From d4f7bfef18555263778f3bcf10cb35451d8707ad Mon Sep 17 00:00:00 2001
From: Kristof Wevers <kristof.wevers@infura.eu>
Date: Thu, 28 Dec 2023 15:40:56 +0100
Subject: [PATCH] feat: Add retries to requests sessions

Every so often we get connection timed out errors towards our HCP Vault
endpoint. This is usually when a larger number of jobs is running
simultaneously. Considering requests for other jobs do still succeed this
is probably load related and adding a retry should help in making this a
bit more robust.
---
 awx/main/credential_plugins/hashivault.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/awx/main/credential_plugins/hashivault.py b/awx/main/credential_plugins/hashivault.py
index 62aabade6167..b993db88f1dd 100644
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@@ -227,6 +227,7 @@ def method_auth(**kwargs):
     cacert = kwargs.get('cacert', None)
 
     sess = requests.Session()
+    sess.mount(url, requests.adapters.HTTPAdapter(max_retries=5))
 
     # Namespace support
     if kwargs.get('namespace'):
@@ -263,6 +264,7 @@ def kv_backend(**kwargs):
     }
 
     sess = requests.Session()
+    sess.mount(url, requests.adapters.HTTPAdapter(max_retries=5))
     sess.headers['Authorization'] = 'Bearer {}'.format(token)
     # Compatibility header for older installs of Hashicorp Vault
     sess.headers['X-Vault-Token'] = token
@@ -333,6 +335,7 @@ def ssh_backend(**kwargs):
         request_kwargs['json']['valid_principals'] = kwargs['valid_principals']
 
     sess = requests.Session()
+    sess.mount(url, requests.adapters.HTTPAdapter(max_retries=5))
     sess.headers['Authorization'] = 'Bearer {}'.format(token)
     if kwargs.get('namespace'):
         sess.headers['X-Vault-Namespace'] = kwargs['namespace']