Skip to content

Commit

Permalink
Avoid sparse key read for non sparse secrets
Browse files Browse the repository at this point in the history
Before this patch, every call to ChefVault::Item.load used to call the
chef server for sparse key twice:
- once to load keys
- once to decrypt symetrical key

This has a huge cost on secret read for nodes whose latency to the chef
server is high (we have example with ~300ms ping time).

This patch make sure we don't try to read sparse key when the secret is
marked as non sparse.

Change-Id: Ib0c493845ccd8d0630c00010b5f48a6a264f81dc
Signed-off-by: Grégoire Seux <g.seux@criteo.com>
  • Loading branch information
kamaradclimber committed Jun 6, 2017
1 parent f4e5d09 commit 430f1f9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/chef-vault/item_keys.rb
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ def include?(key)
ckey = @cache[key]
return (ckey ? true : false) unless ckey.nil?
# check if the key is saved in sparse mode
return true unless sparse_key(sparse_id(key)).nil?
return true if sparse? && sparse_key(sparse_id(key))
# fallback to non-sparse mode if sparse key is not found
@raw_data.keys.include?(key)
end
Expand Down

0 comments on commit 430f1f9

Please sign in to comment.