fix(secrets): Use async Vault client to properly load TLS CA and fix cache expiration bug
Some checks failed
BotServer CI/CD / build (push) Has been cancelled
Some checks failed
BotServer CI/CD / build (push) Has been cancelled
This commit is contained in:
parent
3502c61faf
commit
24e0b23030
1 changed files with 32 additions and 14 deletions
|
|
@ -877,19 +877,37 @@ impl SecretsManager {
|
||||||
|
|
||||||
let paths = vec![bot_path, default_path, SecretPaths::EMAIL.to_string()];
|
let paths = vec![bot_path, default_path, SecretPaths::EMAIL.to_string()];
|
||||||
|
|
||||||
for path in paths {
|
let self_owned = self.clone();
|
||||||
if let Ok(secrets) = self.get_secret_blocking(&path) {
|
let (tx, rx) = std::sync::mpsc::channel();
|
||||||
if !secrets.is_empty() && secrets.contains_key("smtp_from") {
|
std::thread::spawn(move || {
|
||||||
return (
|
let rt = tokio::runtime::Builder::new_current_thread().enable_all().build();
|
||||||
secrets.get("smtp_host").cloned().unwrap_or_default(),
|
let result = if let Ok(rt) = rt {
|
||||||
secrets.get("smtp_port").and_then(|p| p.parse().ok()).unwrap_or(587),
|
rt.block_on(async move {
|
||||||
secrets.get("smtp_user").cloned().unwrap_or_default(),
|
for path in paths {
|
||||||
secrets.get("smtp_password").cloned().unwrap_or_default(),
|
if let Ok(secrets) = self_owned.get_secret(&path).await {
|
||||||
secrets.get("smtp_from").cloned().unwrap_or_default(),
|
if !secrets.is_empty() && secrets.contains_key("smtp_from") {
|
||||||
);
|
return Some((
|
||||||
}
|
secrets.get("smtp_host").cloned().unwrap_or_default(),
|
||||||
}
|
secrets.get("smtp_port").and_then(|p| p.parse().ok()).unwrap_or(587),
|
||||||
|
secrets.get("smtp_user").cloned().unwrap_or_default(),
|
||||||
|
secrets.get("smtp_password").cloned().unwrap_or_default(),
|
||||||
|
secrets.get("smtp_from").cloned().unwrap_or_default(),
|
||||||
|
));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
None
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
};
|
||||||
|
let _ = tx.send(result);
|
||||||
|
});
|
||||||
|
|
||||||
|
if let Ok(Some(config)) = rx.recv() {
|
||||||
|
return config;
|
||||||
}
|
}
|
||||||
|
|
||||||
(String::new(), 587, String::new(), String::new(), String::new())
|
(String::new(), 587, String::new(), String::new(), String::new())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -935,7 +953,7 @@ impl SecretsManager {
|
||||||
fn get_cached_sync(&self, path: &str) -> Option<HashMap<String, String>> {
|
fn get_cached_sync(&self, path: &str) -> Option<HashMap<String, String>> {
|
||||||
let cache = self.cache.read().ok()?;
|
let cache = self.cache.read().ok()?;
|
||||||
let entry = cache.get(path)?;
|
let entry = cache.get(path)?;
|
||||||
if entry.expires_at.elapsed() < std::time::Duration::from_secs(self.cache_ttl) {
|
if entry.expires_at > std::time::Instant::now() {
|
||||||
Some(entry.data.clone())
|
Some(entry.data.clone())
|
||||||
} else {
|
} else {
|
||||||
None
|
None
|
||||||
|
|
@ -947,7 +965,7 @@ impl SecretsManager {
|
||||||
if let Ok(mut cache) = self.cache.write() {
|
if let Ok(mut cache) = self.cache.write() {
|
||||||
cache.insert(path.to_string(), CachedSecret {
|
cache.insert(path.to_string(), CachedSecret {
|
||||||
data,
|
data,
|
||||||
expires_at: std::time::Instant::now(),
|
expires_at: std::time::Instant::now() + std::time::Duration::from_secs(self.cache_ttl),
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue