Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeycloakAuthzClient should have a reasonable default upper limit wait time for exponential backoff #55

Open
xuz10 opened this issue Jan 6, 2022 · 1 comment
Open

KeycloakAuthzClient should have a reasonable default upper limit wait time for exponential backoff #55

xuz10 opened this issue Jan 6, 2022 · 1 comment

Comments

@xuz10
Copy link

xuz10 commented Jan 6, 2022
edited
Loading

In KeycloakAuthzClient, the default try policy for http error is max 20 times, for 1st attempt wait 100ms, for following attempts double wait time of previous one.
With this setting at 20th attempt client will wait 2^19 *100 ms = 14.56h before retrying.

We've got a system once had a DNS issue to keycloak server. When the DNS issue was resolved, the client was stuck at19th retry. And client could not recover without waiting another 7 hours.

It is true that KeycloakAuthzClientBuild has offered method to override default http retry configs, but the option is not viable to be configured via EventStreamClientFactory via PravegaKeycloakCredentials.

There should be a reasonable default upper limit wait time set in KeycloakAuthzClient itself to limit it to minutes maximum.
@xinglan500
Copy link

Looking forward a fast improvement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xinglan500 @xuz10