Merge pull request #19 from mittwald/fix/certificate-and-token-renew

Renew both the certificate and token at once
mittwald · Oct 7, 2022 · 9813995 · 9813995
2 parents 991c97a + a5f3411
commit 9813995
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 13 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -32,7 +32,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.15
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3
         with:
           version: v1.45.2
diff --git a/client.go b/client.go
@@ -122,25 +122,31 @@ func (c *Client) Request(method string, path []string, body, response interface{
 	}
 
 	resp, err := c.RawRequest(r)
-	if resp != nil && resp.StatusCode == http.StatusForbidden && c.auth != nil && !opts.SkipRenewal {
-		_ = resp.Body.Close()
+	isTokenExpiredErr := resp != nil && resp.StatusCode == http.StatusForbidden && c.auth != nil
+	isCertExpiredErr := err != nil && errors.As(err, &x509.UnknownAuthorityError{})
+	if (isTokenExpiredErr || isCertExpiredErr) && !opts.SkipRenewal {
+		if resp != nil {
+			_ = resp.Body.Close()
+		}
 
-		err = c.renewToken()
-		if err != nil {
-			return errors.Wrap(err, "token renew after request returned 403 failed")
+		if c.tlsConf != nil {
+			reloadErr := c.reloadTLSConfig()
+			if reloadErr != nil {
+				return errors.Wrapf(reloadErr, "tlsconfig reload failed after request failed with %q", err.Error())
+			}
+		}
+
+		if c.auth != nil {
+			tokenErr := c.renewToken()
+			if tokenErr != nil {
+				return errors.Wrap(tokenErr, "token renew after request returned 403 failed")
+			}
 		}
 
 		// We have to build a new request, the new token has to be set in that one
 		// Renewal has to be skipped to make sure we never renew in a loop.
 		opts.SkipRenewal = true
 		return c.Request(method, path, body, response, opts)
-	} else if err != nil && errors.As(err, &x509.UnknownAuthorityError{}) && !opts.SkipRenewal {
-		reloadErr := c.reloadTLSConfig()
-		if reloadErr != nil {
-			return errors.Wrapf(reloadErr, "tlsconfig reload failed after request failed with %q", err.Error())
-		}
-		opts.SkipRenewal = true
-		return c.Request(method, path, body, response, opts)
 	} else if err != nil {
 		return errors.Wrap(err, "request failed")
 	}