[backport -> release/3.8.x] fix(vault): let shdict secret vault cache presist enough time during resurrect_ttl #13673
Commits on Sep 14, 2024
-
fix(vault): let shdict secret vault cache presist enough time during …
…resurrect_ttl (#13471) This PR fixes an issue that rotate_secret may flush a secret value with NEGATIVE_CACHED_VALUE when vault backend is down and a secret value stored in the shared dict has passed its ttl and hasn't finished consuming its resurrect_ttl. TLDR; this issue happens easily when a reference is being used via the vault PDK function in custom codes(serverless functions, custom plugins, etc.), and some of the worker processes may not be triggered via the service/routes that use these custom codes, and these worker processes do not hold a valid LRU cache for the secret value The issue was first reported in FTI-6137. --------- Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com> Co-authored-by: Aapo Talvensaari <aapo.talvensaari@gmail.com> (cherry picked from commit 9269195)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.