Add retries for transient error code

duytiennguyen-okta · duytiennguyen-okta · commit 1e624f99bd37 · 2025-09-25T14:23:53.000-04:00
Signed-off-by: Tien Nguyen &lt;duytien.nguyen@okta.com&gt;
diff --git a/.generator/config.yaml b/.generator/config.yaml
@@ -22,6 +22,7 @@ files:
   api_user_test.go: {}
   cache_test.go: {}
   cache.go: {}
+  client_test.go: {}
   configuration_test.go: {}
   gocache.go: {}
   main_test.go: {}
diff --git a/.generator/templates/client.mustache b/.generator/templates/client.mustache
@@ -26,6 +26,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"regexp"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -1204,13 +1205,16 @@ func (c *APIClient) doWithRetries(ctx context.Context, req *http.Request) (*http
 			// this is error is considered to be permanent and should not be retried
 			return backoff.Permanent(err)
 		}
-		if !tooManyRequests(resp) {
+		if !shouldRetryRequests(resp) {
 			return nil
 		}
-		if err = tryDrainBody(resp.Body); err != nil {
-			return err
+		// tryDrainBody except the last one
+		if bOff.maxRetries != bOff.retryCount {
+			if err = tryDrainBody(resp.Body); err != nil {
+				return err
+			}
 		}
-		backoffDuration, err := Get429BackoffTime(resp)
+		backoffDuration, err := GetBackoffTime(resp, c.cfg)
 		if err != nil {
 			return err
 		}
@@ -1221,7 +1225,7 @@ func (c *APIClient) doWithRetries(ctx context.Context, req *http.Request) (*http
 		bOff.retryCount++
 		req.Header.Add("X-Okta-Retry-For", resp.Header.Get("X-Okta-Request-Id"))
 		req.Header.Add("X-Okta-Retry-Count", fmt.Sprint(bOff.retryCount))
-		return errors.New("too many requests")
+		return fmt.Errorf("unexpected status code %v, giving up after %v retries", resp.StatusCode, bOff.maxRetries)
 	}
 	err = backoff.Retry(operation, bOff)
 	return resp, err
@@ -1410,28 +1414,53 @@ func (o *oktaBackoff) Context() context.Context {
 	return o.ctx
 }
 
-func tooManyRequests(resp *http.Response) bool {
-	return resp != nil && resp.StatusCode == http.StatusTooManyRequests
+var retryStatusCodes = []int{
+	http.StatusTooManyRequests,
+	http.StatusInternalServerError,
+	http.StatusBadGateway,
+	http.StatusServiceUnavailable,
+	http.StatusGatewayTimeout,
 }
 
+var defaultBackOffTimeInSeconds int64 = 30
+
+func shouldRetryRequests(resp *http.Response) bool {
+	if resp == nil {
+		return false
+	}
+	return slices.Contains(retryStatusCodes, resp.StatusCode)
+}
 func tryDrainBody(body io.ReadCloser) error {
 	defer body.Close()
 	_, err := io.Copy(ioutil.Discard, io.LimitReader(body, 4096))
 	return err
 }
 
-func Get429BackoffTime(resp *http.Response) (int64, error) {
-	requestDate, err := time.Parse("Mon, 02 Jan 2006 15:04:05 GMT", resp.Header.Get("Date"))
-	if err != nil {
-		// this is error is considered to be permanent and should not be retried
-		return 0, backoff.Permanent(fmt.Errorf("date header is missing or invalid: %w", err))
-	}
-	rateLimitReset, err := strconv.Atoi(resp.Header.Get("X-Rate-Limit-Reset"))
-	if err != nil {
-		// this is error is considered to be permanent and should not be retried
-		return 0, backoff.Permanent(fmt.Errorf("X-Rate-Limit-Reset header is missing or invalid: %w", err))
+func GetBackoffTime(resp *http.Response, config *Configuration) (int64, error) {
+	var backoffTimeInSeconds int64
+	var backoffErr error
+	switch resp.StatusCode {
+	case http.StatusTooManyRequests:
+		requestDate, err := time.Parse("Mon, 02 Jan 2006 15:04:05 GMT", resp.Header.Get("Date"))
+		if err != nil {
+			// this is error is considered to be permanent and should not be retried
+			backoffTimeInSeconds = 0
+			backoffErr = backoff.Permanent(fmt.Errorf("date header is missing or invalid: %w", err))
+		}
+		rateLimitReset, err := strconv.Atoi(resp.Header.Get("X-Rate-Limit-Reset"))
+		if err != nil {
+			// this is error is considered to be permanent and should not be retried
+			backoffTimeInSeconds = 0
+			backoffErr = backoff.Permanent(fmt.Errorf("X-Rate-Limit-Reset header is missing or invalid: %w", err))
+		}
+		backoffTimeInSeconds = int64(rateLimitReset) - requestDate.Unix() + 1
+	default:
+		backoffTimeInSeconds = config.Okta.Client.RateLimit.MaxBackoff
+		if backoffTimeInSeconds == 0 {
+			backoffTimeInSeconds = defaultBackOffTimeInSeconds
+		}
 	}
-	return int64(rateLimitReset) - requestDate.Unix() + 1, nil
+	return backoffTimeInSeconds, backoffErr
 }
 
 type ClientAssertionClaims struct {
@@ -1543,7 +1572,7 @@ func (c *APIClient) parseLimitHeaders(resp *http.Response) (*RateLimit, error) {
 	if err != nil {
 		return nil, err
 	}
-	reset, err := Get429BackoffTime(resp)
+	reset, err := GetBackoffTime(resp, c.cfg)
 	if err != nil {
 		return nil, err
 	}
diff --git a/.generator/templates/client_test.go b/.generator/templates/client_test.go
@@ -0,0 +1,64 @@
+package okta
+
+import (
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+)
+
+type mockRoundTripper struct {
+	Responses []http.Response
+	CallCount int
+}
+
+func (m *mockRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	// simulate responses for each call
+	if m.CallCount < len(m.Responses) {
+		resp := m.Responses[m.CallCount]
+		m.CallCount++
+		return &resp, nil
+	}
+	return &http.Response{StatusCode: http.StatusInternalServerError}, nil
+}
+
+func TestCreateRetryableHTTPClient_RetryOn500(t *testing.T) {
+	bodyString := "this is a test body"
+	body := io.NopCloser(strings.NewReader(bodyString))
+	mockResponses := []http.Response{
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500, Body: body}, // should retry
+	}
+
+	mockTransport := &mockRoundTripper{Responses: mockResponses}
+
+	// base client with the mock transport
+	baseClient := &http.Client{
+		Transport: mockTransport,
+		Timeout:   10 * time.Second,
+	}
+
+	configuration, err := NewConfiguration(WithAuthorizationMode("Bearer"), WithHttpClientPtr(baseClient), WithRateLimitMaxBackOff(1), WithRateLimitMaxRetries(4))
+	require.NoError(t, err, "Creating a new config should not error")
+	client := NewAPIClient(configuration)
+
+	req, err := http.NewRequest("GET", "http://foo.com", nil)
+	require.NoError(t, err)
+
+	resp, err := client.doWithRetries(client.cfg.Context, req)
+
+	require.Error(t, err)
+	require.Equal(t, "unexpected status code 500, giving up after 4 retries", err.Error())
+	require.True(t, resp != nil)
+	require.Equal(t, resp.StatusCode, 500)
+	message, err := io.ReadAll(resp.Body)
+	require.NoError(t, err)
+	require.Equal(t, bodyString, string(message))
+	require.Equal(t, 5, mockTransport.CallCount)
+}
diff --git a/okta/client.go b/okta/client.go
@@ -48,6 +48,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"regexp"
+	"slices"
 	"strconv"
 	"strings"
 	"sync"
@@ -1392,13 +1393,16 @@ func (c *APIClient) doWithRetries(ctx context.Context, req *http.Request) (*http
 			// this is error is considered to be permanent and should not be retried
 			return backoff.Permanent(err)
 		}
-		if !tooManyRequests(resp) {
+		if !shouldRetryRequests(resp) {
 			return nil
 		}
-		if err = tryDrainBody(resp.Body); err != nil {
-			return err
+		// tryDrainBody except the last one
+		if bOff.maxRetries != bOff.retryCount {
+			if err = tryDrainBody(resp.Body); err != nil {
+				return err
+			}
 		}
-		backoffDuration, err := Get429BackoffTime(resp)
+		backoffDuration, err := GetBackoffTime(resp, c.cfg)
 		if err != nil {
 			return err
 		}
@@ -1409,7 +1413,7 @@ func (c *APIClient) doWithRetries(ctx context.Context, req *http.Request) (*http
 		bOff.retryCount++
 		req.Header.Add("X-Okta-Retry-For", resp.Header.Get("X-Okta-Request-Id"))
 		req.Header.Add("X-Okta-Retry-Count", fmt.Sprint(bOff.retryCount))
-		return errors.New("too many requests")
+		return fmt.Errorf("unexpected status code %v, giving up after %v retries", resp.StatusCode, bOff.maxRetries)
 	}
 	err = backoff.Retry(operation, bOff)
 	return resp, err
@@ -1598,8 +1602,21 @@ func (o *oktaBackoff) Context() context.Context {
 	return o.ctx
 }
 
-func tooManyRequests(resp *http.Response) bool {
-	return resp != nil && resp.StatusCode == http.StatusTooManyRequests
+var retryStatusCodes = []int{
+	http.StatusTooManyRequests,
+	http.StatusInternalServerError,
+	http.StatusBadGateway,
+	http.StatusServiceUnavailable,
+	http.StatusGatewayTimeout,
+}
+
+var defaultBackOffTimeInSeconds int64 = 30
+
+func shouldRetryRequests(resp *http.Response) bool {
+	if resp == nil {
+		return false
+	}
+	return slices.Contains(retryStatusCodes, resp.StatusCode)
 }
 
 func tryDrainBody(body io.ReadCloser) error {
@@ -1608,18 +1625,31 @@ func tryDrainBody(body io.ReadCloser) error {
 	return err
 }
 
-func Get429BackoffTime(resp *http.Response) (int64, error) {
-	requestDate, err := time.Parse("Mon, 02 Jan 2006 15:04:05 GMT", resp.Header.Get("Date"))
-	if err != nil {
-		// this is error is considered to be permanent and should not be retried
-		return 0, backoff.Permanent(fmt.Errorf("date header is missing or invalid: %w", err))
-	}
-	rateLimitReset, err := strconv.Atoi(resp.Header.Get("X-Rate-Limit-Reset"))
-	if err != nil {
-		// this is error is considered to be permanent and should not be retried
-		return 0, backoff.Permanent(fmt.Errorf("X-Rate-Limit-Reset header is missing or invalid: %w", err))
+func GetBackoffTime(resp *http.Response, config *Configuration) (int64, error) {
+	var backoffTimeInSeconds int64
+	var backoffErr error
+	switch resp.StatusCode {
+	case http.StatusTooManyRequests:
+		requestDate, err := time.Parse("Mon, 02 Jan 2006 15:04:05 GMT", resp.Header.Get("Date"))
+		if err != nil {
+			// this is error is considered to be permanent and should not be retried
+			backoffTimeInSeconds = 0
+			backoffErr = backoff.Permanent(fmt.Errorf("date header is missing or invalid: %w", err))
+		}
+		rateLimitReset, err := strconv.Atoi(resp.Header.Get("X-Rate-Limit-Reset"))
+		if err != nil {
+			// this is error is considered to be permanent and should not be retried
+			backoffTimeInSeconds = 0
+			backoffErr = backoff.Permanent(fmt.Errorf("X-Rate-Limit-Reset header is missing or invalid: %w", err))
+		}
+		backoffTimeInSeconds = int64(rateLimitReset) - requestDate.Unix() + 1
+	default:
+		backoffTimeInSeconds = config.Okta.Client.RateLimit.MaxBackoff
+		if backoffTimeInSeconds == 0 {
+			backoffTimeInSeconds = defaultBackOffTimeInSeconds
+		}
 	}
-	return int64(rateLimitReset) - requestDate.Unix() + 1, nil
+	return backoffTimeInSeconds, backoffErr
 }
 
 type ClientAssertionClaims struct {
@@ -1731,7 +1761,7 @@ func (c *APIClient) parseLimitHeaders(resp *http.Response) (*RateLimit, error) {
 	if err != nil {
 		return nil, err
 	}
-	reset, err := Get429BackoffTime(resp)
+	reset, err := GetBackoffTime(resp, c.cfg)
 	if err != nil {
 		return nil, err
 	}
diff --git a/okta/client_test.go b/okta/client_test.go
@@ -0,0 +1,64 @@
+package okta
+
+import (
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+)
+
+type mockRoundTripper struct {
+	Responses []http.Response
+	CallCount int
+}
+
+func (m *mockRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	// simulate responses for each call
+	if m.CallCount < len(m.Responses) {
+		resp := m.Responses[m.CallCount]
+		m.CallCount++
+		return &resp, nil
+	}
+	return &http.Response{StatusCode: http.StatusInternalServerError}, nil
+}
+
+func TestCreateRetryableHTTPClient_RetryOn500(t *testing.T) {
+	bodyString := "this is a test body"
+	body := io.NopCloser(strings.NewReader(bodyString))
+	mockResponses := []http.Response{
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500},             // should retry
+		{StatusCode: 500, Body: body}, // should retry
+	}
+
+	mockTransport := &mockRoundTripper{Responses: mockResponses}
+
+	// base client with the mock transport
+	baseClient := &http.Client{
+		Transport: mockTransport,
+		Timeout:   10 * time.Second,
+	}
+
+	configuration, err := NewConfiguration(WithAuthorizationMode("Bearer"), WithHttpClientPtr(baseClient), WithRateLimitMaxBackOff(1), WithRateLimitMaxRetries(4))
+	require.NoError(t, err, "Creating a new config should not error")
+	client := NewAPIClient(configuration)
+
+	req, err := http.NewRequest("GET", "http://foo.com", nil)
+	require.NoError(t, err)
+
+	resp, err := client.doWithRetries(client.cfg.Context, req)
+
+	require.Error(t, err)
+	require.Equal(t, "unexpected status code 500, giving up after 4 retries", err.Error())
+	require.True(t, resp != nil)
+	require.Equal(t, resp.StatusCode, 500)
+	message, err := io.ReadAll(resp.Body)
+	require.NoError(t, err)
+	require.Equal(t, bodyString, string(message))
+	require.Equal(t, 5, mockTransport.CallCount)
+}
