🥅 455 - Error handling and retries + job reporting

package.json

@@ -86,6 +86,7 @@
     "archiver": "^5.3.0",
     "aws-sdk": "^2.923.0",
     "axios": "^1.7.7",
+    "axios-retry": "^4.5.0",
     "body-parser": "^1.19.0",
     "cd": "^0.3.3",
     "connect-mongo": "^4.4.1",

src/jobs/ega/axios/egaClient.ts

@@ -22,9 +22,11 @@ import urlJoin from 'url-join';
 import { getAppConfig } from '../../../config';
 import logger from '../../../logger';
 
+import axiosRetry from 'axios-retry';
 import pThrottle from '../../../../pThrottle';
 import { EGA_API } from '../../../utils/constants';
 import { DacAccessionId, DatasetAccessionId } from '../types/common';
+import { DEFAULT_RETRIES } from '../types/constants';
 import { BadRequestError, NotFoundError, ServerError } from '../types/errors';
 import { ApprovePermissionRequest, PermissionRequest, RevokePermission } from '../types/requests';
 import {
@@ -50,7 +52,7 @@ import {
 } from '../types/results';
 import { safeParseArray, ZodResultAccumulator } from '../types/zodSafeParseArray';
 import { ApprovedUser, getErrorMessage } from '../utils';
-import { fetchAccessToken, tokenExpired } from './idpClient';
+import { fetchAccessToken, isTokenExpired } from './idpClient';
 
 const { DACS, DATASETS, PERMISSIONS, REQUESTS, USERS } = EGA_API;
 
@@ -61,12 +63,14 @@ const initApiAxiosClient = () => {
   const {
     ega: { apiUrl },
   } = getAppConfig();
-  return axios.create({
+  const client = axios.create({
     baseURL: apiUrl,
     headers: {
       'Content-Type': 'application/json',
     },
   });
+  axiosRetry(client, { retries: DEFAULT_RETRIES });
+  return client;
 };
 const apiAxiosClient = initApiAxiosClient();
 
@@ -84,9 +88,9 @@ export const egaApiClient = async () => {
 
   const getAccessToken = async (): Promise<IdpToken> => {
     if (currentToken) {
-      const tokenIsExpired = await tokenExpired(currentToken);
+      const tokenIsExpired = await isTokenExpired(currentToken);
       if (tokenIsExpired) {
-        logger.info('token is expired');
+        logger.debug('Token is expired.');
         resetAccessToken();
       } else {
         return currentToken;
@@ -117,6 +121,13 @@ export const egaApiClient = async () => {
     interval: maxRequestInterval,
   });
 
+  // throttled axios methods
+  const throttledDelete = throttle(apiAxiosClient.delete);
+  const throttledGet = throttle(apiAxiosClient.get);
+  const throttledPost = throttle(apiAxiosClient.post);
+  const throttledPut = throttle(apiAxiosClient.put);
+  const throttledGenericRequest = throttle(apiAxiosClient.request);
+
   const accessToken = await getAccessToken();
   apiAxiosClient.defaults.headers.common['Authorization'] = `Bearer ${accessToken.access_token}`;
 
@@ -142,7 +153,7 @@ export const egaApiClient = async () => {
                 // reset on client headers so subsequent requests have new access token
                 apiAxiosClient.defaults.headers['Authorization'] = refreshedBearerToken;
                 // returns Promise for original request
-                return apiAxiosClient.request(error.config);
+                return throttledGenericRequest(error.config);
               case 400:
                 // don't retry
                 logger.error(`Bad Request`);
@@ -157,13 +168,13 @@ export const egaApiClient = async () => {
                   `${CLIENT_NAME} - ${error.response.status} - ${error.response.statusText} - retrying original request.`,
                 );
                 // retry original request. this response error shouldn't be an issue because throttling is in place
-                return apiAxiosClient.request(error.config);
+                return throttledGenericRequest(error.config);
               case 504:
                 logger.error(
                   `${CLIENT_NAME} - ${error.response.status} - ${error.response.statusText} - retrying original request.`,
                 );
                 // retry original request
-                return apiAxiosClient.request(error.config);
+                return throttledGenericRequest(error.config);
               default:
                 logger.error(`Unexpected Axios Error: ${error.response.status}`);
                 return new ServerError('Unexpected Axios Error');
@@ -177,7 +188,7 @@ export const egaApiClient = async () => {
               logger.error(`${CLIENT_NAME} - AxiosError - ECONNRESET`);
               if (originalRequest) {
                 logger.info(`${CLIENT_NAME} - ECONNRESET - retrying original request`);
-                return apiAxiosClient.request(originalRequest);
+                return throttledGenericRequest(originalRequest);
               }
               return Promise.reject(error);
             case 'ERR_BAD_REQUEST':
@@ -203,7 +214,7 @@ export const egaApiClient = async () => {
   ): Promise<Result<ZodResultAccumulator<EgaDataset>, GetDatasetsForDacFailure>> => {
     const url = urlJoin(DACS, dacId, DATASETS);
     try {
-      const { data } = await apiAxiosClient.get(url);
+      const { data } = await throttledGet(url);
       const result = safeParseArray(EgaDataset, data);
       return success(result);
     } catch (err) {
@@ -229,7 +240,7 @@ export const egaApiClient = async () => {
   const getUser = async (user: ApprovedUser): Promise<Result<EgaUser, GetUserFailure>> => {
     const url = urlJoin(USERS, user.email);
     try {
-      const response = await apiAxiosClient.get(url);
+      const response = await throttledGet(url);
       const egaUser = EgaUser.safeParse(response.data);
       if (egaUser.success) {
         return success(egaUser.data);
@@ -269,7 +280,7 @@ export const egaApiClient = async () => {
   }): Promise<Result<ZodResultAccumulator<EgaPermission>, GetPermissionsForDatasetFailure>> => {
     const url = urlJoin(DACS, dacId, PERMISSIONS);
     try {
-      const response = await apiAxiosClient.get(url, {
+      const response = await throttledGet(url, {
         params: {
           dataset_accession_id: datasetAccessionId,
           limit,
@@ -303,7 +314,7 @@ export const egaApiClient = async () => {
   > => {
     try {
       const url = urlJoin(PERMISSIONS);
-      const response = await apiAxiosClient.get(url, {
+      const response = await throttledGet(url, {
         params: {
           user_id: userId,
           limit: datasetsTotal,
@@ -359,7 +370,7 @@ export const egaApiClient = async () => {
     Result<ZodResultAccumulator<EgaPermissionRequest>, CreatePermissionRequestsFailure>
   > => {
     try {
-      const { data } = await apiAxiosClient.post(REQUESTS, requests);
+      const { data } = await throttledPost(REQUESTS, requests);
       const result = safeParseArray(EgaPermissionRequest, data);
       return success(result);
     } catch (err) {
@@ -387,7 +398,7 @@ export const egaApiClient = async () => {
     requests: ApprovePermissionRequest[],
   ): Promise<Result<ApprovePermissionResponse, ApprovedPermissionRequestsFailure>> => {
     try {
-      const response = await apiAxiosClient.put(REQUESTS, requests);
+      const response = await throttledPut(REQUESTS, requests);
       if (response.data) {
         const result = ApprovePermissionResponse.safeParse(response.data);
         if (result.success) {
@@ -424,7 +435,7 @@ export const egaApiClient = async () => {
     requests: RevokePermission[],
   ): Promise<Result<RevokePermissionResponse, RevokePermissionsFailure>> => {
     try {
-      const response = await apiAxiosClient.delete(PERMISSIONS, { data: requests });
+      const response = await throttledDelete(PERMISSIONS, { data: requests });
       if (response.status === 400) {
         throw new BadRequestError('Permission not found.');
       }
@@ -452,13 +463,13 @@ export const egaApiClient = async () => {
   };
 
   return {
-    approvePermissionRequests: throttle(approvePermissionRequests),
-    createPermissionRequests: throttle(createPermissionRequests),
-    getDatasetsForDac: throttle(getDatasetsForDac),
-    getPermissionsByUserId: throttle(getPermissionsByUserId),
-    getPermissionsForDataset: throttle(getPermissionsForDataset),
-    getUser: throttle(getUser),
-    revokePermissions: throttle(revokePermissions),
+    approvePermissionRequests,
+    createPermissionRequests,
+    getDatasetsForDac,
+    getPermissionsByUserId,
+    getPermissionsForDataset,
+    getUser,
+    revokePermissions,
   };
 };
 

src/jobs/ega/axios/idpClient.ts

@@ -18,13 +18,15 @@
  */
 
 import axios, { AxiosError } from 'axios';
+import axiosRetry from 'axios-retry';
 import jwt from 'jsonwebtoken';
 import urlJoin from 'url-join';
 import { getAppConfig } from '../../../config';
 import logger from '../../../logger';
 import getAppSecrets from '../../../secrets';
 
 import { EGA_GRANT_TYPE, EGA_REALMS_PATH, EGA_TOKEN_ENDPOINT } from '../../../utils/constants';
+import { DEFAULT_RETRIES } from '../types/constants';
 import { IdpToken } from '../types/responses';
 const { verify } = jwt;
 
@@ -39,7 +41,7 @@ const CLIENT_NAME = 'IDP_CLIENT';
 const decodeToken = async (
   token: string,
 ): Promise<jwt.JwtPayload | 'TokenExpiredError' | undefined> => {
-  logger.info('Verifying token');
+  logger.debug('Verifying token');
   const {
     auth: { egaPublicKey },
   } = await getAppSecrets();
@@ -61,11 +63,12 @@ const decodeToken = async (
 };
 
 /**
- * Uses jsonwebtoken.verify to validate token is not expired
+ * Uses jsonwebtoken.verify to validate token is not expired.
+ * Returns true if token is expired, otherwise returns false; the token may be invalid and still return false
  * @param token IdpToken
  * @returns Promise<boolean>
  */
-export const tokenExpired = async (token: IdpToken): Promise<boolean> => {
+export const isTokenExpired = async (token: IdpToken): Promise<boolean> => {
   const decoded = await decodeToken(token.access_token);
   return decoded === 'TokenExpiredError';
 };
@@ -75,9 +78,11 @@ const initIdpClient = () => {
   const {
     ega: { authHost },
   } = getAppConfig();
-  return axios.create({
+  const client = axios.create({
     baseURL: authHost,
   });
+  axiosRetry(client, { retries: DEFAULT_RETRIES });
+  return client;
 };
 const idpClient = initIdpClient();
 
@@ -100,7 +105,7 @@ idpClient.interceptors.response.use(
               logger.error(`${CLIENT_NAME} - AxiosError - ECONNRESET`);
               const originalRequest = error.config;
               if (originalRequest) {
-                logger.info(`${CLIENT_NAME} - retrying original request`);
+                logger.debug(`${CLIENT_NAME} - retrying original request`);
                 return idpClient.request(originalRequest);
               }
               break;

src/jobs/ega/egaPermissionsReconciliation.ts

@@ -43,6 +43,41 @@ const JOB_NAME = 'RECONCILE_EGA_PERMISSIONS';
  * 5) Process existing permissions for each dataset + revoke those which belong to users not on the DACO approved list
  * 6) Return completed JobReport
  * @returns Promise<JobReport<ReconciliationJobReport>>
+ * @example
+ * // returns {
+  "startedAt": "2024-11-25T22:14:57.306Z",
+  "finishedAt": "2024-11-26T01:52:51.339Z",
+  "jobName": "RECONCILE_EGA_PERMISSIONS",
+  "success": true,
+  "details": {
+    "approvedDacoUsersCount": 1514,
+    "approvedEgaUsersCount": 1514,
+    "datasetsCount": 503,
+    "permissionsCreated": {
+      "startTime": "2024-11-25T22:26:38.344Z",
+      "endTime": "2024-11-26T00:04:22.968Z",
+      "timeElapsed": "97 minutes",
+      "completionStatus": "SUCCESS",
+      "details": {
+        "numUsersSuccessfullyProcessed": 1514,
+        "numUsersWithNewPermissions": 1402,
+        "errors": []
+      }
+    },
+    "permissionsRevoked": {
+      "startTime": "2024-11-26T00:04:22.980Z",
+      "endTime": "2024-11-26T01:52:51.331Z",
+      "timeElapsed": "108 minutes",
+      "completionStatus": "SUCCESS",
+      "details": {
+        "numDatasetsProcessed": 503,
+        "numDatasetsWithPermissionsRevoked": 293,
+        "errors": [],
+        "datasetsWithIncorrectPermissionsCounts": []
+      }
+    }
+  }
+}
  */
 async function runEgaPermissionsReconciliation(): Promise<JobReport<ReconciliationJobReport>> {
   const startTime = new Date();
@@ -110,7 +145,8 @@ async function runEgaPermissionsReconciliation(): Promise<JobReport<Reconciliati
   logger.info(`${JOB_NAME} - Job took ${timeElapsed} minutes to complete.`);
 
   const reportHasErrors =
-    permissionsCreatedResult.details.errors.length | permissionsRevokedResult.details.errors.length;
+    permissionsCreatedResult.details.errors.length > 0 ||
+    permissionsRevokedResult.details.errors.length > 0;
   const permissionsReconciliationJobReport: JobReport<ReconciliationJobReport> = {
     startedAt: startTime,
     finishedAt: endTime,

src/jobs/ega/fetchPublicKey.ts

@@ -33,7 +33,7 @@ export const fetchPublicKeyFromKeycloak = async (
     console.error('Keycloak realm info not provided in config, aborting fetch attempt.');
     return undefined;
   }
-  console.info(`Fetching public key from Keycloak realm ${authRealmName}.`);
+  console.debug(`Fetching public key from Keycloak realm ${authRealmName}.`);
   const keycloakUrl = urlJoin(authHost, 'realms', authRealmName);
   try {
     const response = await fetch(keycloakUrl);