mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
d75aee21b8
* Improve trusted cert loading in Certificate Auth Currently, cert auth has a cache of certName->trusted certificate data. This cache is updated lazily on login. In highly concurrent situations, several logins of the same cert or more likely, logins not specifying role name may happen simulataneously. In the status quo, each results in going to storage, fetching the role data (or all roles!), unmarshalling, and certificate parsing. This change puts a lock matrix in front of the cache miss scenario, so only one of the logins will load and process the role data. In addition, we treat the absent role name specially, caching it separately so that it cannot be flushed by eviction on the role cache. * changelog * cleanup
5 lines
196 B
Plaintext
5 lines
196 B
Plaintext
```release-note:improvement
|
|
auth/cert: Cache full list of role trust information separately to avoid
|
|
eviction, and avoid duplicate loading during multiple simultaneous logins on
|
|
the same role.
|
|
``` |