perf: make fetch_secrets use cache for performance (apache#11201)

yatwql · Apr 26, 2024 · 64b81c4 · 64b81c4
1 parent 77258c4
commit 64b81c4
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 4 deletions.
diff --git a/apisix/consumer.lua b/apisix/consumer.lua
@@ -104,7 +104,8 @@ local function create_consume_cache(consumers_conf, key_attr)
     for _, consumer in ipairs(consumers_conf.nodes) do
         core.log.info("consumer node: ", core.json.delay_encode(consumer))
         local new_consumer = core.table.clone(consumer)
-        new_consumer.auth_conf = secret.fetch_secrets(new_consumer.auth_conf)
+        new_consumer.auth_conf = secret.fetch_secrets(new_consumer.auth_conf, true,
+                                                        new_consumer.auth_conf, "")
         consumer_names[new_consumer.auth_conf[key_attr]] = new_consumer
     end
 

diff --git a/apisix/plugins/authz-keycloak.lua b/apisix/plugins/authz-keycloak.lua
@@ -759,7 +759,7 @@ end
 
 function _M.access(conf, ctx)
     -- resolve secrets
-    conf = fetch_secrets(conf)
+    conf = fetch_secrets(conf, true, conf, "")
     local headers = core.request.headers(ctx)
     local need_grant_token = conf.password_grant_token_generation_incoming_uri and
         ctx.var.request_uri == conf.password_grant_token_generation_incoming_uri and

diff --git a/apisix/plugins/limit-count.lua b/apisix/plugins/limit-count.lua
@@ -32,7 +32,7 @@ end
 
 
 function _M.access(conf, ctx)
-    conf = fetch_secrets(conf)
+    conf = fetch_secrets(conf, true, conf, "")
     return limit_count.rate_limit(conf, ctx, plugin_name, 1)
 end
 

diff --git a/apisix/ssl/router/radixtree_sni.lua b/apisix/ssl/router/radixtree_sni.lua
@@ -238,7 +238,8 @@ function _M.set(matched_ssl, sni)
     end
     ngx_ssl.clear_certs()
 
-    local new_ssl_value = secret.fetch_secrets(matched_ssl.value) or matched_ssl.value
+    local new_ssl_value = secret.fetch_secrets(matched_ssl.value, true, matched_ssl.value, "")
+                            or matched_ssl.value
 
     ok, err = _M.set_cert_and_key(sni, new_ssl_value)
     if not ok then