uc-cdis · Avantol13 · Apr 28, 2023 · Mar 22, 2023 · Mar 22, 2023 · Apr 26, 2023
diff --git a/fence/config-default.yaml b/fence/config-default.yaml
@@ -480,6 +480,10 @@ PRIVACY_POLICY_URL: null
 # In the absence of this OVERRIDE prefixed config, the legacy NGINX_RATE_LIMIT from the k8s deployment yaml is applied
 OVERRIDE_NGINX_RATE_LIMIT: 18
 
+# This is the maximum numbers of retries when exponentially backing off against an
+# error from an external API.
+DEFAULT_BACKOFF_SETTINGS_MAX_TRIES: 3
+
 # //////////////////////////////////////////////////////////////////////////////////////
 # SUPPORT INFO
 # //////////////////////////////////////////////////////////////////////////////////////

diff --git a/fence/resources/google/access_utils.py b/fence/resources/google/access_utils.py
@@ -2,12 +2,12 @@
 Utilities for determine access and validity for service account
 registration.
 """
+import backoff
 import time
 import flask
 from urllib.parse import unquote
 
 from cirrus.google_cloud.iam import GooglePolicyMember
-
 from cirrus.google_cloud.errors import GoogleAPIError
 from cirrus.google_cloud.iam import GooglePolicy
 from cirrus import GoogleCloudManager
@@ -32,7 +32,7 @@
     get_monitoring_service_account_email,
     is_google_managed_service_account,
 )
-from fence.utils import get_valid_expiration_from_request
+from fence.utils import get_valid_expiration_from_request, DEFAULT_BACKOFF_SETTINGS
 
 logger = get_logger(__name__)
 
@@ -77,6 +77,21 @@ def bulk_update_google_groups(google_bulk_mapping):
                 gcm.remove_member_from_group(member_email, group)
 
 
+@backoff.on_exception(backoff.expo, Exception, **DEFAULT_BACKOFF_SETTINGS)
+def _get_members_from_google_group(gcm, group):
+    return gcm.get_group_members(group)
+
+
+@backoff.on_exception(backoff.expo, Exception, **DEFAULT_BACKOFF_SETTINGS)
+def _add_member_to_google_group(gcm, add_member_to_group, group):
+    gcm.add_member_to_group(member_email, group)
+
+
+@backoff.on_exception(backoff.expo, Exception, **DEFAULT_BACKOFF_SETTINGS)
+def _remove_member_to_google_group(gcm, add_member_to_group, group):
+    gcm.remove_member_from_group(member_email, group)
+
+
 def get_google_project_number(google_project_id, google_cloud_manager):
     """
     Return a project's "projectNumber" which uniquely identifies it.
@@ -716,7 +731,6 @@ def _revoke_user_service_account_from_google(
                     if not g_manager.remove_member_from_group(
                         member_email=service_account.email, group_id=access_group.email
                     ):
-
                         logger.debug(
                             "Removed {} from google group {}".format(
                                 service_account.email, access_group.email

diff --git a/fence/utils.py b/fence/utils.py
@@ -421,6 +421,6 @@ def get_from_cache(item_id, memory_cache, db_cache_table, db_cache_table_id_fiel
 DEFAULT_BACKOFF_SETTINGS = {
     "on_backoff": log_backoff_retry,
     "on_giveup": log_backoff_giveup,
-    "max_tries": 3,
+    "max_tries": config["DEFAULT_BACKOFF_SETTINGS_MAX_TRIES"],
     "giveup": exception_do_not_retry,
 }