Secrets: Refactor code duplicity on secrets sql kvstore (#54032)

pkg/services/secrets/kvstore/sql.go

@@ -58,30 +58,11 @@ func (kv *secretsKVStoreSQL) Get(ctx context.Context, orgId int64, namespace str
 	})
 
 	if err == nil && isFound {
-		kv.decryptionCache.Lock()
-		defer kv.decryptionCache.Unlock()
-
-		if cache, ok := kv.decryptionCache.cache[item.Id]; ok && item.Updated.Equal(cache.updated) {
-			kv.log.Debug("got secret value from decryption cache", "orgId", orgId, "type", typ, "namespace", namespace)
-			return cache.value, isFound, err
-		}
-
-		decodedValue, err := b64.DecodeString(item.Value)
+		decryptedValue, err = kv.getDecryptedValue(ctx, item)
 		if err != nil {
-			kv.log.Error("error decoding secret value", "orgId", orgId, "type", typ, "namespace", namespace, "err", err)
+			kv.log.Error("error decrypting secret value", "orgId", item.OrgId, "type", item.Type, "namespace", item.Namespace, "err", err)
 			return string(decryptedValue), isFound, err
 		}
-
-		decryptedValue, err = kv.secretsService.Decrypt(ctx, decodedValue)
-		if err != nil {
-			kv.log.Error("error decrypting secret value", "orgId", orgId, "type", typ, "namespace", namespace, "err", err)
-			return string(decryptedValue), isFound, err
-		}
-
-		kv.decryptionCache.cache[item.Id] = cachedDecrypted{
-			updated: item.Updated,
-			value:   string(decryptedValue),
-		}
 	}
 
 	kv.log.Debug("got secret value", "orgId", orgId, "type", typ, "namespace", namespace)
@@ -241,37 +222,42 @@ func (kv *secretsKVStoreSQL) GetAll(ctx context.Context) ([]Item, error) {
 		return nil, err
 	}
 
-	// decrypting value
-	kv.decryptionCache.Lock()
-	defer kv.decryptionCache.Unlock()
+	// decrypting values
 	for i := range items {
-		var decryptedValue []byte
-		if cache, ok := kv.decryptionCache.cache[items[i].Id]; ok && items[i].Updated.Equal(cache.updated) {
-			kv.log.Debug("got secret value from decryption cache", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace)
-			items[i].Value = cache.value
-			continue
-		}
-
-		decodedValue, err := b64.DecodeString(items[i].Value)
-		if err != nil {
-			kv.log.Error("error decoding secret value", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace, "err", err)
-			items[i].Value = string(decryptedValue)
-			continue
-		}
-
-		decryptedValue, err = kv.secretsService.Decrypt(ctx, decodedValue)
+		value, err := kv.getDecryptedValue(ctx, items[i])
+		items[i].Value = string(value)
 		if err != nil {
 			kv.log.Error("error decrypting secret value", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace, "err", err)
-			items[i].Value = string(decryptedValue)
-			continue
-		}
-
-		items[i].Value = string(decryptedValue)
-		kv.decryptionCache.cache[items[i].Id] = cachedDecrypted{
-			updated: items[i].Updated,
-			value:   string(decryptedValue),
 		}
 	}
 
 	return items, err
 }
+
+func (kv *secretsKVStoreSQL) getDecryptedValue(ctx context.Context, item Item) ([]byte, error) {
+	kv.decryptionCache.Lock()
+	defer kv.decryptionCache.Unlock()
+	var decryptedValue []byte
+	var err error
+
+	if cache, ok := kv.decryptionCache.cache[item.Id]; ok && item.Updated.Equal(cache.updated) {
+		return []byte(cache.value), err
+	}
+
+	decodedValue, err := b64.DecodeString(item.Value)
+	if err != nil {
+		return decryptedValue, err
+	}
+
+	decryptedValue, err = kv.secretsService.Decrypt(ctx, decodedValue)
+	if err != nil {
+		return decryptedValue, err
+	}
+
+	kv.decryptionCache.cache[item.Id] = cachedDecrypted{
+		updated: item.Updated,
+		value:   string(decryptedValue),
+	}
+
+	return decryptedValue, err
+}