From 31ca499c04af6f0d90eadf2ad2a93cc392447fb6 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Thu, 8 Jan 2026 04:29:29 -0300
Subject: [PATCH] comms: retry mas token for room cleanup

---
 services/comms/bstein-force-leave-job.yaml | 25 +++++++++++++++-------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/services/comms/bstein-force-leave-job.yaml b/services/comms/bstein-force-leave-job.yaml
index c83efe9..eef6721 100644
--- a/services/comms/bstein-force-leave-job.yaml
+++ b/services/comms/bstein-force-leave-job.yaml
@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: bstein-leave-rooms-2
+  name: bstein-leave-rooms-3
   namespace: comms
 spec:
   backoffLimit: 0
@@ -50,6 +50,7 @@ spec:
               import urllib.error
               import urllib.parse
               import urllib.request
+              import time
 
               MAS_ADMIN_CLIENT_ID = os.environ["MAS_ADMIN_CLIENT_ID"]
               MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"]
@@ -87,6 +88,8 @@ spec:
                       except Exception:
                           payload = None
                       return e.code, payload
+                  except urllib.error.URLError:
+                      return 0, None
 
               with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f:
                   mas_admin_client_secret = f.read().strip()
@@ -94,13 +97,19 @@ spec:
                   raise RuntimeError("MAS admin client secret file is empty")
 
               basic = base64.b64encode(f"{MAS_ADMIN_CLIENT_ID}:{mas_admin_client_secret}".encode()).decode()
-              token_status, token_payload = http_json(
-                  "POST",
-                  MAS_TOKEN_URL,
-                  headers={"Authorization": f"Basic {basic}"},
-                  form={"grant_type": "client_credentials", "scope": "urn:mas:admin"},
-                  timeout=30,
-              )
+              token_status = 0
+              token_payload = None
+              for attempt in range(1, 6):
+                  token_status, token_payload = http_json(
+                      "POST",
+                      MAS_TOKEN_URL,
+                      headers={"Authorization": f"Basic {basic}"},
+                      form={"grant_type": "client_credentials", "scope": "urn:mas:admin"},
+                      timeout=30,
+                  )
+                  if token_status == 200 and token_payload and "access_token" in token_payload:
+                      break
+                  time.sleep(attempt * 2)
               if token_status != 200 or not token_payload or "access_token" not in token_payload:
                   raise RuntimeError(f"MAS admin token request failed (HTTP {token_status})")
               mas_admin_token = token_payload["access_token"]