hash cache keys

maciaszczykm · maciaszczykm · commit aeb87c41f33e · 2024-10-15T15:19:35.000+02:00
diff --git a/modules/common/client/cache/cache.go b/modules/common/client/cache/cache.go
@@ -1,7 +1,6 @@
 package cache
 
 import (
-	"fmt"
 	"sync"
 	"time"
 
@@ -13,9 +12,8 @@ import (
 )
 
 var (
-	cache        *theine.Cache[string, any]
-	contextCache *theine.Cache[string, string]
-	cacheLocks   sync.Map
+	cache      *theine.Cache[string, any]
+	cacheLocks sync.Map
 )
 
 func init() {
@@ -25,30 +23,10 @@ func init() {
 	}
 }
 
-func getCacheKey(token, key string) (string, error) {
-	if !args.ClusterContextEnabled() {
-		return key, nil
-	}
-
-	contextKey, exists := contextCache.Get(token)
-	if exists {
-		klog.V(4).InfoS("context key found in cache", "key", contextKey)
-		return fmt.Sprintf("%s:%s", contextKey, key), nil
-	}
-
-	contextKey, err := exchangeToken(token)
-	if err != nil {
-		return "", err
-	}
-
-	contextCache.SetWithTTL(token, contextKey, 1, args.CacheTTL())
-	return fmt.Sprintf("%s:%s", contextKey, key), nil
-}
-
-func Get[T any](token, key string) (T, bool, error) {
+func Get[T any](key Key) (T, bool, error) {
 	typedValue := lo.Empty[T]()
 
-	cacheKey, err := getCacheKey(token, key)
+	cacheKey, err := key.SHA()
 	if err != nil {
 		return typedValue, false, err
 	}
@@ -61,18 +39,19 @@ func Get[T any](token, key string) (T, bool, error) {
 	return typedValue, exists, nil
 }
 
-func Set[T any](token, key string, value T) error {
-	cacheKey, err := getCacheKey(token, key)
+func Set[T any](key Key, value T) error {
+	cacheKey, err := key.SHA()
 	if err != nil {
 		return err
 	}
+
 	_ = cache.SetWithTTL(cacheKey, value, 1, args.CacheTTL())
 	return nil
 }
 
-func DeferredLoad[T any](token, key string, loadFunc func() (T, error)) {
+func DeferredLoad[T any](key Key, loadFunc func() (T, error)) {
 	go func() {
-		cacheKey, err := getCacheKey(token, key)
+		cacheKey, err := key.SHA()
 		if err != nil {
 			klog.ErrorS(err, "failed loading cache key", "key", cacheKey)
 			return
diff --git a/modules/common/client/cache/client/core/pods.go b/modules/common/client/cache/client/core/pods.go
@@ -25,7 +25,9 @@ type pods struct {
 }
 
 func (in *pods) List(ctx context.Context, opts metav1.ListOptions) (*corev1.PodList, error) {
-	cachedList, found, err := cache.Get[*corev1.PodList](in.token, in.cacheKey())
+	cacheKey := in.cacheKey(opts)
+
+	cachedList, found, err := cache.Get[*corev1.PodList](cacheKey)
 	if err != nil {
 		return nil, err
 	}
@@ -36,8 +38,8 @@ func (in *pods) List(ctx context.Context, opts metav1.ListOptions) (*corev1.PodL
 			return list, err
 		}
 
-		klog.V(3).InfoS("pods not found in cache, initializing", "cache-key", in.cacheKey())
-		return list, cache.Set[*corev1.PodList](in.token, in.cacheKey(), list)
+		klog.V(3).InfoS("pods not found in cache, initializing", "cache-key", cacheKey)
+		return list, cache.Set[*corev1.PodList](cacheKey, list)
 	}
 
 	review, err := in.authorizationV1.SelfSubjectAccessReviews().Create(ctx, in.selfSubjectAccessReview(), metav1.CreateOptions{})
@@ -46,8 +48,8 @@ func (in *pods) List(ctx context.Context, opts metav1.ListOptions) (*corev1.PodL
 	}
 
 	if review.Status.Allowed {
-		klog.V(3).InfoS("pods found in cache, updating in background", "cache-key", in.cacheKey())
-		cache.DeferredLoad[*corev1.PodList](in.token, in.cacheKey(), func() (*corev1.PodList, error) {
+		klog.V(3).InfoS("pods found in cache, updating in background", "cache-key", cacheKey)
+		cache.DeferredLoad[*corev1.PodList](cacheKey, func() (*corev1.PodList, error) {
 			return in.PodInterface.List(ctx, opts)
 		})
 		return cachedList, nil
@@ -71,12 +73,8 @@ func (in *pods) selfSubjectAccessReview() *authorizationapiv1.SelfSubjectAccessR
 	}
 }
 
-func (in *pods) cacheKey() string {
-	if len(in.namespace) == 0 {
-		return types.ResourceKindPod
-	}
-
-	return fmt.Sprintf("%s/%s", in.namespace, types.ResourceKindPod)
+func (in *pods) cacheKey(opts metav1.ListOptions) cache.Key {
+	return cache.NewKey(types.ResourceKindPod, in.namespace, in.token, opts)
 }
 
 func newPods(c *Client, namespace, token string) v1.PodInterface {
diff --git a/modules/common/client/cache/httpclient.go b/modules/common/client/cache/httpclient.go
diff --git a/modules/common/client/cache/key.go b/modules/common/client/cache/key.go
@@ -0,0 +1,91 @@
+package cache
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/Yiling-J/theine-go"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/dashboard/client/args"
+	"k8s.io/dashboard/helpers"
+	"k8s.io/dashboard/types"
+	"k8s.io/klog/v2"
+)
+
+var contextCache *theine.Cache[string, string]
+
+type key struct {
+	Kind      types.ResourceKind
+	Namespace string
+	Opts      metav1.ListOptions
+}
+
+func (k key) SHA() (string, error) {
+	k.Opts = metav1.ListOptions{LabelSelector: k.Opts.LabelSelector, FieldSelector: k.Opts.FieldSelector}
+	return helpers.HashObject(k)
+}
+
+type Key struct {
+	key
+	Token   string
+	context string
+}
+
+func (k Key) SHA() (sha string, err error) {
+	if !args.ClusterContextEnabled() {
+		return k.key.SHA()
+	}
+
+	contextKey, exists := contextCache.Get(k.Token)
+	if !exists {
+		contextKey, err = exchangeToken(k.Token)
+		if err != nil {
+			return "", err
+		}
+
+		contextCache.SetWithTTL(k.Token, contextKey, 1, args.CacheTTL())
+	}
+
+	k.Opts = metav1.ListOptions{LabelSelector: k.Opts.LabelSelector, FieldSelector: k.Opts.FieldSelector}
+	k.Token = ""
+	k.context = contextKey
+	return helpers.HashObject(k)
+}
+
+func NewKey(kind types.ResourceKind, namespace, token string, opts metav1.ListOptions) Key {
+	return Key{
+		key:   key{Kind: kind, Namespace: namespace, Opts: opts},
+		Token: token,
+	}
+}
+
+type tokenExchangeTransport struct {
+	token     string
+	transport http.RoundTripper
+}
+
+func (in *tokenExchangeTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	req.Header.Set("Authorization", "Bearer "+in.token)
+	return in.transport.RoundTrip(req)
+}
+
+func exchangeToken(token string) (string, error) {
+	client := &http.Client{Transport: &tokenExchangeTransport{
+		token:     token,
+		transport: http.DefaultTransport,
+	}}
+
+	response, err := client.Get(args.TokenExchangeEndpoint())
+	if err != nil {
+		return "", err
+	}
+
+	defer response.Body.Close()
+	contextKey, err := io.ReadAll(response.Body)
+	if err != nil {
+		return "", err
+	}
+
+	klog.V(3).InfoS("token exchange successful", "context", contextKey)
+	return string(contextKey), nil
+}
diff --git a/modules/common/helpers/common.go b/modules/common/helpers/common.go
@@ -16,7 +16,10 @@ package helpers
 
 import (
 	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base32"
 	"encoding/base64"
+	"encoding/json"
 	"os"
 	"strings"
 )
@@ -56,3 +59,12 @@ func Random64BaseEncodedBytes(size int) string {
 	bytes := RandomBytes(size)
 	return base64.StdEncoding.EncodeToString(bytes)
 }
+
+func HashObject(any interface{}) (string, error) {
+	out, err := json.Marshal(any)
+	if err != nil {
+		return "", err
+	}
+	sha := sha256.Sum256(out)
+	return base32.StdEncoding.EncodeToString(sha[:]), nil
+}

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,9 @@ type pods struct {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`func (in pods) List(ctx context.Context, opts metav1.ListOptions) (corev1.PodList, error) {`
`28`		`- cachedList, found, err := cache.Get[*corev1.PodList](in.token, in.cacheKey())`
	`28`	`+ cacheKey := in.cacheKey(opts)`
	`29`	`+`
	`30`	`+ cachedList, found, err := cache.Get[*corev1.PodList](cacheKey)`
`29`	`31`	`if err != nil {`
`30`	`32`	`return nil, err`
`31`	`33`	`}`
`@@ -36,8 +38,8 @@ func (in pods) List(ctx context.Context, opts metav1.ListOptions) (corev1.PodL`
`36`	`38`	`return list, err`
`37`	`39`	`}`
`38`	`40`
`39`		`- klog.V(3).InfoS("pods not found in cache, initializing", "cache-key", in.cacheKey())`
`40`		`- return list, cache.Set[*corev1.PodList](in.token, in.cacheKey(), list)`
	`41`	`+ klog.V(3).InfoS("pods not found in cache, initializing", "cache-key", cacheKey)`
	`42`	`+ return list, cache.Set[*corev1.PodList](cacheKey, list)`
`41`	`43`	`}`
`42`	`44`
`43`	`45`	`review, err := in.authorizationV1.SelfSubjectAccessReviews().Create(ctx, in.selfSubjectAccessReview(), metav1.CreateOptions{})`
`@@ -46,8 +48,8 @@ func (in pods) List(ctx context.Context, opts metav1.ListOptions) (corev1.PodL`
`46`	`48`	`}`
`47`	`49`
`48`	`50`	`if review.Status.Allowed {`
`49`		`- klog.V(3).InfoS("pods found in cache, updating in background", "cache-key", in.cacheKey())`
`50`		`- cache.DeferredLoad[corev1.PodList](in.token, in.cacheKey(), func() (corev1.PodList, error) {`
	`51`	`+ klog.V(3).InfoS("pods found in cache, updating in background", "cache-key", cacheKey)`
	`52`	`+ cache.DeferredLoad[corev1.PodList](cacheKey, func() (corev1.PodList, error) {`
`51`	`53`	`return in.PodInterface.List(ctx, opts)`
`52`	`54`	`})`
`53`	`55`	`return cachedList, nil`
`@@ -71,12 +73,8 @@ func (in pods) selfSubjectAccessReview() authorizationapiv1.SelfSubjectAccessR`
`71`	`73`	`}`
`72`	`74`	`}`
`73`	`75`
`74`		`-func (in *pods) cacheKey() string {`
`75`		`- if len(in.namespace) == 0 {`
`76`		`- return types.ResourceKindPod`
`77`		`- }`
`78`		`-`
`79`		`- return fmt.Sprintf("%s/%s", in.namespace, types.ResourceKindPod)`
	`76`	`+func (in *pods) cacheKey(opts metav1.ListOptions) cache.Key {`
	`77`	`+ return cache.NewKey(types.ResourceKindPod, in.namespace, in.token, opts)`
`80`	`78`	`}`
`81`	`79`
`82`	`80`	`func newPods(c *Client, namespace, token string) v1.PodInterface {`