Distribt icon indicating copy to clipboard operation
Distribt copied to clipboard

Published 20 hours ago verified publisher icon ElectNewt

SecretManager: Add a wrapper to block endless calls

Open ElectNewt opened this issue 3 years ago • 2 comments

Investigate if it is needed to add a wrapper around the secret manager. this wrapper will keep the secrets in memory and it will not call the service unless the call fails.

This is something to keep in mind, if we add the wrapper the consumers of the library will need to deal with the retry.

ElectNewt avatar Jan 31 '22 20:01 ElectNewt

Maybe it's a good place to implement Memoization (I've never do that).. Maybe something like this

public async Task<T> Get<T>(string path) 
    where T : new()
{
    VaultClient client = new VaultClient(new VaultClientSettings(_vaultSettings.VaultUrl,
        new TokenAuthMethodInfo(_vaultSettings.TokenApi)));

    var requestFn = async (string path) => await client.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: path, mountPoint: "secret");

    Secret<SecretData> kv2Secret = await requestFn.ThreadSafeMemoize()(path);
    
    var returnedData = kv2Secret.Data.Data;
    return returnedData.ToObject<T>();
}

public static Func<A, R> ThreadSafeMemoize<A, R>(this Func<A, R> func)
{
    return Memoizer.ThreadSafeMemoize(func);
}

public static Func<A, R> ThreadSafeMemoize<A, R>(Func<A, R> func)
{
    var cache = new ConcurrentDictionary<A, R>();
    return argument => cache.GetOrAdd(argument, func);
}

Of course, with this approach it's impossible to implement retries and in case of an error, the error will be in the cache and it will be the result while the application is running. I don't know, it's just a good place to practice Memoization xD

AlexScigalszky avatar Feb 01 '24 18:02 AlexScigalszky

@AlexScigalszky nah memoization is good when you have to query something and then query it again and again, etc and you konw it will never change. in this case the issue is different.

the idea on this task is to intercept somehow the failed queries by unauthorrized and do the getconnection call then retry with the new credentials, being completly transparent to the app.

A good place for memoization is in the MongoConnectionProvider :

the GetMongoUrl can be done with memoization https://github.com/ElectNewt/Distribt/blob/af815d5f15cd0815cf6cf595e2e51bcfdd9bc0a2/src/Shared/Shared.Databases/Distribt.Shared.Databases.MongoDb/MongoDbConnectionProvider.cs#L28 , at least until this task is implemented

ElectNewt avatar Feb 05 '24 13:02 ElectNewt