Option for retry-base-delay

[yoricksijsling]

Makes the base delay for the vault exponential backoff reconnection
strategy configurable, as requested in #11.

[yoricksijsling]

Difference in delays can be seen when comparing the following (different values for --retry-base-delay result in different real times):

yorick@devm0:~/channable/vaultenv$ time stack exec vaultenv -- --token ABC --secrets-file ~/channable/warpmachine/package/config/warpmachine.secrets --retry-base-delay 10 env
[ERROR] ServerUnreachable error: HttpExceptionRequest Request {
  host                 = "localhost"
  port                 = 8200
  secure               = True
  requestHeaders       = [("x-vault-token","ABC")]
  path                 = "/v1/secret/warpmachine/jwt"
  queryString          = ""
  method               = "GET"
  proxy                = Nothing
  rawBody              = False
  redirectCount        = 10
  responseTimeout      = ResponseTimeoutDefault
  requestVersion       = HTTP/1.1
}
 (InternalException (HostCannotConnect "localhost" [Network.Socket.connect: <socket: 38>: does not exist (Connection refused)]))

real	0m4.298s
user	0m0.164s
sys	0m0.060s
yorick@devm0:~/channable/vaultenv$ time stack exec vaultenv -- --token ABC --secrets-file ~/channable/warpmachine/package/config/warpmachine.secrets --retry-base-delay 100 env
[ERROR] ServerUnreachable error: HttpExceptionRequest Request {
  host                 = "localhost"
  port                 = 8200
  secure               = True
  requestHeaders       = [("x-vault-token","ABC")]
  path                 = "/v1/secret/warpmachine/jwt"
  queryString          = ""
  method               = "GET"
  proxy                = Nothing
  rawBody              = False
  redirectCount        = 10
  responseTimeout      = ResponseTimeoutDefault
  requestVersion       = HTTP/1.1
}
 (InternalException (HostCannotConnect "localhost" [Network.Socket.connect: <socket: 38>: does not exist (Connection refused)]))

real	0m28.652s
user	0m0.228s
sys	0m0.144s

[ruuda]

It would be a good idea to also put the time unit in the flag: somebody who encounters

vaultenv --retry-base-delay 100 --token ABC --secrets-file ~/channable/warpmachine/package/config/warpmachine.secrets  env

in a shell script or systemd unit file, has no clue whether those are 100 seconds, milliseconds, nanoseconds, or Martian days.

vaultenv --retry-base-delay-milliseconds 100 --token ABC --secrets-file ~/channable/warpmachine/package/config/warpmachine.secrets  env

on the other hand is self-documenting and leaves no room for ambiguity.

[NunoAlexandre]

I agree with @ruuda. I deeply dislike having no certainty about the units of values I have to pass to a program.

[yoricksijsling]

Agreed! I'll do that

[duijf]

Looks good in general! 👍 I have one request and a question (which increases the scope of the PR -- feel free to ignore if you want)

[duijf]

Could you also update the usage section in the README with the changed output? (Some other options might also be missing)

[duijf]

While we're at it, we can maybe also make maxRetries configurable?

[yoricksijsling]

Changed the requested @duijf

[fatho]

Just out of curiosity, how did we reach the conclusion that 40ms is the right base delay based on the fact that 50 secrets take 200 ms?

[duijf]

I remember deciding this with @ruuda, but I don't know how we came to that number anymore and I can't seem to find the old discussion. (Maybe Ruud knows more details)

I remember it being a bit hand-wavy: "this normally takes 200ms to fetch 50 secrets, so if we wait a bit we can hopefully keep this reasonably snappy without running out of retry options or overloading Vault". (Our internal tooling had around that number of secrets at the time).

[duijf]

If you have a better way to think up a number, we can reconsider! 😄

[duijf]

Thanks for the changes! Looks good