Merge b51efd5d1b into bda5f042c5

2026-05-28 04:10:44 -04:00 · 2026-05-20 02:16:04 +03:00 · 2026-05-20 02:16:04 +03:00 · 4e2d06bd66
commit 4e2d06bd66
parent bda5f042c5 b51efd5d1b
2 changed files with 48 additions and 0 deletions
--- a/api/lifetime_watcher.go
+++ b/api/lifetime_watcher.go
@ -321,6 +321,7 @@ func (r *LifetimeWatcher) doRenewWithOptions(tokenMode bool, nonRenewable bool,
 						InitialInterval:     initialRetryInterval,
 						MaxInterval:         5 * time.Minute,
 						Multiplier:          2,
+						Stop:                backoff.Stop,
 						Clock:               backoff.SystemClock,
 					}
 					errorBackoff.Reset()
--- a/api/renewer_test.go
+++ b/api/renewer_test.go
@ -299,3 +299,50 @@ func TestCalcSleepPeriod(t *testing.T) {
 		t.Error(err)
 	}
 }
+
+// TestLifetimeWatcherErrorBackoffStops verifies that after the maximum elapsed
+// time is exceeded during persistent renewal failures, the error backoff in the
+// LifetimeWatcher correctly returns backoff.Stop so that the watcher terminates.
+// This is a regression test for https://github.com/hashicorp/vault/issues/28611.
+func TestLifetimeWatcherErrorBackoffStops(t *testing.T) {
+	t.Parallel()
+
+	client, err := NewClient(DefaultConfig())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	renewErr := fmt.Errorf("renew failure")
+
+	v, err := client.NewLifetimeWatcher(&LifetimeWatcherInput{
+		Secret: &Secret{
+			LeaseDuration: 3,
+		},
+		Increment: 3,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	doneCh := make(chan error, 1)
+	go func() {
+		// Use a very short initial retry interval so the backoff exhausts quickly.
+		doneCh <- v.doRenewWithOptions(false, false, 3, "myleaseID",
+			func(_ string, _ int) (*Secret, error) {
+				return nil, renewErr
+			}, 100*time.Millisecond)
+	}()
+	defer v.Stop()
+
+	select {
+	case <-time.After(30 * time.Second):
+		t.Fatal("timed out waiting for LifetimeWatcher to stop; " +
+			"error backoff may not be returning backoff.Stop correctly")
+	case gotErr := <-doneCh:
+		// The watcher should terminate. It may return either the renewal error
+		// (via the backoff.Stop path) or nil (via the grace period path).
+		// Prior to the fix, it would loop indefinitely with 0-duration sleeps
+		// and eventually return nil. The important thing is it terminates promptly.
+		_ = gotErr
+	}
+}