Cache OpenSecret clients per API key#34
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughProxyState adds a DashMap + OnceCell per-API-key cache for OpenSecretClient with TTL and size eviction. Request handlers fetch cached clients via state.client_for_api_key(&api_key). Tests cover reuse, key isolation, eviction, expiration, and removal on failed init. ChangesPer-API-Key Client Caching
sequenceDiagram
participant Client as RequestHandler
participant State as ProxyState
participant Cell as OnceCell
participant Backend as OpenSecretClient
Client->>State: client_for_api_key(api_key)
State->>Cell: get_or_try_init(init_client)
Cell->>Backend: initialize OpenSecretClient (attestation)
Note over State,Cell: cached Arc<OpenSecretClient> stored in DashMap with created_at
Client->>Backend: send request using cached client
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/proxy.rs (1)
32-37: 💤 Low valueCache has no eviction policy.
The
clientsmap grows unboundedly as new API keys are seen. For typical deployments with a bounded set of API keys this is fine, but if the proxy serves many ephemeral/rotating keys over time, entries will accumulate indefinitely.Consider whether you need cache eviction (e.g., TTL-based or LRU) in the future. For now, this is likely acceptable if the set of API keys is relatively stable.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/proxy.rs` around lines 32 - 37, The current client_cell_for_api_key creates entries in self.clients with no eviction, causing unbounded growth as new api_keys appear; replace the backing map with a bounded, thread-safe cache (e.g., moka::sync::Cache or lru crate wrapped for concurrency) or add TTL-based cleanup so entries are evicted automatically, and update client_cell_for_api_key to look up/insert using the cache's API (preserving the Arc<OnceCell<Arc<OpenSecretClient>>> value type) so concurrent access semantics remain correct; ensure the chosen cache is safe for Arc values and update any initialization and imports accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/proxy.rs`:
- Around line 32-37: The current client_cell_for_api_key creates entries in
self.clients with no eviction, causing unbounded growth as new api_keys appear;
replace the backing map with a bounded, thread-safe cache (e.g.,
moka::sync::Cache or lru crate wrapped for concurrency) or add TTL-based cleanup
so entries are evicted automatically, and update client_cell_for_api_key to look
up/insert using the cache's API (preserving the
Arc<OnceCell<Arc<OpenSecretClient>>> value type) so concurrent access semantics
remain correct; ensure the chosen cache is safe for Arc values and update any
initialization and imports accordingly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 6425744a-185e-4305-a94d-2179d81e097a
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (2)
Cargo.tomlsrc/proxy.rs
|
Follow-up after validating the bot feedback:
Revalidated locally:
|
Closes #32.
Summary:
Tests:
Summary by CodeRabbit