Add Timeout for Vault-Connection (#7)

Add Timeout for Vault-Connections (based on Lucretius#21)

README.md

@@ -102,6 +102,7 @@ _Options specified via environment-variables take precedence before the values s
 vault:
   url: <http(s)-url to vault-server>
   insecure: <true|false>
+  timeout: <duration>
 ```
 
 - `url` *(default: https://127.0.0.1:8200)* - specifies the url of the vault-server. 
@@ -111,8 +112,8 @@ vault:
   You can alternatively specify the url with the environment-variable `VAULT_ADDR`
 
 
-
 - `insecure` *(default: false)* - specifies whether insecure https connections are allowed or not. Set to `true` when you use self-signed certificates
+- `timeout` *(default: 60s)* - timeout for the vault-http-client (see https://golang.org/pkg/time/#ParseDuration for a full list of valid time units); increase for large raft databases (and increase `snapshots.timeout` accordingly!)
 
 
 ### Vault authentication

internal/app/vault_raft_snapshot_agent/config_test.go

@@ -77,6 +77,7 @@ func TestReadCompleteConfig(t *testing.T) {
 		Vault: vault.VaultClientConfig{
 			Url:      "https://example.com:8200",
 			Insecure: true,
+			Timeout:  5 * time.Minute,
 			Auth: auth.AuthConfig{
 				AppRole: auth.AppRoleAuthConfig{
 					Path:  "approle",
@@ -136,6 +137,7 @@ func TestReadConfigSetsDefaultValues(t *testing.T) {
 		Vault: vault.VaultClientConfig{
 			Url:      "http://127.0.0.1:8200",
 			Insecure: false,
+			Timeout:  time.Minute,
 			Auth: auth.AuthConfig{
 				AppRole: auth.AppRoleAuthConfig{
 					Path:  "approle",
@@ -211,7 +213,7 @@ func TestWatchAndReConfigure(t *testing.T) {
 
 	snapshotter, err := CreateSnapshotter(config)
 	assert.NoError(t, err, "could not create snapshotter")
-	assert.Equal(t, 30 * time.Second, snapshotter.config.Frequency)
+	assert.Equal(t, 30*time.Second, snapshotter.config.Frequency)
 
 	reconfigured := WatchConfigAndReconfigure(snapshotter)
 

internal/app/vault_raft_snapshot_agent/vault/api.go

@@ -12,9 +12,10 @@ import (
 	"github.com/hashicorp/vault/api"
 )
 
-func newVaultAPIImpl(address string, insecure bool) (*vaultAPIImpl, error) {
+func newVaultAPIImpl(address string, insecure bool, timeout time.Duration) (*vaultAPIImpl, error) {
 	apiConfig := api.DefaultConfig()
 	apiConfig.Address = address
+	apiConfig.HttpClient.Timeout = timeout
 
 	tlsConfig := &api.TLSConfig{
 		Insecure: insecure,
@@ -31,14 +32,14 @@ func newVaultAPIImpl(address string, insecure bool) (*vaultAPIImpl, error) {
 
 	return &vaultAPIImpl{
 		client,
-		&vaultAuthAPIImpl {
+		&vaultAuthAPIImpl{
 			client,
 		},
 	}, nil
 }
 
 type vaultAPIImpl struct {
-	client *api.Client
+	client  *api.Client
 	authAPI *vaultAuthAPIImpl
 }
 
@@ -60,11 +61,11 @@ func (impl *vaultAPIImpl) AuthAPI() auth.VaultAuthAPI {
 }
 
 type vaultAuthAPIImpl struct {
-	client *api.Client	
+	client *api.Client
 }
 
 func (impl *vaultAuthAPIImpl) LoginToBackend(authPath string, credentials map[string]interface{}) (leaseDuration time.Duration, err error) {
-	resp, err := impl.client.Logical().Write(path.Clean("auth/"+ authPath +"/login"), credentials)
+	resp, err := impl.client.Logical().Write(path.Clean("auth/"+authPath+"/login"), credentials)
 	if err != nil {
 		return 0, err
 	}
@@ -89,5 +90,3 @@ func (impl *vaultAuthAPIImpl) LoginWithToken(token string) (leaseDuration time.D
 
 	return time.Duration(ttl), nil
 }
-
-

internal/app/vault_raft_snapshot_agent/vault/client.go

@@ -11,6 +11,7 @@ import (
 
 type VaultClientConfig struct {
 	Url      string `default:"http://127.0.0.1:8200" validate:"required,http_url"`
+	Timeout	 time.Duration `default:"60s"`
 	Insecure bool
 	Auth     auth.AuthConfig
 }
@@ -29,7 +30,7 @@ type VaultClient struct {
 }
 
 func CreateClient(config VaultClientConfig) (*VaultClient, error) {
-	api, err := newVaultAPIImpl(config.Url, config.Insecure)
+	api, err := newVaultAPIImpl(config.Url, config.Insecure, config.Timeout)
 	if err != nil {
 		return nil, err
 	}

testdata/complete.yaml

@@ -1,6 +1,7 @@
 vault:
   url: "https://example.com:8200"
   insecure: true
+  timeout: 5m
   auth:
     kubernetes:
       role: "test-role"