Secrets: Refactor code duplicity on secrets sql kvstore (#54032)

This commit is contained in:
Guilherme Caulada 2022-08-22 11:48:57 -03:00 committed by GitHub
parent 013dda7bb8
commit 2e9edf4592
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -58,30 +58,11 @@ func (kv *secretsKVStoreSQL) Get(ctx context.Context, orgId int64, namespace str
}) })
if err == nil && isFound { if err == nil && isFound {
kv.decryptionCache.Lock() decryptedValue, err = kv.getDecryptedValue(ctx, item)
defer kv.decryptionCache.Unlock()
if cache, ok := kv.decryptionCache.cache[item.Id]; ok && item.Updated.Equal(cache.updated) {
kv.log.Debug("got secret value from decryption cache", "orgId", orgId, "type", typ, "namespace", namespace)
return cache.value, isFound, err
}
decodedValue, err := b64.DecodeString(item.Value)
if err != nil { if err != nil {
kv.log.Error("error decoding secret value", "orgId", orgId, "type", typ, "namespace", namespace, "err", err) kv.log.Error("error decrypting secret value", "orgId", item.OrgId, "type", item.Type, "namespace", item.Namespace, "err", err)
return string(decryptedValue), isFound, err return string(decryptedValue), isFound, err
} }
decryptedValue, err = kv.secretsService.Decrypt(ctx, decodedValue)
if err != nil {
kv.log.Error("error decrypting secret value", "orgId", orgId, "type", typ, "namespace", namespace, "err", err)
return string(decryptedValue), isFound, err
}
kv.decryptionCache.cache[item.Id] = cachedDecrypted{
updated: item.Updated,
value: string(decryptedValue),
}
} }
kv.log.Debug("got secret value", "orgId", orgId, "type", typ, "namespace", namespace) kv.log.Debug("got secret value", "orgId", orgId, "type", typ, "namespace", namespace)
@ -241,37 +222,42 @@ func (kv *secretsKVStoreSQL) GetAll(ctx context.Context) ([]Item, error) {
return nil, err return nil, err
} }
// decrypting value // decrypting values
kv.decryptionCache.Lock()
defer kv.decryptionCache.Unlock()
for i := range items { for i := range items {
var decryptedValue []byte value, err := kv.getDecryptedValue(ctx, items[i])
if cache, ok := kv.decryptionCache.cache[items[i].Id]; ok && items[i].Updated.Equal(cache.updated) { items[i].Value = string(value)
kv.log.Debug("got secret value from decryption cache", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace)
items[i].Value = cache.value
continue
}
decodedValue, err := b64.DecodeString(items[i].Value)
if err != nil {
kv.log.Error("error decoding secret value", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace, "err", err)
items[i].Value = string(decryptedValue)
continue
}
decryptedValue, err = kv.secretsService.Decrypt(ctx, decodedValue)
if err != nil { if err != nil {
kv.log.Error("error decrypting secret value", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace, "err", err) kv.log.Error("error decrypting secret value", "orgId", items[i].OrgId, "type", items[i].Type, "namespace", items[i].Namespace, "err", err)
items[i].Value = string(decryptedValue)
continue
}
items[i].Value = string(decryptedValue)
kv.decryptionCache.cache[items[i].Id] = cachedDecrypted{
updated: items[i].Updated,
value: string(decryptedValue),
} }
} }
return items, err return items, err
} }
func (kv *secretsKVStoreSQL) getDecryptedValue(ctx context.Context, item Item) ([]byte, error) {
kv.decryptionCache.Lock()
defer kv.decryptionCache.Unlock()
var decryptedValue []byte
var err error
if cache, ok := kv.decryptionCache.cache[item.Id]; ok && item.Updated.Equal(cache.updated) {
return []byte(cache.value), err
}
decodedValue, err := b64.DecodeString(item.Value)
if err != nil {
return decryptedValue, err
}
decryptedValue, err = kv.secretsService.Decrypt(ctx, decodedValue)
if err != nil {
return decryptedValue, err
}
kv.decryptionCache.cache[item.Id] = cachedDecrypted{
updated: item.Updated,
value: string(decryptedValue),
}
return decryptedValue, err
}