From ec13cc706f175acf7f4e41fbfc8d2e4478aba363 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Tue, 14 Jan 2025 11:26:58 +0545 Subject: [PATCH] fix: scope the env cache to the rest config --- context/context.go | 18 ++++++++++++++++++ context/envvar.go | 8 ++++---- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/context/context.go b/context/context.go index 543e8647..ffd61956 100644 --- a/context/context.go +++ b/context/context.go @@ -8,6 +8,7 @@ import ( "time" commons "github.com/flanksource/commons/context" + "github.com/flanksource/commons/hash" "github.com/flanksource/commons/logger" dutyGorm "github.com/flanksource/duty/gorm" dutyKubernetes "github.com/flanksource/duty/kubernetes" @@ -341,6 +342,23 @@ func (k Context) Pool() *pgxpool.Pool { } +// KubeAuthFingerprint generates a unique SHA-256 hash to identify the Kubernetes API server +// and client authentication details from the REST configuration. +func (k *Context) KubeAuthFingerprint() string { + rs := k.KubernetesRestConfig() + if rs == nil { + return "" + } + + return hash.Sha256Hex(fmt.Sprintf("%s/%s/%s/%s/%s/%s", + rs.Host, + rs.Username, + rs.Password, + rs.BearerToken, + rs.BearerTokenFile, + rs.TLSClientConfig.CertData)) +} + func (k *Context) Kubernetes() kubernetes.Interface { v, ok := k.Value("kubernetes").(kubernetes.Interface) if !ok || v == nil { diff --git a/context/envvar.go b/context/envvar.go index 22e6a026..c06b91a2 100644 --- a/context/envvar.go +++ b/context/envvar.go @@ -72,7 +72,7 @@ func GetEnvStringFromCache(ctx Context, env string, namespace string) (string, e } func GetHelmValueFromCache(ctx Context, namespace, releaseName, key string) (string, error) { - id := fmt.Sprintf("helm/%s/%s/%s", namespace, releaseName, key) + id := fmt.Sprintf("helm/%s/%s/%s/%s", ctx.KubeAuthFingerprint(), namespace, releaseName, key) if value, found := envCache.Get(id); found { return value.(string), nil } @@ -156,7 +156,7 @@ func GetHelmValueFromCache(ctx Context, namespace, releaseName, key string) (str } func GetSecretFromCache(ctx Context, namespace, name, key string) (string, error) { - id := fmt.Sprintf("secret/%s/%s/%s", namespace, name, key) + id := fmt.Sprintf("secret/%s/%s/%s/%s", ctx.KubeAuthFingerprint(), namespace, name, key) if value, found := envCache.Get(id); found { return value.(string), nil } @@ -180,7 +180,7 @@ func GetSecretFromCache(ctx Context, namespace, name, key string) (string, error } func GetConfigMapFromCache(ctx Context, namespace, name, key string) (string, error) { - id := fmt.Sprintf("cm/%s/%s/%s", namespace, name, key) + id := fmt.Sprintf("cm/%s/%s/%s/%s", ctx.KubeAuthFingerprint(), namespace, name, key) if value, found := envCache.Get(id); found { return value.(string), nil } @@ -202,7 +202,7 @@ func GetConfigMapFromCache(ctx Context, namespace, name, key string) (string, er } func GetServiceAccountTokenFromCache(ctx Context, namespace, serviceAccount string) (string, error) { - id := fmt.Sprintf("sa-token/%s/%s", namespace, serviceAccount) + id := fmt.Sprintf("sa-token/%s/%s/%s", ctx.KubeAuthFingerprint(), namespace, serviceAccount) if value, found := envCache.Get(id); found { return value.(string), nil }