updated encryption cache implementation (#2213)

api/server_suite_test.go

@@ -72,7 +72,7 @@ func getConfig() config.Configuration {
 		log.Fatal(err)
 	}
 	if km.IsSet() {
-		if _, err = km.GetCurrentKey(); err != nil {
+		if _, err = km.GetCurrentKeyFromCache(); err != nil {
 			log.Fatal(err)
 		}
 	}

cmd/hooks/hooks.go

@@ -879,13 +879,5 @@ func loadHCPVaultConfig(cmd *cobra.Command, vaultConfig *config.HCPVaultConfig)
 		vaultConfig.SecretName = secretName
 	}
 
-	cacheDuration, err := cmd.Flags().GetDuration("hcp-cache-duration")
-	if err != nil {
-		return err
-	}
-	if cacheDuration > 0 {
-		vaultConfig.CacheDuration = cacheDuration
-	}
-
 	return nil
 }

cmd/server/server.go

@@ -102,9 +102,9 @@ func startConvoyServer(a *cli.App) error {
 	start := time.Now()
 	a.Logger.Info("Starting Convoy control plane...")
 
-	km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser)
+	km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser, a.Cache)
 	if km.IsSet() {
-		if _, err = km.GetCurrentKey(); err != nil {
+		if _, err = km.GetCurrentKeyFromCache(); err != nil {
 			if !errors.Is(err, keys.ErrCredentialEncryptionFeatureUnavailable) {
 				return err
 			}

cmd/utils/init_encryption.go

@@ -51,7 +51,7 @@ func AddInitEncryptionCommand(a *cli.App) *cobra.Command {
 				return ErrCredentialEncryptionFeatureUnavailable
 			}
 
-			km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser)
+			km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser, a.Cache)
 			if !km.IsSet() {
 				return ErrMissingHCPVaultConfig
 			}

cmd/utils/revert_encryption.go

@@ -41,7 +41,7 @@ func AddRevertEncryptionCommand(a *cli.App) *cobra.Command {
 				return fflag2.ErrCredentialEncryptionNotEnabled
 			}
 
-			km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser)
+			km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser, a.Cache)
 			if !km.IsSet() {
 				return ErrMissingHCPVaultConfig
 			}

cmd/utils/rotate_key.go

@@ -46,7 +46,7 @@ func AddRotateKeyCommand(a *cli.App) *cobra.Command {
 				return ErrCredentialEncryptionFeatureUnavailable
 			}
 
-			km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser)
+			km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser, a.Cache)
 			if !km.IsSet() {
 				return ErrMissingHCPVaultConfig
 			}

cmd/worker/worker.go

@@ -137,9 +137,9 @@ func StartWorker(ctx context.Context, a *cli.App, cfg config.Configuration, inte
 	}
 	lo.SetLevel(lvl)
 
-	km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser)
+	km := keys.NewHCPVaultKeyManagerFromConfig(cfg.HCPVault, a.Licenser, a.Cache)
 	if km.IsSet() {
-		if _, err = km.GetCurrentKey(); err != nil {
+		if _, err = km.GetCurrentKeyFromCache(); err != nil {
 			if !errors.Is(err, keys.ErrCredentialEncryptionFeatureUnavailable) {
 				return err
 			}

config/config.go

@@ -425,13 +425,12 @@ type PyroscopeConfiguration struct {
 }
 
 type HCPVaultConfig struct {
-	ClientID      string        `json:"client_id" envconfig:"CONVOY_HCP_CLIENT_ID"`
-	ClientSecret  string        `json:"client_secret" envconfig:"CONVOY_HCP_CLIENT_SECRET"`
-	OrgID         string        `json:"org_id" envconfig:"CONVOY_HCP_ORG_ID"`
-	ProjectID     string        `json:"project_id" envconfig:"CONVOY_HCP_PROJECT_ID"`
-	AppName       string        `json:"app_name" envconfig:"CONVOY_HCP_APP_NAME"`
-	SecretName    string        `json:"secret_name" envconfig:"CONVOY_HCP_SECRET_NAME"`
-	CacheDuration time.Duration `json:"cache_duration" envconfig:"CONVOY_HCP_CACHE_DURATION"`
+	ClientID     string `json:"client_id" envconfig:"CONVOY_HCP_CLIENT_ID"`
+	ClientSecret string `json:"client_secret" envconfig:"CONVOY_HCP_CLIENT_SECRET"`
+	OrgID        string `json:"org_id" envconfig:"CONVOY_HCP_ORG_ID"`
+	ProjectID    string `json:"project_id" envconfig:"CONVOY_HCP_PROJECT_ID"`
+	AppName      string `json:"app_name" envconfig:"CONVOY_HCP_APP_NAME"`
+	SecretName   string `json:"secret_name" envconfig:"CONVOY_HCP_SECRET_NAME"`
 }
 
 // Get fetches the application configuration. LoadConfig must have been called

database/postgres/endpoint.go

@@ -263,7 +263,7 @@ func checkEncryptionStatus(db database.Database) (bool, error) {
 
 func (e *endpointRepo) CreateEndpoint(ctx context.Context, endpoint *datastore.Endpoint, projectID string) error {
 	ac := endpoint.GetAuthConfig()
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}
@@ -312,7 +312,7 @@ func (e *endpointRepo) CreateEndpoint(ctx context.Context, endpoint *datastore.E
 
 func (e *endpointRepo) FindEndpointByID(ctx context.Context, id, projectID string) (*datastore.Endpoint, error) {
 	endpoint := &datastore.Endpoint{}
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -332,7 +332,7 @@ func (e *endpointRepo) FindEndpointByID(ctx context.Context, id, projectID strin
 }
 
 func (e *endpointRepo) FindEndpointsByID(ctx context.Context, ids []string, projectID string) ([]datastore.Endpoint, error) {
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -355,7 +355,7 @@ func (e *endpointRepo) FindEndpointsByID(ctx context.Context, ids []string, proj
 }
 
 func (e *endpointRepo) FindEndpointsByAppID(ctx context.Context, appID, projectID string) ([]datastore.Endpoint, error) {
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -372,7 +372,7 @@ func (e *endpointRepo) FindEndpointsByAppID(ctx context.Context, appID, projectI
 }
 
 func (e *endpointRepo) FindEndpointsByOwnerID(ctx context.Context, projectID string, ownerID string) ([]datastore.Endpoint, error) {
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -391,7 +391,7 @@ func (e *endpointRepo) FindEndpointsByOwnerID(ctx context.Context, projectID str
 func (e *endpointRepo) UpdateEndpoint(ctx context.Context, endpoint *datastore.Endpoint, projectID string) error {
 	ac := endpoint.GetAuthConfig()
 
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}
@@ -424,7 +424,7 @@ func (e *endpointRepo) UpdateEndpoint(ctx context.Context, endpoint *datastore.E
 
 func (e *endpointRepo) UpdateEndpointStatus(ctx context.Context, projectID string, endpointID string, status datastore.EndpointStatus) error {
 	endpoint := datastore.Endpoint{}
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}
@@ -484,7 +484,7 @@ func (e *endpointRepo) CountProjectEndpoints(ctx context.Context, projectID stri
 
 func (e *endpointRepo) FindEndpointByTargetURL(ctx context.Context, projectID string, targetURL string) (*datastore.Endpoint, error) {
 	endpoint := &datastore.Endpoint{}
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -509,7 +509,7 @@ func (e *endpointRepo) LoadEndpointsPaged(ctx context.Context, projectId string,
 		q = fmt.Sprintf("%%%s%%", q)
 	}
 
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, datastore.PaginationData{}, err
 	}
@@ -621,7 +621,7 @@ func (e *endpointRepo) isEncryptionError(err error) (bool, error) {
 
 func (e *endpointRepo) UpdateSecrets(ctx context.Context, endpointID string, projectID string, secrets datastore.Secrets) error {
 	endpoint := datastore.Endpoint{}
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}
@@ -642,7 +642,7 @@ func (e *endpointRepo) DeleteSecret(ctx context.Context, endpoint *datastore.End
 	sc.DeletedAt = null.NewTime(time.Now(), true)
 
 	updatedEndpoint := datastore.Endpoint{}
-	key, err := e.km.GetCurrentKey()
+	key, err := e.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}

database/postgres/portal_link.go

@@ -446,7 +446,7 @@ func (p *portalLinkRepo) upsertPortalLinkEndpoint(ctx context.Context, tx *sqlx.
 			ids = append(ids, &PortalLinkEndpoint{PortalLinkID: portal.UID, EndpointID: endpointID})
 		}
 	} else if !util.IsStringEmpty(portal.OwnerID) {
-		key, err := p.km.GetCurrentKey()
+		key, err := p.km.GetCurrentKeyFromCache()
 		if err != nil {
 			return err
 		}

database/postgres/postgres_test.go

@@ -50,7 +50,7 @@ func getConfig() config.Configuration {
 		log.Fatal(err)
 	}
 	if km.IsSet() {
-		if _, err = km.GetCurrentKey(); err != nil {
+		if _, err = km.GetCurrentKeyFromCache(); err != nil {
 			log.Fatal(err)
 		}
 	}

database/postgres/subscription.go

@@ -53,7 +53,7 @@ const (
 	rate_limit_config_duration=$16,
 	function=$17,
 	filter_config_filter_raw_headers=$18,
-	filter_config_filter_raw_body=$19,	
+	filter_config_filter_raw_body=$19,
     updated_at=now()
     WHERE id = $1 AND project_id = $2
 	AND deleted_at IS NULL;
@@ -76,13 +76,13 @@ const (
 	s.retry_config_duration AS "retry_config.duration",
 	s.retry_config_retry_count AS "retry_config.retry_count",
 	s.filter_config_event_types AS "filter_config.event_types",
-	
+
 	s.filter_config_filter_raw_headers AS "filter_config.filter.raw_headers",
 	s.filter_config_filter_raw_body AS "filter_config.filter.raw_body",
 	s.filter_config_filter_is_flattened AS "filter_config.filter.is_flattened",
 	s.filter_config_filter_headers AS "filter_config.filter.headers",
 	s.filter_config_filter_body AS "filter_config.filter.body",
-	
+
 	s.rate_limit_config_count AS "rate_limit_config.count",
 	s.rate_limit_config_duration AS "rate_limit_config.duration",
 
@@ -463,7 +463,7 @@ func (s *subscriptionRepo) CreateSubscription(ctx context.Context, projectID str
 	if projectID != subscription.ProjectID {
 		return datastore.ErrNotAuthorisedToAccessDocument
 	}
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}
@@ -574,7 +574,7 @@ func (s *subscriptionRepo) UpdateSubscription(ctx context.Context, projectID str
 	fc := subscription.GetFilterConfig()
 	rlc := subscription.GetRateLimitConfig()
 
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return err
 	}
@@ -693,7 +693,7 @@ func (s *subscriptionRepo) LoadSubscriptionsPaged(ctx context.Context, projectID
 		filterQuery += ` AND s.name LIKE :name`
 	}
 
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, datastore.PaginationData{}, err
 	}
@@ -796,7 +796,7 @@ func (s *subscriptionRepo) DeleteSubscription(ctx context.Context, projectID str
 
 func (s *subscriptionRepo) FindSubscriptionByID(ctx context.Context, projectID string, subscriptionID string) (*datastore.Subscription, error) {
 	subscription := &datastore.Subscription{}
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -814,7 +814,7 @@ func (s *subscriptionRepo) FindSubscriptionByID(ctx context.Context, projectID s
 }
 
 func (s *subscriptionRepo) FindSubscriptionsBySourceID(ctx context.Context, projectID string, sourceID string) ([]datastore.Subscription, error) {
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -831,7 +831,7 @@ func (s *subscriptionRepo) FindSubscriptionsBySourceID(ctx context.Context, proj
 }
 
 func (s *subscriptionRepo) FindSubscriptionsByEndpointID(ctx context.Context, projectId string, endpointID string) ([]datastore.Subscription, error) {
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}
@@ -864,7 +864,7 @@ func (s *subscriptionRepo) FindSubscriptionByDeviceID(ctx context.Context, proje
 }
 
 func (s *subscriptionRepo) FindCLISubscriptions(ctx context.Context, projectID string) ([]datastore.Subscription, error) {
-	key, err := s.km.GetCurrentKey()
+	key, err := s.km.GetCurrentKeyFromCache()
 	if err != nil {
 		return nil, err
 	}