Increase default MaxRetries for Key Vault client

src/Microsoft.Extensions.Configuration.AzureAppConfiguration/AzureAppConfigurationKeyVaultOptions.cs

@@ -15,7 +15,12 @@ namespace Microsoft.Extensions.Configuration.AzureAppConfiguration
     public class AzureAppConfigurationKeyVaultOptions
     {
         internal TokenCredential Credential;
-        internal SecretClientOptions ClientOptions = new SecretClientOptions();
+        internal SecretClientOptions ClientOptions = new SecretClientOptions
+        {
+            Retry = {
+                MaxRetries = int.MaxValue
+            }
+        };
         internal List<SecretClient> SecretClients = new List<SecretClient>();
         internal Func<Uri, ValueTask<string>> SecretResolver;
         internal Dictionary<string, TimeSpan> SecretRefreshIntervals = new Dictionary<string, TimeSpan>();

src/Microsoft.Extensions.Configuration.AzureAppConfiguration/AzureKeyVaultReference/AzureKeyVaultSecretProvider.cs

@@ -5,7 +5,7 @@
 using Microsoft.Extensions.Configuration.AzureAppConfiguration.Extensions;
 using System;
 using System.Collections.Generic;
-using System.Linq;
+using System.Net.Sockets;
 using System.Threading;
 using System.Threading.Tasks;
 
@@ -40,6 +40,7 @@ public async Task<string> GetSecretValue(KeyVaultSecretIdentifier secretIdentifi
             string secretValue = null;
 
             if (_cachedKeyVaultSecrets.TryGetValue(key, out CachedKeyVaultSecret cachedSecret) &&
+                    (cachedSecret.SourceId == secretIdentifier.SourceId) &&
                     (!cachedSecret.RefreshAt.HasValue || DateTimeOffset.UtcNow < cachedSecret.RefreshAt.Value))
             {
                 return cachedSecret.SecretValue;
@@ -68,7 +69,7 @@ public async Task<string> GetSecretValue(KeyVaultSecretIdentifier secretIdentifi
                     secretValue = await _keyVaultOptions.SecretResolver(secretIdentifier.SourceId).ConfigureAwait(false);
                 }
 
-                cachedSecret = new CachedKeyVaultSecret(secretValue);
+                cachedSecret = new CachedKeyVaultSecret(secretValue, secretIdentifier.SourceId);
                 success = true;
             }
             finally
@@ -86,9 +87,18 @@ public bool ShouldRefreshKeyVaultSecrets()
 
         public void ClearCache()
         {
-            _cachedKeyVaultSecrets.Clear();
-            _nextRefreshKey = null;
-            _nextRefreshTime = null;
+            foreach (KeyValuePair<string, CachedKeyVaultSecret> secret in _cachedKeyVaultSecrets)
+            {
+                if (secret.Value.LastRefreshTime + RefreshConstants.MinimumSecretRefreshInterval < DateTimeOffset.UtcNow)
+                {
+                    _cachedKeyVaultSecrets.Remove(secret.Key);
+                }
+            }
+
+            if (_nextRefreshKey != null && !_cachedKeyVaultSecrets.ContainsKey(_nextRefreshKey))
+            {
+                UpdateNextRefreshableSecretFromCache();
+            }
         }
 
         public void RemoveSecretFromCache(string key)

src/Microsoft.Extensions.Configuration.AzureAppConfiguration/AzureKeyVaultReference/CachedKeyVaultSecret.cs

@@ -22,11 +22,23 @@ internal class CachedKeyVaultSecret
         /// </summary>
         public int RefreshAttempts { get; set; }
 
-        public CachedKeyVaultSecret(string secretValue = null, DateTimeOffset? refreshAt = null, int refreshAttempts = 0)
+        /// <summary>
+        /// The last time this secret was reloaded from Key Vault.
+        /// </summary>
+        public DateTimeOffset LastRefreshTime { get; set; }
+
+        /// <summary>
+        /// The source <see cref="Uri"/> for this secret.
+        /// </summary>
+        public Uri SourceId { get; }
+
+        public CachedKeyVaultSecret(string secretValue = null, Uri sourceId = null, DateTimeOffset? refreshAt = null, int refreshAttempts = 0)
         {
             SecretValue = secretValue;
             RefreshAt = refreshAt;
+            LastRefreshTime = DateTimeOffset.UtcNow;
             RefreshAttempts = refreshAttempts;
+            SourceId = sourceId;
         }
     }
 }

src/Microsoft.Extensions.Configuration.AzureAppConfiguration/Constants/RefreshConstants.cs

@@ -16,7 +16,7 @@ internal class RefreshConstants
         public static readonly TimeSpan MinimumFeatureFlagsCacheExpirationInterval = TimeSpan.FromSeconds(1);
 
         // Key Vault secrets
-        public static readonly TimeSpan MinimumSecretRefreshInterval = TimeSpan.FromSeconds(1);
+        public static readonly TimeSpan MinimumSecretRefreshInterval = TimeSpan.FromMinutes(1);
 
         // Backoff during refresh failures
         public static readonly TimeSpan DefaultMinBackoff = TimeSpan.FromSeconds(30);

tests/Tests.AzureAppConfiguration/KeyVaultReferenceTests.cs

@@ -758,7 +758,7 @@ Response<ConfigurationSetting> GetIfChanged(ConfigurationSetting setting, bool o
         public async Task CachedSecretIsInvalidatedWhenRefreshAllIsTrue()
         {
             IConfigurationRefresher refresher = null;
-            TimeSpan cacheExpirationTime = TimeSpan.FromSeconds(1);
+            TimeSpan cacheExpirationTime = TimeSpan.FromSeconds(60);
 
             var mockResponse = new Mock<Response>();
             var mockClient = new Mock<ConfigurationClient>(MockBehavior.Strict);
@@ -830,7 +830,7 @@ Response<ConfigurationSetting> GetIfChanged(ConfigurationSetting setting, bool o
         public async Task SecretIsReloadedFromKeyVaultWhenCacheExpires()
         {
             IConfigurationRefresher refresher = null;
-            TimeSpan cacheExpirationTime = TimeSpan.FromSeconds(1);
+            TimeSpan cacheExpirationTime = TimeSpan.FromSeconds(60);
 
             var mockResponse = new Mock<Response>();
             var mockClient = new Mock<ConfigurationClient>(MockBehavior.Strict);
@@ -873,7 +873,7 @@ public async Task SecretIsReloadedFromKeyVaultWhenCacheExpires()
         public async Task SecretsWithDefaultRefreshInterval()
         {
             IConfigurationRefresher refresher = null;
-            TimeSpan shortCacheExpirationTime = TimeSpan.FromSeconds(1);
+            TimeSpan shortCacheExpirationTime = TimeSpan.FromSeconds(60);
 
             var mockResponse = new Mock<Response>();
             var mockClient = new Mock<ConfigurationClient>(MockBehavior.Strict);
@@ -918,7 +918,7 @@ public async Task SecretsWithDefaultRefreshInterval()
         public async Task SecretsWithDifferentRefreshIntervals()
         {
             IConfigurationRefresher refresher = null;
-            TimeSpan shortCacheExpirationTime = TimeSpan.FromSeconds(1);
+            TimeSpan shortCacheExpirationTime = TimeSpan.FromSeconds(60);
             TimeSpan longCacheExpirationTime = TimeSpan.FromDays(1);
 
             var mockResponse = new Mock<Response>();

tests/Tests.AzureAppConfiguration/LoggingTests.cs

@@ -582,7 +582,7 @@ public async Task ValidateCorrectKeyVaultSecretLoggedDuringRefresh()
                         refreshOptions.Register("TestKey1", "label", true)
                                       .SetCacheExpiration(CacheExpirationTime);
                     });
-                    options.ConfigureKeyVault(kv => kv.Register(mockSecretClient.Object).SetSecretRefreshInterval(CacheExpirationTime));
+                    options.ConfigureKeyVault(kv => kv.Register(mockSecretClient.Object).SetSecretRefreshInterval(TimeSpan.FromSeconds(60)));
                     refresher = options.GetRefresher();
                 })
                 .Build();

tests/Tests.AzureAppConfiguration/MapTests.cs

@@ -410,7 +410,7 @@ public void MapResolveKeyVaultReferenceThrowsExceptionInAdapter()
                 .AddAzureAppConfiguration(options =>
                 {
                     options.ClientManager = mockClientManager;
-                    options.ConfigureKeyVault(kv => kv.Register(mockSecretClient.Object).SetSecretRefreshInterval(TimeSpan.FromSeconds(1)));
+                    options.ConfigureKeyVault(kv => kv.Register(mockSecretClient.Object).SetSecretRefreshInterval(TimeSpan.FromSeconds(60)));
                     options.Map((setting) =>
                     {
                         if (setting.ContentType == KeyVaultConstants.ContentType + "; charset=utf-8")
@@ -446,7 +446,7 @@ public void MapAsyncResolveKeyVaultReference()
             .AddAzureAppConfiguration(options =>
             {
                 options.ClientManager = mockClientManager;
-                options.ConfigureKeyVault(kv => kv.Register(mockSecretClient.Object).SetSecretRefreshInterval(TimeSpan.FromSeconds(1)));
+                options.ConfigureKeyVault(kv => kv.Register(mockSecretClient.Object).SetSecretRefreshInterval(TimeSpan.FromSeconds(60)));
                 options.Map(async (setting) =>
                 {
                     if (setting.ContentType == KeyVaultConstants.ContentType + "; charset=utf-8")