From 42f2aa64d6b4196dfdb0654a37e61ed311379a4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Seux?= Date: Tue, 6 Jun 2017 18:32:54 +0200 Subject: [PATCH] Avoid sparse key read for non sparse secrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this patch, every call to ChefVault::Item.load used to call the chef server for sparse key twice: - once to load keys - once to decrypt symetrical key This has a huge cost on secret read for nodes whose latency to the chef server is high (we have example with ~300ms ping time). This patch make sure we don't try to read sparse key when the secret is marked as non sparse. Change-Id: Ib0c493845ccd8d0630c00010b5f48a6a264f81dc Signed-off-by: Grégoire Seux --- lib/chef-vault/item_keys.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/chef-vault/item_keys.rb b/lib/chef-vault/item_keys.rb index dbf6125..65c7f89 100644 --- a/lib/chef-vault/item_keys.rb +++ b/lib/chef-vault/item_keys.rb @@ -53,7 +53,7 @@ def include?(key) ckey = @cache[key] return (ckey ? true : false) unless ckey.nil? # check if the key is saved in sparse mode - return true unless sparse_key(sparse_id(key)).nil? + return true if sparse? && sparse_key(sparse_id(key)) # fallback to non-sparse mode if sparse key is not found @raw_data.keys.include?(key) end