
logger.warning("Cannot renew HashiCorp Vault token, resetting token and performing re-login: " + e.getStatusCode() + " " + VaultResponses.getError(e));
LOG.warn("Cannot renew HashiCorp Vault token, resetting token and performing re-login: " + e.getStatusCode() + " " + VaultResponses.getError(e), e);
this.token = null;
return false;
} catch (RuntimeException e) {
logger.warning("Cannot renew HashiCorp Vault token, resetting token and performing re-login: " + e.getMessage());
LOG.warn("Cannot renew HashiCorp Vault token, resetting token and performing re-login: " + e.getMessage(), e);
this.token = null;
return false;
}
}