From 2a89c6cd750c72e813776d90ed6c6a77b03f3535 Mon Sep 17 00:00:00 2001 From: Bill Hamilton Date: Mon, 11 Nov 2024 10:18:55 -0800 Subject: [PATCH 1/2] added simple caching for access tokens --- vault/vault.go | 52 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/vault/vault.go b/vault/vault.go index 622b37f..096b92b 100644 --- a/vault/vault.go +++ b/vault/vault.go @@ -7,7 +7,9 @@ import ( "fmt" "io" "log" + "math" "net/http" + "os" "strings" "time" @@ -58,6 +60,12 @@ type Vault struct { Configuration } +//nolint:tagliatelle // the json is coming from an external API call +type TokenCache struct { + AccessToken string `json:"access_token"` + ExpiresIn int `json:"expires_in"` +} + // New returns a Vault or an error if the Configuration is invalid func New(config Configuration) (*Vault, error) { if config.Provider == auth.CLIENT { @@ -138,12 +146,48 @@ type accessTokenRequest struct { AwsHeaders string `json:"aws_headers,omitempty"` } +//nolint:tagliatelle // the json is coming from an external API call type accessTokenResponse struct { AccessToken string `json:"accessToken"` + ExpiresIn int `json:"expiresIn"` +} + +func (v Vault) setCacheAccessToken(value string, expiresIn int) bool { + percentage := 0.9 + cache := TokenCache{} + cache.AccessToken = value + cache.ExpiresIn = (int(time.Now().Unix()) + expiresIn) - int(math.Floor(float64(expiresIn)*percentage)) + + data, err := json.Marshal(cache) + if err != nil { + return false + } + os.Setenv("SS_AT", string(data)) + return true +} + +func (v Vault) getCacheAccessToken() (string, bool) { + data, ok := os.LookupEnv("SS_AT") + if !ok { + os.Setenv("SS_AT", "") + return "", ok + } + cache := TokenCache{} + if err := json.Unmarshal([]byte(data), &cache); err != nil { + return "", false + } + if time.Now().Unix() < int64(cache.ExpiresIn) { + return cache.AccessToken, true + } + return "", false } // getAccessToken returns access token fetched from DSV. func (v Vault) getAccessToken() (string, error) { + accessToken, found := v.getCacheAccessToken() + if found { + return accessToken, nil + } var rBody accessTokenRequest switch v.Provider { case auth.AWS: @@ -168,7 +212,6 @@ func (v Vault) getAccessToken() (string, error) { request, err := json.Marshal(&rBody) if err != nil { - return "", fmt.Errorf("marshalling token request body: %w", err) } url := v.urlFor("token", "") @@ -181,9 +224,12 @@ func (v Vault) getAccessToken() (string, error) { // TODO: cache the token until it expires. resp := &accessTokenResponse{} if err = json.Unmarshal(response, &resp); err != nil { - return "", fmt.Errorf("unmarshalling token response: %w", err) + return "", fmt.Errorf("unmarshaling token response: %w", err) + } + ok := v.setCacheAccessToken(resp.AccessToken, resp.ExpiresIn) + if !ok { + return "", fmt.Errorf("unable to cache access token") } - return resp.AccessToken, nil } From da5961855cb56c9412792b8748d2d996502b8f67 Mon Sep 17 00:00:00 2001 From: Bill Hamilton Date: Mon, 11 Nov 2024 10:20:17 -0800 Subject: [PATCH 2/2] added changie file --- .../\360\237\216\211 New Product Feature-20241111-101938.yaml" | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ".changes/unreleased/\360\237\216\211 New Product Feature-20241111-101938.yaml" diff --git "a/.changes/unreleased/\360\237\216\211 New Product Feature-20241111-101938.yaml" "b/.changes/unreleased/\360\237\216\211 New Product Feature-20241111-101938.yaml" new file mode 100644 index 0000000..7194b82 --- /dev/null +++ "b/.changes/unreleased/\360\237\216\211 New Product Feature-20241111-101938.yaml" @@ -0,0 +1,3 @@ +kind: "\U0001F389 New Product Feature" +body: added simple caching for access tokens +time: 2024-11-11T10:19:38.406242-08:00