[PR] fix: use independent lru cache with `invalid_stale` option for secret [apisix]

Tue, 02 Sep 2025 02:41:31 -0700 


nic-6443 opened a new pull request, #12579:
URL: https://github.com/apache/apisix/pull/12579

   ### Description
   
   Our secret feature includes an LRU cache to store values obtained from the 
secret provider (vault, AWS, GCP) to reduce the number of requests to the 
secret provider. However, due to without `invalid_stale` parameter, this cache 
never expires. 
https://github.com/apache/apisix/blob/9ae24032b6177daa6dfd31de04bfedc435a842d5/apisix/ssl/router/radixtree_sni.lua#L241-L242
 
https://github.com/apache/apisix/blob/9ae24032b6177daa6dfd31de04bfedc435a842d5/apisix/secret.lua#L188-L190
 
https://github.com/apache/apisix/blob/9ae24032b6177daa6dfd31de04bfedc435a842d5/apisix/core/lrucache.lua#L54-L62
 
   Additionally, since all places using secrets share one LRU cache, it is 
impossible to finely tune parameters like `ttl` and `count`, I refactored the 
lru cache to be passed as a parameter into the secret function.
   <!-- Please include a summary of the change and which issue is fixed. -->
   <!-- Please also include relevant motivation and context. -->
   
   #### Which issue(s) this PR fixes:
   <!--
   *Automatically closes linked issue when PR is merged.
   Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
   -->
   Fixes #
   
   ### Checklist
   
   - [ ] I have explained the need for this PR and the problem it solves
   - [ ] I have explained the changes or the new features added to this PR
   - [ ] I have added tests corresponding to this change
   - [ ] I have updated the documentation to reflect this change
   - [ ] I have verified that this change is backward compatible (If not, 
please discuss on the [APISIX mailing 
list](https://github.com/apache/apisix/tree/master#community) first)
   
   <!--
   
   Note
   
   1. Mark the PR as draft until it's ready to be reviewed.
   2. Always add/update tests for any changes unless you have a good reason.
   3. Always update the documentation to reflect the changes made in the PR.
   4. Make a new commit to resolve conversations instead of `push -f`.
   5. To resolve merge conflicts, merge master instead of rebasing.
   6. Use "request review" to notify the reviewer after making changes.
   7. Only a reviewer can mark a conversation as resolved.
   
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to