Don't retry on redirections.

api/client.go

@@ -2,7 +2,6 @@ package api
 
 import (
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -27,10 +26,6 @@ const EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
 const EnvVaultWrapTTL = "VAULT_WRAP_TTL"
 const EnvVaultMaxRetries = "VAULT_MAX_RETRIES"
 
-var (
-	errRedirect = errors.New("redirect")
-)
-
 // WrappingLookupFunc is a function that, given an HTTP verb and a path,
 // returns an optional string duration to be used for response wrapping (e.g.
 // "15s", or simply "15"). The path will not begin with "/v1/" or "v1/" or "/",
@@ -260,7 +255,11 @@ func NewClient(c *Config) (*Client, error) {
 		// redirect handling logic (and thus also for command/meta),
 		// but in e.g. http_test actual redirect handling is necessary
 		c.HttpClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
-			return errRedirect
+			// Returning this value causes the Go net library to not close the
+			// response body and nil out the error. Otherwise pester tries
+			// three times on every redirect because it sees an error from this
+			// function being passed through.
+			return http.ErrUseLastResponse
 		}
 	}
 
@@ -365,9 +364,7 @@ START:
 		result = &Response{Response: resp}
 	}
 	if err != nil {
-		if urlErr, ok := err.(*url.Error); ok && urlErr.Err == errRedirect {
-			err = nil
-		} else if strings.Contains(err.Error(), "tls: oversized") {
+		if strings.Contains(err.Error(), "tls: oversized") {
 			err = fmt.Errorf(
 				"%s\n\n"+
 					"This error usually means that the server is running with TLS disabled\n"+
@@ -380,8 +377,6 @@ START:
 					"where <address> is replaced by the actual address to the server.",
 				err)
 		}
-	}
-	if err != nil {
 		return result, err
 	}