fix: credentials: only decrypt credentials in the context(s) needed#908
Merged
ibuildthecloud merged 2 commits intogptscript-ai:mainfrom Nov 18, 2024
Merged
Conversation
Signed-off-by: Grant Linville <grant@acorn.io>
g-linville
commented
Nov 18, 2024
Comment on lines
-87
to
-92
| for serverAddress := range newCredAddresses { | ||
| ac, err := h.Get(serverAddress) | ||
| if err != nil { | ||
| return nil, err | ||
| result[toolNameWithCtx(toolName, ctx)] = types.AuthConfig{ | ||
| Username: val, | ||
| ServerAddress: serverAddress, | ||
| } | ||
| result[serverAddress] = ac |
Member
Author
There was a problem hiding this comment.
This loop is the main thing I needed to fix. Calling h.Get results in the credential getting possibly decrypted. I refactored this so that we no longer call h.Get here in the GetAll function, and instead individually get the details for credentials that we are actually going to return to the user.
Signed-off-by: Grant Linville <grant@acorn.io>
g-linville
requested review from
StrongMonkey,
drpebcak,
iwilltry42,
njhale and
thedadams
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There is some serious slowness in credentials when encryption is on and the number of stored credentials is greater than approximately 100. This is caused by a call to
Getin theGetAllfunction in our credential store implementation. CallingGetfor a credential results in a decryption operation. Even when trying to list credentials in just one context, the implementation ofGetAllwas resulting in the server decrypting every credential in the database, instead of just the ones in the requested context. This PR fixes that, byGeting only the credentials that will actually be returned to the user.