Use RetryClient in lakectl login

Use the same RetryClient type as the rest of lakeFS, only with a different
retry policy - one that retries status code 404.  This involves refactoring
getClient... so do that.

Author: arielshaqed

cmd/lakectl/cmd/fs_upload.go

@@ -58,7 +58,7 @@ var fsUploadCmd = &cobra.Command{
 			}
 		}()
 
-		s := local.NewSyncManager(ctx, client, getHTTPClient(), local.Config{
+		s := local.NewSyncManager(ctx, client, getHTTPClient(lakectlRetryPolicy), local.Config{
 			SyncFlags:           syncFlags,
 			SkipNonRegularFiles: cfg.Local.SkipNonRegularFiles,
 			IncludePerm:         false,
@@ -100,7 +100,7 @@ func upload(ctx context.Context, client apigen.ClientWithResponsesInterface, sou
 	}()
 	objectPath := apiutil.Value(destURI.Path)
 	if syncFlags.Presign {
-		return helpers.ClientUploadPreSign(ctx, client, getHTTPClient(), destURI.Repository, destURI.Ref, objectPath, nil, contentType, fp, syncFlags.PresignMultipart)
+		return helpers.ClientUploadPreSign(ctx, client, getHTTPClient(lakectlRetryPolicy), destURI.Repository, destURI.Ref, objectPath, nil, contentType, fp, syncFlags.PresignMultipart)
 	}
 	return helpers.ClientUpload(ctx, client, destURI.Repository, destURI.Ref, objectPath, nil, contentType, fp)
 }

cmd/lakectl/cmd/local_checkout.go

@@ -57,7 +57,7 @@ func localCheckout(cmd *cobra.Command, localPath string, specifiedRef string, co
 	currentBase := remote.WithRef(idx.AtHead)
 	diffs := local.Undo(localDiff(cmd.Context(), client, currentBase, idx.LocalPath()))
 	sigCtx := localHandleSyncInterrupt(cmd.Context(), idx, string(checkoutOperation))
-	syncMgr := local.NewSyncManager(sigCtx, client, getHTTPClient(), buildLocalConfig(syncFlags, cfg))
+	syncMgr := local.NewSyncManager(sigCtx, client, getHTTPClient(lakectlRetryPolicy), buildLocalConfig(syncFlags, cfg))
 	// confirm on local changes
 	if confirmByFlag && len(diffs) > 0 {
 		fmt.Println("Uncommitted changes exist, the operation will revert all changes on local directory.")

cmd/lakectl/cmd/local_clone.go

@@ -86,7 +86,7 @@ var localCloneCmd = &cobra.Command{
 		}
 		sigCtx := localHandleSyncInterrupt(ctx, idx, string(cloneOperation))
 		syncFlags := getSyncFlags(cmd, client, remote.Repository)
-		s := local.NewSyncManager(sigCtx, client, getHTTPClient(), buildLocalConfig(syncFlags, cfg))
+		s := local.NewSyncManager(sigCtx, client, getHTTPClient(lakectlRetryPolicy), buildLocalConfig(syncFlags, cfg))
 		err = s.Sync(localPath, stableRemote, ch)
 		if err != nil {
 			DieErr(err)

cmd/lakectl/cmd/local_commit.go

@@ -172,7 +172,7 @@ var localCommitCmd = &cobra.Command{
 		}
 
 		sigCtx := localHandleSyncInterrupt(cmd.Context(), idx, string(commitOperation))
-		s := local.NewSyncManager(sigCtx, client, getHTTPClient(), buildLocalConfig(syncFlags, cfg))
+		s := local.NewSyncManager(sigCtx, client, getHTTPClient(lakectlRetryPolicy), buildLocalConfig(syncFlags, cfg))
 
 		err = s.Sync(idx.LocalPath(), remote, c)
 		if err != nil {

cmd/lakectl/cmd/local_pull.go

@@ -66,7 +66,7 @@ var localPullCmd = &cobra.Command{
 			return nil
 		})
 		sigCtx := localHandleSyncInterrupt(cmd.Context(), idx, string(pullOperation))
-		s := local.NewSyncManager(sigCtx, client, getHTTPClient(), buildLocalConfig(syncFlags, cfg))
+		s := local.NewSyncManager(sigCtx, client, getHTTPClient(lakectlRetryPolicy), buildLocalConfig(syncFlags, cfg))
 
 		err = s.Sync(idx.LocalPath(), newBase, c)
 		if err != nil {

cmd/lakectl/cmd/login.go

@@ -1,13 +1,13 @@
 package cmd
 
 import (
-	"errors"
+	"context"
 	"fmt"
 	"net/http"
 	"net/url"
+	"slices"
 	"time"
 
-	"github.com/cenkalti/backoff/v4"
 	"github.com/skratchdot/open-golang/open"
 	"github.com/spf13/cobra"
 	"github.com/treeverse/lakefs/pkg/api/apigen"
@@ -28,11 +28,15 @@ type webLoginParams struct {
 }
 
 var (
-	errTryAgain                     = errors.New("HTTP request failed; retry")
-	errFailedToGetToken             = errors.New("failed to get token")
-	errFailedToGetTokenDontTryAgain = backoff.Permanent(errFailedToGetToken)
+	loginRetryStatuses = slices.Concat(lakectlDefaultRetryStatuses,
+		[]int{http.StatusNotFound},
+	)
 )
 
+func loginRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	return CheckRetry(ctx, resp, err, loginRetryStatuses)
+}
+
 var loginCmd = &cobra.Command{
 	Use:     "login",
 	Short:   "Use a web browser to log into lakeFS",
@@ -44,7 +48,7 @@ var loginCmd = &cobra.Command{
 			DieErr(fmt.Errorf("get server URL %s: %w", cfg.Server.EndpointURL, err))
 		}
 
-		client := getClient()
+		client := getClient(apigen.WithHTTPClient(getHTTPClient(loginRetryPolicy)))
 		tokenRedirect, err := client.GetTokenRedirectWithResponse(cmd.Context())
 		// TODO(ariels): Change back to http.StatusSeeOther after fixing lakeFS server!
 		DieOnErrorOrUnexpectedStatusCode(tokenRedirect, err, http.StatusOK)
@@ -64,34 +68,18 @@ var loginCmd = &cobra.Command{
 			// Keep going, user can manually use the URL.
 		}
 
-		loginToken, err := backoff.RetryWithData(
-			func() (*apigen.AuthenticationToken, error) {
-				resp, err := client.GetTokenFromMailboxWithResponse(cmd.Context(), mailbox)
-				if err != nil {
-					return nil, err
-				}
-				if resp.JSON404 != nil {
-					return nil, errTryAgain
-				}
-				if resp.JSON200 == nil {
-					return nil, errFailedToGetTokenDontTryAgain
-				}
-				return resp.JSON200, nil
-			},
-			// Initial backoff is rapid, in case user is already logged in.  Then
-			// slow down considerably so user can log in!
-			backoff.NewExponentialBackOff(backoff.WithInitialInterval(80*time.Millisecond),
-				backoff.WithMultiplier(1.5),
-				backoff.WithMaxInterval(time.Second),
-				backoff.WithMaxElapsedTime(20*time.Second),
-			),
-		)
-		if err != nil {
-			DieErr(fmt.Errorf("get login token: %w", err))
-		}
+		// client will retry; use this to wait for login.
+		//
+		// TODO(ariels): The timeouts on some lakectl configurations may be too low for
+		// convenient login.  Consider using a RetryClient based on a different
+		// configuration here..
+		resp, err := client.GetTokenFromMailboxWithResponse(cmd.Context(), mailbox)
+
+		DieOnErrorOrUnexpectedStatusCode(resp, err, http.StatusOK)
 
+		loginToken := resp.JSON200
 		if loginToken == nil {
-			Die("nil login token", 1)
+			Die("No login token", 1)
 		}
 
 		cache := getTokenCacheOnce()

cmd/lakectl/cmd/retry_client.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"regexp"
+	"slices"
 
 	"github.com/hashicorp/go-retryablehttp"
 )
@@ -18,7 +19,7 @@ var (
 	notTrustedErrorRe = regexp.MustCompile(`certificate is not trusted`)
 )
 
-func NewRetryClient(retriesCfg RetriesCfg, transport *http.Transport) *http.Client {
+func NewRetryClient(retriesCfg RetriesCfg, transport *http.Transport, checkRetry func(ctx context.Context, resp *http.Response, err error) (bool, error)) *http.Client {
 	retryClient := retryablehttp.NewClient()
 	if transport != nil {
 		retryClient.HTTPClient.Transport = transport
@@ -27,19 +28,29 @@ func NewRetryClient(retriesCfg RetriesCfg, transport *http.Transport) *http.Clie
 	retryClient.RetryMax = int(retriesCfg.MaxAttempts)
 	retryClient.RetryWaitMin = retriesCfg.MinWaitInterval
 	retryClient.RetryWaitMax = retriesCfg.MaxWaitInterval
-	retryClient.CheckRetry = lakectlRetryPolicy
+	retryClient.CheckRetry = checkRetry
 	return retryClient.StandardClient()
 }
 
-// lakectl retry policy - we retry in the following cases:
-// HTTP status 429 - too many requests
-// HTTP status 500 - internal server error - could be recoverable
-// HTTP status 503 - service unavailable
-// We retry on all client transport errors except for:
-//   - too many redirects
+// ShouldRetry checks if we should retry on this (HTTP) status.
+type ShouldRetryer []int
+
+func (s ShouldRetryer) Retry(status int) bool {
+	return slices.Contains(s, status)
+}
+
+// MakeRetryPolicy makes a retry policy.
+//
+// - It will _never_ retry on these unrecoverable errors:
+//
+//   - a context error (typically canceled or deadline exceeded);
 //   - invalid http scheme/protocol
-//   - TLS cert verification failure
-func lakectlRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error) {
+//   - TLS cert validation failure
+//
+// - Any other error is retriable.
+//
+// - When there is no error, it will retry if should says to retry this status.
+func CheckRetry(ctx context.Context, resp *http.Response, err error, should ShouldRetryer) (bool, error) {
 	// do not retry on context.Canceled or context.DeadlineExceeded
 	if ctx.Err() != nil {
 		return false, ctx.Err()
@@ -58,16 +69,29 @@ func lakectlRetryPolicy(ctx context.Context, resp *http.Response, err error) (bo
 				return false, errors.Unwrap(v)
 			}
 		}
-		// The stblib http.Client wraps the above errors in a url.Error
+		// The standard http.Client wraps the above errors in a url.Error
 		// They aren't retryable. Other errors are retryable.
 		return true, nil
 	}
 
 	// handle HTTP response status code
-	if resp.StatusCode == http.StatusTooManyRequests ||
-		resp.StatusCode == http.StatusInternalServerError ||
-		resp.StatusCode == http.StatusServiceUnavailable {
-		return true, nil
-	}
-	return false, nil
+	return should.Retry(resp.StatusCode), nil
+}
+
+// lakectl retry policy - we retry in the following cases:
+// HTTP status 429 - too many requests
+// HTTP status 500 - internal server error - could be recoverable
+// HTTP status 503 - service unavailable
+// We retry on all client transport errors except for:
+//   - too many redirects
+//   - invalid http scheme/protocol
+//   - TLS cert verification failure
+func lakectlRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error) {
+	return CheckRetry(ctx, resp, err, lakectlDefaultRetryStatuses)
+}
+
+var lakectlDefaultRetryStatuses = ShouldRetryer{
+	http.StatusTooManyRequests,
+	http.StatusInternalServerError,
+	http.StatusServiceUnavailable,
 }

cmd/lakectl/cmd/root.go

@@ -557,7 +557,7 @@ func sendStats(cmd *cobra.Command, cmdSuffix string) {
 	}
 }
 
-func getHTTPClient() *http.Client {
+func getHTTPClient(checkRetry func(ctx context.Context, resp *http.Response, err error) (bool, error)) *http.Client {
 	// Override MaxIdleConnsPerHost to allow highly concurrent access to our API client.
 	// This is done to avoid accumulating many sockets in `TIME_WAIT` status that were closed
 	// only to be immediately reopened.
@@ -571,7 +571,7 @@ func getHTTPClient() *http.Client {
 	if !cfg.Server.Retries.Enabled {
 		return &http.Client{Transport: transport}
 	}
-	return NewRetryClient(cfg.Server.Retries, transport)
+	return NewRetryClient(cfg.Server.Retries, transport, checkRetry)
 }
 
 func newAWSIAMAuthProviderConfig() (*awsiam.IAMAuthParams, error) {
@@ -610,9 +610,8 @@ func newAWSIAMAuthProviderConfig() (*awsiam.IAMAuthParams, error) {
 	return awsiam.NewIAMAuthParams(host, opts...), nil
 }
 
-func getClient() *apigen.ClientWithResponses {
-	opts := []apigen.ClientOption{}
-	httpClient := getHTTPClient()
+func getClient(opts ...apigen.ClientOption) *apigen.ClientWithResponses {
+	httpClient := getHTTPClient(lakectlRetryPolicy)
 	accessKeyID := cfg.Credentials.AccessKeyID
 	secretAccessKey := cfg.Credentials.SecretAccessKey
 	basicAuthProvider, err := securityprovider.NewSecurityProviderBasicAuth(string(accessKeyID), string(secretAccessKey))
@@ -630,7 +629,7 @@ func getClient() *apigen.ClientWithResponses {
 
 	useJWTAuth := accessKeyID == "" && secretAccessKey == ""
 	if useJWTAuth {
-		opts = getClientOptions(awsIAMparams, serverEndpoint)
+		opts = append(getClientOptions(awsIAMparams, serverEndpoint), opts...)
 	}
 
 	oss := osinfo.GetOSInfo()