CircuitBreaker | Java implementation of Michael Nygard

This answer from the father of Resilience4j helped me:

In a production system you should not set minimumNumberOfCalls to 1. For testing it is okay, but 3 is better.

Let's assume you have minimumNumberOfCalls=3, slidingWindowSize = 10 and slidingWindowType = COUNT_BASED: That means the CircuitBreaker is calculating the failure rate and slow call rate based on the last 10 calls, as soon as 3 calls have been recorded.

Let's assume 2 calls are slow and 1 call is fast: That means the slow call rate is above 50% and the CircuitBreaker will transition to OPEN.

The minimumNumberOfCalls setting makes even more sense, if slidingWindowType = TIME_BASED and the failure rate is calculated based on the calls from the last N seconds.

As for the permittedNumberOfCallsInHalfOpenState question, after the wait-duration-in-open-state period is over, it goes into max-wait-duration-in-half-open-state and will allow a max of 5 calls. As long as the threshold is not met/exceeded, the circuit will close. It does not depend on the slidingWindowSize/minimumNumberOfCalls as per here.

The CircuitBreaker rejects calls with a CallNotPermittedException when it is OPEN. After a wait time duration has elapsed, the CircuitBreaker state changes from OPEN to HALF_OPEN and permits a configurable number of calls to see if the backend is still unavailable or has become available again. Further calls are rejected with a CallNotPermittedException, until all permitted calls have completed. If the failure rate or slow call rate is then equal or greater than the configured threshold, the state changes back to OPEN. If the failure rate and slow call rate is below the threshold, the state changes back to CLOSED.

P.S If you don't configure any property, the default value is used as per here.

This is not caused by the update, Quarkus 2.6.2.Final did not change anything regarding the fault tolerance stuff.

To facilitate negative testing, you can inject CircuitBreakerMaintenance and reset all circuit breakers in the application using resetAll (see https://smallrye.io/docs/smallrye-fault-tolerance/5.2.1/usage/extra.html#_circuit_breaker_maintenance).

Alternatively, there's a configuration property that disables all fault tolerance except fallbacks: MP_Fault_Tolerance_NonFallback_Enabled (see https://download.eclipse.org/microprofile/microprofile-fault-tolerance-3.0/microprofile-fault-tolerance-spec-3.0.html#_disable_a_group_of_fault_tolerance_annotations_on_the_global_level).

Turned out that there is a chance to debug Invalid credentials error for OAuth2 approach. After a suggestion from https://stackoverflow.com/a/62917085/10596295, I debugged the application and realized that there is a problem with the property user-name-attribute. My final version of application.yml looks like this:

Looks like the problem was quote marks in pass.properties file. The interesting thing is, even if credentials are typed with or without quote marks, JDBC connectors work well. Maybe the reason is it is the first line in the file but just a small possibility.

So, do NOT use quote marks in your password files, even if some of the connectors work this way.

You have a few options here but let me clarify why this happens. Feign is an HTTP binder for your APIs. In normal cases when you communicate backend-backend, the de-facto accepted HTTP status codes are 2xx to indicate that everything worked as expected. When an API reponds with a 3xx (302 in your case), that indicates a redirect which is usually used to instruct the browser to redirect the user to another page upon doing something.

Anyway, now that we've cleared why this could happen, let's see why your Feign client behaves this way. All Feign clients have a configuration parameter called follow-redirects. This controls whether upon receiving a 3xx HTTP response, the Feign client should automatically try to call the API specified in the response's Location header.

By default this parameter is set to true, meaning that redirects will be followed and it will be transparent for you, as a client user. From the exception, I think you somehow disabled it or you might use an HTTP client for which you disabled the redirect following manually.

Although I can clearly see from your implementation in the preguntarUsuarioExiste method that you're trying to decide whether a user exists in the system or not. In this case the 302 HTTP Found status doesn't make sense even though I understand why you'd want to use that (cause the term reflects that the user exists).

In this case, I'd simply remove the fixed 302 status with the @ResponseStatus annotation and change the API to return a ResponseEntity instead to resolve the status code dynamically. Something like this:

See https://kafka.apache.org/documentation/#consumerconfigs_retry.backoff.ms

The base amount of time to wait before attempting to reconnect to a given host. This avoids repeatedly connecting to a host in a tight loop. This backoff applies to all connection attempts by the client to a broker.

and https://kafka.apache.org/documentation/#consumerconfigs_reconnect.backoff.max.ms

The maximum amount of time in milliseconds to wait when reconnecting to a broker that has repeatedly failed to connect. If provided, the backoff per host will increase exponentially for each consecutive connection failure, up to this maximum. After calculating the backoff increase, 20% random jitter is added to avoid connection storms.

and

In order to see detailed information in the /health endpoint you need to change the property management.endpoint.health.show-details configuration. It defines when to show full health details and by default its value is never. You need to actually configure it as always as follows:

Circuit Breaker was not designed to use different sleep duration whenever it breaks.

In case of Retry you have the ability to provide a function, called sleepDurationProvider which is called by the policy to determine the actual sleep duration before issuing the next attempt.

So, in short by design it is not supported. I will show you a workaround, but I do not recommend to use it. I will provide a reasoning after the sample code.

For the sake of simplicity let's have the following method:

With Polly.Context you can exchange information between the two policies (in your case: Retry and Circuit Breaker). The Context is basically a Dictionary.

So, the trick is to set a key on the onBreak then use that value inside the sleepDurationProdiver.

Let's start with inner Circuit Breaker policy: