feat: add retry support on google SDK client requested in discussion #442

refactor: use a simplest http retry library

Author: christiangda

.vscode/settings.json

@@ -43,6 +43,7 @@
     "grpr",
     "hashcode",
     "hashicorp",
+    "httpretrier",
     "idpid",
     "idpscim",
     "idpscimcli",

cmd/idpscimcli/cmd/aws.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"log/slog"
 	"net/http"
+	"time"
 
+	"github.com/p2p-b2b/httpretrier"
 	"github.com/slashdevops/idp-scim-sync/internal/version"
 	"github.com/slashdevops/idp-scim-sync/pkg/aws"
 	"github.com/spf13/cobra"
@@ -90,17 +92,13 @@ func runAWSServiceConfig(_ *cobra.Command, _ []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), reqTimeout)
 	defer cancel()
 
-	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
-	httpTransport.MaxIdleConns = 100
-	httpTransport.MaxConnsPerHost = 100
-	httpTransport.MaxIdleConnsPerHost = 100
-
-	httpClient := &http.Client{
-		Transport: httpTransport,
-		Timeout:   maxTimeout,
-	}
+	httpRetryClient := httpretrier.NewClient(
+		3, // Max Retries
+		httpretrier.ExponentialBackoff(10*time.Millisecond, 100*time.Millisecond),
+		nil, // Use http.DefaultTransport
+	)
 
-	awsSCIMService, err := aws.NewSCIMService(httpClient, cfg.AWSSCIMEndpoint, cfg.AWSSCIMAccessToken)
+	awsSCIMService, err := aws.NewSCIMService(httpRetryClient, cfg.AWSSCIMEndpoint, cfg.AWSSCIMAccessToken)
 	if err != nil {
 		slog.Error("error creating SCIM service", "error", err.Error())
 		return err

cmd/idpscimcli/cmd/gws.go

@@ -2,10 +2,14 @@ package cmd
 
 import (
 	"context"
+	"fmt"
 	"log/slog"
 	"os"
+	"time"
 
+	"github.com/p2p-b2b/httpretrier"
 	"github.com/slashdevops/idp-scim-sync/internal/config"
+	"github.com/slashdevops/idp-scim-sync/internal/version"
 	"github.com/slashdevops/idp-scim-sync/pkg/google"
 	"github.com/spf13/cobra"
 	admin "google.golang.org/api/admin/directory/v1"
@@ -122,7 +126,21 @@ func getGWSDirectoryService(ctx context.Context) *google.DirectoryService {
 		"https://www.googleapis.com/auth/admin.directory.user.readonly",
 	}
 
-	gService, err := google.NewService(ctx, cfg.GWSUserEmail, gCreds, gScopes...)
+	httpRetryClient := httpretrier.NewClient(
+		3, // Max Retries
+		httpretrier.ExponentialBackoff(10*time.Millisecond, 100*time.Millisecond),
+		nil, // Use http.DefaultTransport
+	)
+
+	gServiceConfig := google.DirectoryServiceConfig{
+		UserEmail:      cfg.GWSUserEmail,
+		ServiceAccount: gCreds,
+		Scopes:         gScopes,
+		Client:         httpRetryClient,
+		UserAgent:      fmt.Sprintf("idp-scim-sync/%s", version.Version),
+	}
+
+	gService, err := google.NewService(ctx, gServiceConfig)
 	if err != nil {
 		slog.Error("error creating service", "error", err)
 		os.Exit(1)

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.88.1
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.39.4
 	github.com/google/go-cmp v0.7.0
-	github.com/hashicorp/go-retryablehttp v0.7.8
+	github.com/p2p-b2b/httpretrier v0.0.3
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.10.1
 	github.com/spf13/viper v1.21.0
@@ -50,7 +50,6 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
 	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect

go.sum

@@ -47,8 +47,6 @@ github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
@@ -74,22 +72,14 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU
 github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
 github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
 github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
-github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/p2p-b2b/httpretrier v0.0.3 h1:6Udp+5zuzgBZ6Hu5Es4/dKWHv8pzRSvXCHXRjYJTgNU=
+github.com/p2p-b2b/httpretrier v0.0.3/go.mod h1:J/aV00SornLs70X/DY3B4IPkDjICynXLfA/TWpAlErw=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

internal/setup/setup.go

@@ -11,7 +11,7 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
-	"github.com/hashicorp/go-retryablehttp"
+	"github.com/p2p-b2b/httpretrier"
 	"github.com/pkg/errors"
 	"github.com/slashdevops/idp-scim-sync/internal/config"
 	"github.com/slashdevops/idp-scim-sync/internal/core"
@@ -216,8 +216,24 @@ func SyncService(ctx context.Context, cfg *config.Config) (*core.SyncService, er
 		gwsServiceAccountContent = gwsServiceAccount
 	}
 
+	httpRetryClient := httpretrier.NewClient(
+		3, // Max Retries
+		httpretrier.ExponentialBackoff(10*time.Millisecond, 100*time.Millisecond),
+		nil, // Use http.DefaultTransport
+	)
+
+	userAgent := fmt.Sprintf("idp-scim-sync/%s", version.Version)
+
+	gServiceConfig := google.DirectoryServiceConfig{
+		UserEmail:      cfg.GWSUserEmail,
+		ServiceAccount: gwsServiceAccountContent,
+		Scopes:         cfg.GWSServiceAccountScopes,
+		UserAgent:      userAgent,
+		Client:         httpRetryClient,
+	}
+
 	// Google Client Service
-	gwsService, err := google.NewService(ctx, cfg.GWSUserEmail, gwsServiceAccountContent, cfg.GWSServiceAccountScopes...)
+	gwsService, err := google.NewService(ctx, gServiceConfig)
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot create google service")
 	}
@@ -234,26 +250,12 @@ func SyncService(ctx context.Context, cfg *config.Config) (*core.SyncService, er
 		return nil, errors.Wrap(err, "cannot create identity provider service")
 	}
 
-	// httpClient
-	retryClient := retryablehttp.NewClient()
-	retryClient.RetryMax = 10
-	retryClient.RetryWaitMin = time.Millisecond * 100
-
-	// set the logger only in debug mode
-	if cfg.Debug {
-		retryClient.Logger = slog.Default()
-	} else {
-		retryClient.Logger = nil
-	}
-
-	httpClient := retryClient.StandardClient()
-
 	// AWS SCIM Service
-	awsSCIM, err := aws.NewSCIMService(httpClient, cfg.AWSSCIMEndpoint, cfg.AWSSCIMAccessToken)
+	awsSCIM, err := aws.NewSCIMService(httpRetryClient, cfg.AWSSCIMEndpoint, cfg.AWSSCIMAccessToken)
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot create aws scim service")
 	}
-	awsSCIM.UserAgent = fmt.Sprintf("idp-scim-sync/%s", version.Version)
+	awsSCIM.UserAgent = userAgent
 
 	scimService, err := scim.NewProvider(awsSCIM)
 	if err != nil {

pkg/google/google.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log/slog"
+	"net/http"
 
 	"golang.org/x/oauth2/google"
 	admin "google.golang.org/api/admin/directory/v1"
@@ -36,36 +37,74 @@ var (
 
 	// ErrGroupIDNil is returned when the group ID is nil.
 	ErrGroupIDNil = fmt.Errorf("google: group id is required")
+
+	// ErrServiceAccountNil is returned when the service account credentials are nil.
+	ErrServiceAccountNil = fmt.Errorf("google: service account credentials are required")
+
+	// ErrUserAgentNil is returned when the user agent is nil.
+	ErrUserAgentNil = fmt.Errorf("google: user agent is required")
+
+	// ErrGoogleClientNil is returned when the google client is nil.
+	ErrGoogleClientNil = fmt.Errorf("google: google client is required")
 )
 
 // DirectoryService represent the  Google Directory API client.
 type DirectoryService struct {
 	svc *admin.Service
 }
 
+type DirectoryServiceConfig struct {
+	Client         *http.Client
+	UserEmail      string
+	ServiceAccount []byte
+	Scopes         []string
+	UserAgent      string
+}
+
 // NewService create a Google Directory Service.
 // References:
 // - https://pkg.go.dev/google.golang.org/api/admin/directory/v1
 // Examples of scope:
 // - "https://www.googleapis.com/auth/admin.directory.group.readonly"
 // - "https://www.googleapis.com/auth/admin.directory.group.member.readonly"
 // - "https://www.googleapis.com/auth/admin.directory.user.readonly"
-func NewService(ctx context.Context, userEmail string, serviceAccount []byte, scope ...string) (*admin.Service, error) {
-	if len(scope) == 0 {
+func NewService(ctx context.Context, config DirectoryServiceConfig) (*admin.Service, error) {
+	if config.Client == nil {
+		return nil, ErrGoogleClientNil
+	}
+
+	if config.UserEmail == "" {
+		return nil, ErrUserIDNil
+	}
+
+	if config.ServiceAccount == nil {
+		return nil, ErrServiceAccountNil
+	}
+
+	if len(config.Scopes) == 0 {
 		return nil, ErrGoogleClientScopeNil
 	}
 
-	creds, err := google.CredentialsFromJSONWithParams(ctx, serviceAccount, google.CredentialsParams{
-		Scopes:  scope,
-		Subject: userEmail,
+	if config.UserAgent == "" {
+		return nil, ErrUserAgentNil
+	}
+
+	creds, err := google.CredentialsFromJSONWithParams(ctx, config.ServiceAccount, google.CredentialsParams{
+		Scopes:  config.Scopes,
+		Subject: config.UserEmail,
 	})
 	if err != nil {
-		return nil, fmt.Errorf("google: error getting config for Service Account: %v", err)
+		return nil, fmt.Errorf("google: %v", err)
 	}
 
-	svc, err := admin.NewService(ctx, option.WithTokenSource(creds.TokenSource))
+	svc, err := admin.NewService(
+		ctx,
+		option.WithTokenSource(creds.TokenSource),
+		option.WithUserAgent(config.UserAgent),
+		option.WithHTTPClient(config.Client),
+	)
 	if err != nil {
-		return nil, fmt.Errorf("google: error creating service: %v", err)
+		return nil, fmt.Errorf("google: %v", err)
 	}
 
 	return svc, nil

pkg/google/google_test.go

@@ -18,33 +18,61 @@ func TestNewService(t *testing.T) {
 		ctx := context.TODO()
 		userEmail := "mock-email@mock-project.iam.gserviceaccount.com"
 		serviceAccountFile := "testdata/service_account.json"
-		scope := "admin.AdminDirectoryGroupReadonlyScope, admin.AdminDirectoryGroupMemberReadonlyScope, admin.AdminDirectoryUserReadonlyScope"
+		scopes := []string{
+			"https://www.googleapis.com/auth/admin.directory.group.readonly",
+			"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
+			"https://www.googleapis.com/auth/admin.directory.user.readonly",
+		}
 
 		serviceAccount, err := os.ReadFile(serviceAccountFile)
 		if err != nil {
 			t.Fatalf("Error loading golden file: %s", err)
 		}
 
-		svc, err := NewService(ctx, userEmail, serviceAccount, scope)
+		config := DirectoryServiceConfig{
+			Client:         &http.Client{},
+			UserEmail:      userEmail,
+			ServiceAccount: serviceAccount,
+			Scopes:         scopes,
+			UserAgent:      "test-agent",
+		}
+
+		svc, err := NewService(ctx, config)
 		assert.NoError(t, err)
 		assert.NotNil(t, svc)
 	})
 
 	t.Run("Should return a new Service with empty service account parameter", func(t *testing.T) {
 		ctx := context.TODO()
 		userEmail := ""
-		scope := ""
+		scopes := []string{}
+
+		config := DirectoryServiceConfig{
+			Client:         &http.Client{},
+			UserEmail:      userEmail,
+			ServiceAccount: nil,
+			Scopes:         scopes,
+			UserAgent:      "test-agent",
+		}
 
-		svc, err := NewService(ctx, userEmail, nil, scope)
+		svc, err := NewService(ctx, config)
 		assert.Error(t, err)
 		assert.Nil(t, svc)
 	})
 
 	t.Run("Should return an error when scope is nil", func(t *testing.T) {
 		ctx := context.TODO()
-		userEmail := ""
+		userEmail := "test@example.com"
+
+		config := DirectoryServiceConfig{
+			Client:         &http.Client{},
+			UserEmail:      userEmail,
+			ServiceAccount: []byte("{}"), // provide minimal valid JSON
+			Scopes:         nil,
+			UserAgent:      "test-agent",
+		}
 
-		svc, err := NewService(ctx, userEmail, nil)
+		svc, err := NewService(ctx, config)
 		assert.Error(t, err)
 		assert.Nil(t, svc)
 		assert.ErrorIs(t, err, ErrGoogleClientScopeNil)
@@ -56,14 +84,26 @@ func TestNewDirectoryService(t *testing.T) {
 		ctx := context.TODO()
 		userEmail := "mock-email@mock-project.iam.gserviceaccount.com"
 		serviceAccountFile := "testdata/service_account.json"
-		scope := "admin.AdminDirectoryGroupReadonlyScope, admin.AdminDirectoryGroupMemberReadonlyScope, admin.AdminDirectoryUserReadonlyScope"
+		scopes := []string{
+			"https://www.googleapis.com/auth/admin.directory.group.readonly",
+			"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
+			"https://www.googleapis.com/auth/admin.directory.user.readonly",
+		}
 
 		serviceAccount, err := os.ReadFile(serviceAccountFile)
 		if err != nil {
 			t.Fatalf("Error loading golden file: %s", err)
 		}
 
-		svc, err := NewService(ctx, userEmail, serviceAccount, scope)
+		config := DirectoryServiceConfig{
+			Client:         &http.Client{},
+			UserEmail:      userEmail,
+			ServiceAccount: serviceAccount,
+			Scopes:         scopes,
+			UserAgent:      "test-agent",
+		}
+
+		svc, err := NewService(ctx, config)
 		if err != nil {
 			t.Fatalf("Error creating a service: %s", err)
 		}