[runx+envsec] Use same cache location as auth pkg (#154)

mikeland73 · web-flow · commit 417d4b700737 · 2023-09-20T16:25:28.000-07:00
## Summary

Use consistent cache locations everywhere.

Fix envsec aws credentials cache bug where cache key did not take into
account changing organizations.

## How was it tested?
diff --git a/envsec/internal/awsfed/awsfed.go b/envsec/internal/awsfed/awsfed.go
@@ -2,6 +2,7 @@ package awsfed
 
 import (
 	"context"
+	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 
@@ -12,7 +13,7 @@ import (
 	"go.jetpack.io/pkg/sandbox/auth/session"
 )
 
-const cacheKey = "awsfed"
+const cacheKeyPrefix = "awsfed"
 
 type AWSFed struct {
 	AccountID      string
@@ -39,8 +40,8 @@ func (a *AWSFed) AWSCreds(
 	ctx context.Context,
 	tok *session.Token,
 ) (*types.Credentials, error) {
-	cache := filecache.New("envsec")
-	if cachedCreds, err := cache.Get(cacheKey); err == nil {
+	cache := filecache.New("jetpack.io/envsec")
+	if cachedCreds, err := cache.Get(cacheKey(tok)); err == nil {
 		var creds types.Credentials
 		if err := json.Unmarshal(cachedCreds, &creds); err == nil {
 			return &creds, nil
@@ -86,7 +87,7 @@ func (a *AWSFed) AWSCreds(
 	if creds, err := json.Marshal(output.Credentials); err != nil {
 		return nil, err
 	} else if err := cache.SetT(
-		cacheKey,
+		cacheKey(tok),
 		creds,
 		*output.Credentials.Expiration,
 	); err != nil {
@@ -95,3 +96,14 @@ func (a *AWSFed) AWSCreds(
 
 	return output.Credentials, nil
 }
+
+func cacheKey(t *session.Token) string {
+	id := ""
+	if claims := t.IDClaims(); claims != nil && claims.OrgID != "" {
+		id = claims.OrgID
+	} else {
+		id = fmt.Sprintf("%x", sha256.Sum256([]byte(t.IDToken)))
+	}
+
+	return fmt.Sprintf("%s-%s", cacheKeyPrefix, id)
+}
diff --git a/envsec/internal/filecache/filecache.go b/envsec/internal/filecache/filecache.go
@@ -8,20 +8,17 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-	"go.jetpack.io/envsec/internal/xdg"
 )
 
 var NotFound = errors.New("not found")
 var Expired = errors.New("expired")
 
-const prefix = "filecache-"
-
 type cache struct {
-	appName string
+	domain string
 }
 
-func New(appName string) *cache {
-	return &cache{appName: appName}
+func New(domain string) *cache {
+	return &cache{domain: domain}
 }
 
 type data struct {
@@ -68,7 +65,11 @@ func (c *cache) Get(key string) ([]byte, error) {
 }
 
 func (c *cache) filename(key string) string {
-	dir := xdg.CacheSubpath(c.appName)
+	cacheDir, err := os.UserCacheDir()
+	if err != nil {
+		cacheDir = "~/.cache"
+	}
+	dir := filepath.Join(cacheDir, c.domain)
 	_ = os.MkdirAll(dir, 0755)
-	return xdg.CacheSubpath(filepath.Join(c.appName, prefix+key))
+	return filepath.Join(dir, key)
 }
diff --git a/envsec/internal/xdg/xdg.go b/envsec/internal/xdg/xdg.go
diff --git a/go.work.sum b/go.work.sum
@@ -3,6 +3,7 @@ cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1h
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno=
+github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184/go.mod h1:tGWUZLZp9ajsxUOnHmFFLnqnlKXsCn6GReG4jAD59H0=
@@ -50,7 +51,6 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV
 github.com/yosssi/ace v0.0.5/go.mod h1:ALfIzm2vT7t5ZE7uoIZqF3TQ7SAOyupFZnkrF5id+K0=
 github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.jetpack.io/pkg v0.0.0-20230915205515-567047de7b30/go.mod h1:6RVzBortLFlql8s8oKJTX2+H7DDzp8Lr7wiIOI3FauU=
 golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
diff --git a/pkg/go.mod b/pkg/go.mod
@@ -3,7 +3,6 @@ module go.jetpack.io/pkg
 go 1.20
 
 require (
-	github.com/adrg/xdg v0.4.0
 	github.com/cavaliergopher/grab/v3 v3.0.1
 	github.com/codeclysm/extract v2.2.0+incompatible
 	github.com/coreos/go-oidc/v3 v3.6.0
diff --git a/pkg/go.sum b/pkg/go.sum
@@ -1,7 +1,5 @@
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
-github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
-github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cavaliergopher/grab/v3 v3.0.1 h1:4z7TkBfmPjmLAAmkkAZNX/6QJ1nNFdv3SdIHXju0Fr4=
 github.com/cavaliergopher/grab/v3 v3.0.1/go.mod h1:1U/KNnD+Ft6JJiYoYBAimKH2XrYptb8Kl3DFGmsjpq4=
@@ -85,7 +83,6 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -106,7 +103,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
diff --git a/pkg/sandbox/auth/auth.go b/pkg/sandbox/auth/auth.go
@@ -36,7 +36,7 @@ func storeDir() string {
 	if err != nil {
 		cacheDir = "~/.cache"
 	}
-	return filepath.Join(cacheDir, "go.jetpack.io", "auth")
+	return filepath.Join(cacheDir, "jetpack.io", "auth")
 }
 
 func (c *Client) LoginFlow() (*session.Token, error) {
diff --git a/pkg/sandbox/runx/impl/httpcacher/defaults.go b/pkg/sandbox/runx/impl/httpcacher/defaults.go
@@ -1,9 +1,8 @@
 package httpcacher
 
 import (
+	"os"
 	"path/filepath"
-
-	"github.com/adrg/xdg"
 )
 
 const xdgSubdir = "jetpack.io/http"
@@ -16,4 +15,11 @@ const xdgSubdir = "jetpack.io/http"
 // TODO: consider supporting a shared cache. Consider changing the default caching
 // directory structure, to separate the private cache from the shared cache (which
 // could be copied between machines).
-var defaultCacheDir = filepath.Join(xdg.CacheHome, xdgSubdir)
+
+func defaultCacheDir() string {
+	cacheHome, err := os.UserCacheDir()
+	if err != nil {
+		cacheHome = "~/.cache"
+	}
+	return filepath.Join(cacheHome, xdgSubdir)
+}
diff --git a/pkg/sandbox/runx/impl/httpcacher/httpcacher.go b/pkg/sandbox/runx/impl/httpcacher/httpcacher.go
@@ -17,7 +17,7 @@ import "net/http"
 // It could even implement state-while-revalidate type of logic on the client
 // side: https://developer.mozilla.org/en-US/docs/Web/API/Request/cache
 
-var DefaultClient = NewClient(defaultCacheDir)
+var DefaultClient = NewClient(defaultCacheDir())
 
 func NewClient(cacheDir string) *http.Client {
 	return newTransport(cacheDir).Client()
diff --git a/pkg/sandbox/runx/impl/install.go b/pkg/sandbox/runx/impl/install.go
@@ -2,9 +2,9 @@ package impl
 
 import (
 	"context"
+	"os"
 	"path/filepath"
 
-	"github.com/adrg/xdg"
 	"go.jetpack.io/pkg/sandbox/runx/impl/registry"
 	"go.jetpack.io/pkg/sandbox/runx/impl/types"
 )
@@ -38,7 +38,11 @@ func install(pkgs ...types.PkgRef) ([]string, error) {
 }
 
 func installOne(ref types.PkgRef) (string, error) {
-	rootDir := filepath.Join(xdg.CacheHome, xdgInstallationSubdir)
+	cacheDir, err := os.UserCacheDir()
+	if err != nil {
+		cacheDir = "~/.cache"
+	}
+	rootDir := filepath.Join(cacheDir, xdgInstallationSubdir)
 	reg, err := registry.NewLocalRegistry(rootDir)
 	if err != nil {
 		return "", err

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ func storeDir() string {`
`36`	`36`	`if err != nil {`
`37`	`37`	`cacheDir = "~/.cache"`
`38`	`38`	`}`
`39`		`- return filepath.Join(cacheDir, "go.jetpack.io", "auth")`
	`39`	`+ return filepath.Join(cacheDir, "jetpack.io", "auth")`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`func (c Client) LoginFlow() (session.Token, error) {`