api/authorization/caching_identity_provider.go
package authorization
import (
"context"
"fmt"
"time"
"k8s.io/apimachinery/pkg/util/cache"
)
const (
cacheTTL = 120 * time.Second
)
type CachingIdentityProvider struct {
identityProvider IdentityProvider
identityCache *cache.Expiring
}
func NewCachingIdentityProvider(identityProvider IdentityProvider, identityCache *cache.Expiring) *CachingIdentityProvider {
return &CachingIdentityProvider{
identityProvider: identityProvider,
identityCache: identityCache,
}
}
func (p *CachingIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error) {
idInterface, ok := p.identityCache.Get(info.Hash())
if ok {
id, castOK := idInterface.(Identity)
if castOK {
return id, nil
}
return Identity{}, fmt.Errorf("identity-provider cache: expected authorization.Identity{}, got %T", idInterface)
}
identity, err := p.identityProvider.GetIdentity(ctx, info)
if err == nil {
p.identityCache.Set(info.Hash(), identity, cacheTTL)
}
return identity, err
}