buiding a new body for conflict reponses (#1068)

It adds retries updating the body for Rekor writing requests when the response has 409 code. It means that the body has conflict, then we should create a new/different body for the request. Signed-off-by: Javan lacerda <javanlacerda@google.com>
sigstore · Apr 25, 2024 · d943cc2 · d943cc2
1 parent 98b53b0
commit d943cc2
Showing 1 changed file with 30 additions and 18 deletions.
diff --git a/cmd/prober/write.go b/cmd/prober/write.go
@@ -139,36 +139,48 @@ func fulcioWriteEndpoint(ctx context.Context, priv *ecdsa.PrivateKey) (*x509.Cer
 	return cert[0], nil
 }
 
-// rekorWriteEndpoint tests the write endpoint for rekor, which is
-// /api/v1/log/entries and adds an entry to the log
-// if a certificate is provided, the Rekor entry will contain that certificate,
-// otherwise the provided key is used
-func rekorWriteEndpoint(ctx context.Context, cert *x509.Certificate, priv *ecdsa.PrivateKey) error {
-	verified := "false"
-	endpoint := rekorEndpoint
-	hostPath := rekorURL + endpoint
-	defer func() {
-		verificationCounter.With(prometheus.Labels{verifiedLabel: verified}).Inc()
-	}()
-
+func makeRekorRequest(cert *x509.Certificate, priv *ecdsa.PrivateKey, hostPath string) (*http.Response, int64, error) {
 	body, err := rekorEntryRequest(cert, priv)
 	if err != nil {
-		return fmt.Errorf("rekor entry: %w", err)
+		return nil, -1, fmt.Errorf("rekor entry: %w", err)
 	}
 	req, err := retryablehttp.NewRequest(http.MethodPost, hostPath, bytes.NewBuffer(body))
 	if err != nil {
-		return fmt.Errorf("new request: %w", err)
+		return nil, -1, fmt.Errorf("new request: %w", err)
 	}
-
 	setHeaders(req, "")
 
 	t := time.Now()
 	resp, err := retryableClient.Do(req)
 	latency := time.Since(t).Milliseconds()
-	if err != nil {
-		return fmt.Errorf("error adding entry: %w", err)
+	return resp, latency, err
+}
+
+// rekorWriteEndpoint tests the write endpoint for rekor, which is
+// /api/v1/log/entries and adds an entry to the log
+// if a certificate is provided, the Rekor entry will contain that certificate,
+// otherwise the provided key is used
+func rekorWriteEndpoint(ctx context.Context, cert *x509.Certificate, priv *ecdsa.PrivateKey) error {
+	verified := "false"
+	endpoint := rekorEndpoint
+	hostPath := rekorURL + endpoint
+	defer func() {
+		verificationCounter.With(prometheus.Labels{verifiedLabel: verified}).Inc()
+	}()
+	var resp *http.Response
+	var latency int64
+	var err error
+	// A new body should be created when it is conflicted
+	for i := 1; i < 10; i++ {
+		resp, latency, err = makeRekorRequest(cert, priv, hostPath)
+		if err != nil {
+			return fmt.Errorf("error adding entry: %w", err)
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusConflict {
+			break
+		}
 	}
-	defer resp.Body.Close()
 	exportDataToPrometheus(resp, rekorURL, endpoint, POST, latency)
 
 	if resp.StatusCode != http.StatusCreated {