From 3a57b9c2fee2aced5f263ea7e6844f444657b0c2 Mon Sep 17 00:00:00 2001
From: Mahmood Ali <mahmood@hashicorp.com>
Date: Tue, 20 Nov 2018 17:11:55 -0500
Subject: [PATCH] nil secrets as recoverable to keep renew attempts

---
 nomad/vault.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nomad/vault.go b/nomad/vault.go
index 3c2bc32eebf..cedfd056402 100644
--- a/nomad/vault.go
+++ b/nomad/vault.go
@@ -583,15 +583,15 @@ func (v *vaultClient) renew() (bool, error) {
 	// Attempt to renew the token
 	secret, err := v.auth.RenewSelf(v.tokenData.CreationTTL)
 	if err != nil {
-
 		// Check if there is a permission denied
 		recoverable := !structs.VaultUnrecoverableError.MatchString(err.Error())
 		return recoverable, fmt.Errorf("failed to renew the vault token: %v", err)
 	}
+
 	if secret == nil {
 		// It's possible for RenewSelf to return (nil, nil) if the
 		// response body from Vault is empty.
-		return fmt.Errorf("renewal failed: empty response from vault")
+		return true, fmt.Errorf("renewal failed: empty response from vault")
 	}
 
 	// these treated as transient errors, where can keep renewing