open-vault/physical/cache.go

package physical

import (
	"context"
	"strings"

	iradix "github.com/hashicorp/go-immutable-radix"
	"github.com/hashicorp/golang-lru"
	"github.com/hashicorp/vault/helper/locksutil"
	log "github.com/mgutz/logxi/v1"
)

const (
	// DefaultCacheSize is used if no cache size is specified for NewCache
	DefaultCacheSize = 32 * 1024
)

// Cache is used to wrap an underlying physical backend
// and provide an LRU cache layer on top. Most of the reads done by
// Vault are for policy objects so there is a large read reduction
// by using a simple write-through cache.
type Cache struct {
	backend    Backend
	lru        *lru.TwoQueueCache
	locks      []*locksutil.LockEntry
	exceptions *iradix.Tree
	logger     log.Logger
}

// TransactionalCache is a Cache that wraps the physical that is transactional
type TransactionalCache struct {
	*Cache
	Transactional
}

var _ Purgable = &Cache{}

// NewCache returns a physical cache of the given size.
// If no size is provided, the default size is used.
func NewCache(b Backend, size int, coreExceptions []string, logger log.Logger) *Cache {
	if logger.IsTrace() {
		logger.Trace("physical/cache: creating LRU cache", "size", size)
	}
	if size <= 0 {
		size = DefaultCacheSize
	}
	cacheExceptions := iradix.New()
	for _, key := range coreExceptions {
		cacheValue := true
		if strings.HasPrefix(key, "!") {
			key = strings.TrimPrefix(key, "!")
			cacheValue = false
		}
		cacheExceptions, _, _ = cacheExceptions.Insert([]byte(key), cacheValue)
	}

	cache, _ := lru.New2Q(size)
	c := &Cache{
		backend:    b,
		lru:        cache,
		locks:      locksutil.CreateLocks(),
		exceptions: cacheExceptions,
		logger:     logger,
	}
	return c
}

func NewTransactionalCache(b Backend, size int, coreExceptions []string, logger log.Logger) *TransactionalCache {
	c := &TransactionalCache{
		Cache:         NewCache(b, size, coreExceptions, logger),
		Transactional: b.(Transactional),
	}
	return c
}

// Purge is used to clear the cache
func (c *Cache) Purge(ctx context.Context) {
	// Lock the world
	for _, lock := range c.locks {
		lock.Lock()
		defer lock.Unlock()
	}

	c.lru.Purge()
}

func (c *Cache) Put(ctx context.Context, entry *Entry) error {
	lock := locksutil.LockForKey(c.locks, entry.Key)
	lock.Lock()
	defer lock.Unlock()

	err := c.backend.Put(ctx, entry)
	if err == nil && c.shouldCache(entry.Key) {
		c.lru.Add(entry.Key, entry)
	}
	return err
}

func (c *Cache) Get(ctx context.Context, key string) (*Entry, error) {
	lock := locksutil.LockForKey(c.locks, key)
	lock.RLock()
	defer lock.RUnlock()

	// We do NOT cache negative results for keys in the 'core/' prefix
	// otherwise we risk certain race conditions upstream. The primary issue is
	// with the HA mode, we could potentially negatively cache the leader entry
	// and cause leader discovery to fail.
	if !c.shouldCache(key) {
		return c.backend.Get(ctx, key)
	}

	// Check the LRU first
	if raw, ok := c.lru.Get(key); ok {
		if raw == nil {
			return nil, nil
		}
		return raw.(*Entry), nil
	}

	// Read from the underlying backend
	ent, err := c.backend.Get(ctx, key)
	if err != nil {
		return nil, err
	}

	// Cache the result
	if ent != nil {
		c.lru.Add(key, ent)
	}

	return ent, nil
}

func (c *Cache) Delete(ctx context.Context, key string) error {
	lock := locksutil.LockForKey(c.locks, key)
	lock.Lock()
	defer lock.Unlock()

	err := c.backend.Delete(ctx, key)
	if err == nil && c.shouldCache(key) {
		c.lru.Remove(key)
	}
	return err
}

func (c *Cache) List(ctx context.Context, prefix string) ([]string, error) {
	// Always pass-through as this would be difficult to cache. For the same
	// reason we don't lock as we can't reasonably know which locks to readlock
	// ahead of time.
	return c.backend.List(ctx, prefix)
}

func (c *TransactionalCache) Transaction(ctx context.Context, txns []*TxnEntry) error {
	// Collect keys that need to be locked
	var keys []string
	for _, curr := range txns {
		keys = append(keys, curr.Entry.Key)
	}
	// Lock the keys
	for _, l := range locksutil.LocksForKeys(c.locks, keys) {
		l.Lock()
		defer l.Unlock()
	}

	if err := c.Transactional.Transaction(ctx, txns); err != nil {
		return err
	}

	for _, txn := range txns {
		if c.shouldCache(txn.Entry.Key) {
			switch txn.Operation {
			case PutOperation:
				c.lru.Add(txn.Entry.Key, txn.Entry)
			case DeleteOperation:
				c.lru.Remove(txn.Entry.Key)
			}
		}
	}

	return nil
}

// shouldCache checks for any cache exceptions
func (c *Cache) shouldCache(key string) bool {
	// prefix match if nested under core/
	if strings.HasPrefix(key, "core/") {
		if prefix, val, found := c.exceptions.Root().LongestPrefix([]byte(key)); found {
			strPrefix := string(prefix)
			if strings.HasSuffix(strPrefix, "/") || strPrefix == key {
				return val.(bool)
			}
		}
		// default for core/ values is false
		return false
	}
	// default is true
	return true
}
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`package physical`

physical: fix negative cache issue for core keys 2015-04-15 20:48:49 +00:00			`import (`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`"context"`
physical: fix negative cache issue for core keys 2015-04-15 20:48:49 +00:00			`"strings"`

Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`iradix "github.com/hashicorp/go-immutable-radix"`
physical: fix negative cache issue for core keys 2015-04-15 20:48:49 +00:00			`"github.com/hashicorp/golang-lru"`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`"github.com/hashicorp/vault/helper/locksutil"`
Plumb through the ability to set the storage read cache size. (#1784) Plumb through the ability to set the storage read cache size. Fixes #1772 2016-08-26 14:27:06 +00:00			`log "github.com/mgutz/logxi/v1"`
physical: fix negative cache issue for core keys 2015-04-15 20:48:49 +00:00			`)`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00
			`const (`
physical: rename cache 2015-04-14 18:03:18 +00:00			`// DefaultCacheSize is used if no cache size is specified for NewCache`
Fix cache default size and docs 2016-11-01 14:24:35 +00:00			`DefaultCacheSize = 32 * 1024`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`)`

physical: rename cache 2015-04-14 18:03:18 +00:00			`// Cache is used to wrap an underlying physical backend`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`// and provide an LRU cache layer on top. Most of the reads done by`
			`// Vault are for policy objects so there is a large read reduction`
			`// by using a simple write-through cache.`
physical: rename cache 2015-04-14 18:03:18 +00:00			`type Cache struct {`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`backend Backend`
			`lru *lru.TwoQueueCache`
			`locks []*locksutil.LockEntry`
			`exceptions *iradix.Tree`
			`logger log.Logger`
splitting cache into transactional and non-transactional cache structs (#3132) 2017-08-09 00:47:14 +00:00			`}`

			`// TransactionalCache is a Cache that wraps the physical that is transactional`
			`type TransactionalCache struct {`
			`*Cache`
			`Transactional`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`}`

Update cache to satisfy Purge interface after context plumbing 2018-01-19 22:00:13 +00:00			`var _ Purgable = &Cache{}`

physical: rename cache 2015-04-14 18:03:18 +00:00			`// NewCache returns a physical cache of the given size.`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`// If no size is provided, the default size is used.`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`func NewCache(b Backend, size int, coreExceptions []string, logger log.Logger) *Cache {`
			`if logger.IsTrace() {`
			`logger.Trace("physical/cache: creating LRU cache", "size", size)`
			`}`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`if size <= 0 {`
			`size = DefaultCacheSize`
			`}`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`cacheExceptions := iradix.New()`
			`for _, key := range coreExceptions {`
			`cacheValue := true`
			`if strings.HasPrefix(key, "!") {`
			`key = strings.TrimPrefix(key, "!")`
			`cacheValue = false`
			`}`
			`cacheExceptions, _, _ = cacheExceptions.Insert([]byte(key), cacheValue)`
Plumb through the ability to set the storage read cache size. (#1784) Plumb through the ability to set the storage read cache size. Fixes #1772 2016-08-26 14:27:06 +00:00			`}`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00
Replace physical cache with TwoQueue instead of LRU. 2016-01-07 14:21:33 +00:00			`cache, _ := lru.New2Q(size)`
physical: rename cache 2015-04-14 18:03:18 +00:00			`c := &Cache{`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`backend: b,`
			`lru: cache,`
			`locks: locksutil.CreateLocks(),`
			`exceptions: cacheExceptions,`
			`logger: logger,`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`}`
splitting cache into transactional and non-transactional cache structs (#3132) 2017-08-09 00:47:14 +00:00			`return c`
			`}`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`func NewTransactionalCache(b Backend, size int, coreExceptions []string, logger log.Logger) *TransactionalCache {`
splitting cache into transactional and non-transactional cache structs (#3132) 2017-08-09 00:47:14 +00:00			`c := &TransactionalCache{`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`Cache: NewCache(b, size, coreExceptions, logger),`
splitting cache into transactional and non-transactional cache structs (#3132) 2017-08-09 00:47:14 +00:00			`Transactional: b.(Transactional),`
			`}`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`return c`
			`}`

			`// Purge is used to clear the cache`
Update cache to satisfy Purge interface after context plumbing 2018-01-19 22:00:13 +00:00			`func (c *Cache) Purge(ctx context.Context) {`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`// Lock the world`
Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 16:21:32 +00:00			`for _, lock := range c.locks {`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`lock.Lock()`
			`defer lock.Unlock()`
			`}`

physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`c.lru.Purge()`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (c Cache) Put(ctx context.Context, entry Entry) error {`
Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 16:21:32 +00:00			`lock := locksutil.LockForKey(c.locks, entry.Key)`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`lock.Lock()`
			`defer lock.Unlock()`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`err := c.backend.Put(ctx, entry)`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`if err == nil && c.shouldCache(entry.Key) {`
Don't cache physical responses when thre was an error (#2040) 2016-10-28 16:55:56 +00:00			`c.lru.Add(entry.Key, entry)`
			`}`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`return err`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (c Cache) Get(ctx context.Context, key string) (Entry, error) {`
Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 16:21:32 +00:00			`lock := locksutil.LockForKey(c.locks, key)`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`lock.RLock()`
			`defer lock.RUnlock()`

Make cache not actually cache values under core/ (#2439) 2017-03-03 21:04:31 +00:00			`// We do NOT cache negative results for keys in the 'core/' prefix`
			`// otherwise we risk certain race conditions upstream. The primary issue is`
			`// with the HA mode, we could potentially negatively cache the leader entry`
			`// and cause leader discovery to fail.`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`if !c.shouldCache(key) {`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`return c.backend.Get(ctx, key)`
Make cache not actually cache values under core/ (#2439) 2017-03-03 21:04:31 +00:00			`}`

physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`// Check the LRU first`
			`if raw, ok := c.lru.Get(key); ok {`
			`if raw == nil {`
			`return nil, nil`
			`}`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`return raw.(*Entry), nil`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`}`

			`// Read from the underlying backend`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`ent, err := c.backend.Get(ctx, key)`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`if err != nil {`
			`return nil, err`
			`}`

Make cache not actually cache values under core/ (#2439) 2017-03-03 21:04:31 +00:00			`// Cache the result`
			`if ent != nil {`
physical: fix negative cache issue for core keys 2015-04-15 20:48:49 +00:00			`c.lru.Add(key, ent)`
			`}`
Make cache not actually cache values under core/ (#2439) 2017-03-03 21:04:31 +00:00
			`return ent, nil`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (c *Cache) Delete(ctx context.Context, key string) error {`
Use locks in a slice rather than a map, which is faster and makes things cleaner (#2446) 2017-03-07 16:21:32 +00:00			`lock := locksutil.LockForKey(c.locks, key)`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`lock.Lock()`
			`defer lock.Unlock()`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`err := c.backend.Delete(ctx, key)`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`if err == nil && c.shouldCache(key) {`
Don't cache physical responses when thre was an error (#2040) 2016-10-28 16:55:56 +00:00			`c.lru.Remove(key)`
			`}`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`return err`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (c *Cache) List(ctx context.Context, prefix string) ([]string, error) {`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`// Always pass-through as this would be difficult to cache. For the same`
			`// reason we don't lock as we can't reasonably know which locks to readlock`
			`// ahead of time.`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`return c.backend.List(ctx, prefix)`
physical: Adding simple LRU write-through cache 2015-04-14 18:00:51 +00:00			`}`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (c TransactionalCache) Transaction(ctx context.Context, txns []TxnEntry) error {`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`// Collect keys that need to be locked`
			`var keys []string`
			`for _, curr := range txns {`
			`keys = append(keys, curr.Entry.Key)`
			`}`
			`// Lock the keys`
			`for _, l := range locksutil.LocksForKeys(c.locks, keys) {`
			`l.Lock()`
			`defer l.Unlock()`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`if err := c.Transactional.Transaction(ctx, txns); err != nil {`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`return err`
			`}`

			`for _, txn := range txns {`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00			`if c.shouldCache(txn.Entry.Key) {`
			`switch txn.Operation {`
			`case PutOperation:`
			`c.lru.Add(txn.Entry.Key, txn.Entry)`
			`case DeleteOperation:`
			`c.lru.Remove(txn.Entry.Key)`
			`}`
Final rep porting (#2392) 2017-02-17 14:15:35 +00:00			`}`
			`}`

			`return nil`
			`}`
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 17:25:17 +00:00
			`// shouldCache checks for any cache exceptions`
			`func (c *Cache) shouldCache(key string) bool {`
			`// prefix match if nested under core/`
			`if strings.HasPrefix(key, "core/") {`
			`if prefix, val, found := c.exceptions.Root().LongestPrefix([]byte(key)); found {`
			`strPrefix := string(prefix)`
			`if strings.HasSuffix(strPrefix, "/") \|\| strPrefix == key {`
			`return val.(bool)`
			`}`
			`}`
			`// default for core/ values is false`
			`return false`
			`}`
			`// default is true`
			`return true`
			`}`