del_cache should invalidate the session cache as well

2025-04-16 09:40:20 +00:00 · 2022-11-30 21:21:10 -05:00 · 2022-11-30 21:21:10 -05:00 · 8fc279f4b4
commit 8fc279f4b4
parent 75b0aff3fc
2 changed files with 23 additions and 14 deletions
--- a/salt/utils/vault.py
+++ b/salt/utils/vault.py
@ -204,8 +204,12 @@ def get_vault_connection():

 def del_cache():
    """
-    Delete cache file
+    Delete cache
    """
+    log.debug("Deleting session cache")
+    if "vault_token" in __context__:
+        del __context__["vault_token"]
+
    log.debug("Deleting cache file")
    cache_file = os.path.join(__opts__["cachedir"], "salt_vault_token")

@ -227,6 +231,7 @@ def write_cache(connection):
        and "vault_secret_path_metadata" not in connection
    ):
        log.debug("Not caching vault single use token")
+        __context__["vault_token"] = connection
        return True
    elif (
        "vault_secret_path_metadata" in __context__
--- a/tests/pytests/unit/utils/test_vault.py
+++ b/tests/pytests/unit/utils/test_vault.py
@ -1,8 +1,5 @@
 import json
 import logging
-import os
-import shutil
-import tempfile
 import threading
 from copy import copy

@ -16,12 +13,10 @@ log = logging.getLogger(__name__)


@pytest.fixture
-def tmp_cache():
-    tmp_cache = tempfile.mkdtemp()
-    try:
-        yield tmp_cache
-    finally:
-        shutil.rmtree(tmp_cache)
+def tmp_cache(tmp_path):
+    cachedir = tmp_path / "cachedir"
+    cachedir.mkdir()
+    return cachedir


@pytest.fixture
@ -39,7 +34,7 @@ def configure_loader_modules(tmp_cache):
                    },
                },
                "file_client": "local",
-                "cachedir": tmp_cache,
+                "cachedir": str(tmp_cache),
            },
            "__grains__": {"id": "test-minion"},
            "__context__": {},
@ -198,7 +193,7 @@ def test_write_cache_multi_use_token(cache_uses, tmp_cache):
    }
    function_response = vault.write_cache(cache_uses)
    assert function_response is True
-    with salt.utils.files.fopen(os.path.join(tmp_cache, "salt_vault_token"), "r") as fp:
+    with salt.utils.files.fopen(str(tmp_cache / "salt_vault_token"), "r") as fp:
        token_data = json.loads(fp.read())
    assert token_data == expected_write

@ -227,7 +222,7 @@ def test_write_cache_unlimited_token(cache_uses, tmp_cache):
        "unlimited_use_token": True,
    }
    function_response = vault.write_cache(write_data)
-    with salt.utils.files.fopen(os.path.join(tmp_cache, "salt_vault_token"), "r") as fp:
+    with salt.utils.files.fopen(str(tmp_cache / "salt_vault_token"), "r") as fp:
        token_data = json.loads(fp.read())
    assert token_data == expected_write

@ -283,7 +278,7 @@ def test_write_cache_issue_59361(cache_uses, tmp_cache):
    thread1.join()
    thread2.join()

-    with salt.utils.files.fopen(os.path.join(tmp_cache, "salt_vault_token"), "r") as fp:
+    with salt.utils.files.fopen(str(tmp_cache / "salt_vault_token"), "r") as fp:
        try:
            token_data = json.loads(fp.read())
        except json.decoder.JSONDecodeError:
@ -615,3 +610,12 @@ def test_get_vault_connection_config_location(tmp_path, conf_location, called, c
        patch_token.assert_not_called()
    if conf_location == "doesnotexist":
        assert "config_location must be either local or master" in caplog.text
+
+
+def test_del_cache(tmp_cache):
+    token_file = tmp_cache / "salt_vault_token"
+    token_file.touch()
+    with patch.dict(vault.__context__, {"vault_token": "fake_token"}):
+        vault.del_cache()
+        assert "vault_token" not in vault.__context__
+    assert not token_file.exists()