From 9c33224928bf58690a056fddebb90a422160dee5 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Fri, 12 Aug 2016 15:13:42 -0400
Subject: [PATCH] Don't retry on redirections.

---
 README.md     |  2 +-
 api/client.go | 17 ++++++-----------
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 8e1c48ab4..b96fd4f4d 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ Developing Vault
 
 If you wish to work on Vault itself or any of its built-in systems,
 you'll first need [Go](https://www.golang.org) installed on your
-machine (version 1.6+ is *required*).
+machine (version 1.7+ is *required*).
 
 For local dev first make sure Go is properly installed, including setting up a
 [GOPATH](https://golang.org/doc/code.html#GOPATH). Next, clone this repository
diff --git a/api/client.go b/api/client.go
index f53a70eeb..e548eb964 100644
--- a/api/client.go
+++ b/api/client.go
@@ -2,7 +2,6 @@ package api
 
 import (
 	"crypto/tls"
-	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -27,10 +26,6 @@ const EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME"
 const EnvVaultWrapTTL = "VAULT_WRAP_TTL"
 const EnvVaultMaxRetries = "VAULT_MAX_RETRIES"
 
-var (
-	errRedirect = errors.New("redirect")
-)
-
 // WrappingLookupFunc is a function that, given an HTTP verb and a path,
 // returns an optional string duration to be used for response wrapping (e.g.
 // "15s", or simply "15"). The path will not begin with "/v1/" or "v1/" or "/",
@@ -260,7 +255,11 @@ func NewClient(c *Config) (*Client, error) {
 		// redirect handling logic (and thus also for command/meta),
 		// but in e.g. http_test actual redirect handling is necessary
 		c.HttpClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
-			return errRedirect
+			// Returning this value causes the Go net library to not close the
+			// response body and nil out the error. Otherwise pester tries
+			// three times on every redirect because it sees an error from this
+			// function being passed through.
+			return http.ErrUseLastResponse
 		}
 	}
 
@@ -365,9 +364,7 @@ START:
 		result = &Response{Response: resp}
 	}
 	if err != nil {
-		if urlErr, ok := err.(*url.Error); ok && urlErr.Err == errRedirect {
-			err = nil
-		} else if strings.Contains(err.Error(), "tls: oversized") {
+		if strings.Contains(err.Error(), "tls: oversized") {
 			err = fmt.Errorf(
 				"%s\n\n"+
 					"This error usually means that the server is running with TLS disabled\n"+
@@ -380,8 +377,6 @@ START:
 					"where <address> is replaced by the actual address to the server.",
 				err)
 		}
-	}
-	if err != nil {
 		return result, err
 	}