From c93acb335f7967fbdd5d71cd6f9bfa07c4c84285 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Wed, 20 Sep 2023 16:25:28 -0700 Subject: [PATCH] [runx+envsec] Use same cache location as auth pkg (#154) ## Summary Use consistent cache locations everywhere. Fix envsec aws credentials cache bug where cache key did not take into account changing organizations. ## How was it tested? --- internal/awsfed/awsfed.go | 20 ++++++++++++--- internal/filecache/filecache.go | 17 +++++++------ internal/xdg/xdg.go | 44 --------------------------------- 3 files changed, 25 insertions(+), 56 deletions(-) delete mode 100644 internal/xdg/xdg.go diff --git a/internal/awsfed/awsfed.go b/internal/awsfed/awsfed.go index 5e530f0..b42e85d 100644 --- a/internal/awsfed/awsfed.go +++ b/internal/awsfed/awsfed.go @@ -2,6 +2,7 @@ package awsfed import ( "context" + "crypto/sha256" "encoding/json" "fmt" @@ -12,7 +13,7 @@ import ( "go.jetpack.io/pkg/sandbox/auth/session" ) -const cacheKey = "awsfed" +const cacheKeyPrefix = "awsfed" type AWSFed struct { AccountID string @@ -39,8 +40,8 @@ func (a *AWSFed) AWSCreds( ctx context.Context, tok *session.Token, ) (*types.Credentials, error) { - cache := filecache.New("envsec") - if cachedCreds, err := cache.Get(cacheKey); err == nil { + cache := filecache.New("jetpack.io/envsec") + if cachedCreds, err := cache.Get(cacheKey(tok)); err == nil { var creds types.Credentials if err := json.Unmarshal(cachedCreds, &creds); err == nil { return &creds, nil @@ -86,7 +87,7 @@ func (a *AWSFed) AWSCreds( if creds, err := json.Marshal(output.Credentials); err != nil { return nil, err } else if err := cache.SetT( - cacheKey, + cacheKey(tok), creds, *output.Credentials.Expiration, ); err != nil { @@ -95,3 +96,14 @@ func (a *AWSFed) AWSCreds( return output.Credentials, nil } + +func cacheKey(t *session.Token) string { + id := "" + if claims := t.IDClaims(); claims != nil && claims.OrgID != "" { + id = claims.OrgID + } else { + id = fmt.Sprintf("%x", sha256.Sum256([]byte(t.IDToken))) + } + + return fmt.Sprintf("%s-%s", cacheKeyPrefix, id) +} diff --git a/internal/filecache/filecache.go b/internal/filecache/filecache.go index d0646b5..d0e75fe 100644 --- a/internal/filecache/filecache.go +++ b/internal/filecache/filecache.go @@ -8,20 +8,17 @@ import ( "time" "github.com/pkg/errors" - "go.jetpack.io/envsec/internal/xdg" ) var NotFound = errors.New("not found") var Expired = errors.New("expired") -const prefix = "filecache-" - type cache struct { - appName string + domain string } -func New(appName string) *cache { - return &cache{appName: appName} +func New(domain string) *cache { + return &cache{domain: domain} } type data struct { @@ -68,7 +65,11 @@ func (c *cache) Get(key string) ([]byte, error) { } func (c *cache) filename(key string) string { - dir := xdg.CacheSubpath(c.appName) + cacheDir, err := os.UserCacheDir() + if err != nil { + cacheDir = "~/.cache" + } + dir := filepath.Join(cacheDir, c.domain) _ = os.MkdirAll(dir, 0755) - return xdg.CacheSubpath(filepath.Join(c.appName, prefix+key)) + return filepath.Join(dir, key) } diff --git a/internal/xdg/xdg.go b/internal/xdg/xdg.go deleted file mode 100644 index 7f543bd..0000000 --- a/internal/xdg/xdg.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2023 Jetpack Technologies Inc and contributors. All rights reserved. -// Use of this source code is governed by the license in the LICENSE file. - -package xdg - -import ( - "os" - "path/filepath" -) - -func DataSubpath(subpath string) string { - return filepath.Join(dataDir(), subpath) -} - -func ConfigSubpath(subpath string) string { - return filepath.Join(configDir(), subpath) -} - -func CacheSubpath(subpath string) string { - return filepath.Join(cacheDir(), subpath) -} - -func StateSubpath(subpath string) string { - return filepath.Join(stateDir(), subpath) -} - -func dataDir() string { return resolveDir("XDG_DATA_HOME", ".local/share") } -func configDir() string { return resolveDir("XDG_CONFIG_HOME", ".config") } -func cacheDir() string { return resolveDir("XDG_CACHE_HOME", ".cache") } -func stateDir() string { return resolveDir("XDG_STATE_HOME", ".local/state") } - -func resolveDir(envvar string, defaultPath string) string { - dir := os.Getenv(envvar) - if dir != "" { - return dir - } - - home, err := os.UserHomeDir() - if err != nil { - home = "~" - } - - return filepath.Join(home, defaultPath) -}