Cache whether we've been initialized to reduce load on storage (#7549)

hashicorp · Oct 8, 2019 · 973cfcf · 973cfcf
1 parent 3ce40c1
commit 973cfcf
Show file tree

Hide file tree

Showing 8 changed files with 92 additions and 34 deletions.
diff --git a/go.mod b/go.mod
@@ -122,6 +122,7 @@ require (
 	github.com/stretchr/testify v1.3.0
 	go.etcd.io/bbolt v1.3.2
 	go.etcd.io/etcd v0.0.0-20190412021913-f29b1ada1971
+	go.uber.org/atomic v1.4.0
 	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
 	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 	golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a

diff --git a/go.sum b/go.sum
@@ -616,6 +616,8 @@ go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.9.1 h1:XCJQEf3W6eZaVwhRBof6ImoYGJSITeKWsyeh3HFu/5o=

diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go
@@ -13,12 +13,13 @@ import (
 	"sync"
 	"time"
 
-	metrics "github.com/armon/go-metrics"
+	"github.com/armon/go-metrics"
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/physical"
+	"go.uber.org/atomic"
 )
 
 const (
@@ -69,6 +70,8 @@ type AESGCMBarrier struct {
 	// future versioning of barrier implementations. It's var instead
 	// of const to allow for testing
 	currentAESGCMVersionByte byte
+
+	initialized atomic.Bool
 }
 
 // NewAESGCMBarrier is used to construct a new barrier that uses
@@ -86,12 +89,17 @@ func NewAESGCMBarrier(physical physical.Backend) (*AESGCMBarrier, error) {
 // Initialized checks if the barrier has been initialized
 // and has a master key set.
 func (b *AESGCMBarrier) Initialized(ctx context.Context) (bool, error) {
+	if b.initialized.Load() {
+		return true, nil
+	}
+
 	// Read the keyring file
 	keys, err := b.backend.List(ctx, keyringPrefix)
 	if err != nil {
 		return false, errwrap.Wrapf("failed to check for initialization: {{err}}", err)
 	}
 	if strutil.StrListContains(keys, "keyring") {
+		b.initialized.Store(true)
 		return true, nil
 	}
 
@@ -100,6 +108,7 @@ func (b *AESGCMBarrier) Initialized(ctx context.Context) (bool, error) {
 	if err != nil {
 		return false, errwrap.Wrapf("failed to check for initialization: {{err}}", err)
 	}
+	b.initialized.Store(out != nil)
 	return out != nil, nil
 }
 

diff --git a/vendor/go.uber.org/atomic/.travis.yml b/vendor/go.uber.org/atomic/.travis.yml
diff --git a/vendor/go.uber.org/atomic/Makefile b/vendor/go.uber.org/atomic/Makefile
diff --git a/vendor/go.uber.org/atomic/README.md b/vendor/go.uber.org/atomic/README.md
diff --git a/vendor/go.uber.org/atomic/error.go b/vendor/go.uber.org/atomic/error.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -648,7 +648,7 @@ go.opencensus.io/resource
 go.opencensus.io/trace/tracestate
 go.opencensus.io/internal
 go.opencensus.io/trace/internal
-# go.uber.org/atomic v1.3.2
+# go.uber.org/atomic v1.4.0
 go.uber.org/atomic
 # go.uber.org/multierr v1.1.0
 go.uber.org/multierr