kms: add a lock, secrets could be modified concurrently for cached users

also reduce the size of the JSON payload omitting empty secrets
2025-12-07 06:40:54 +03:00 · 2021-03-22 19:03:25 +01:00
parent 28f1d66ae5
commit 5e375f56dd
12 changed files with 130 additions and 26 deletions
--- a/vfs/folder.go
+++ b/vfs/folder.go
@@ -79,8 +79,8 @@ func (v *BaseVirtualFolder) IsLocalOrLocalCrypted() bool {
 	return v.FsConfig.Provider == LocalFilesystemProvider || v.FsConfig.Provider == CryptedFilesystemProvider
 }

-// HideConfidentialData hides folder confidential data
-func (v *BaseVirtualFolder) HideConfidentialData() {
+// hideConfidentialData hides folder confidential data
+func (v *BaseVirtualFolder) hideConfidentialData() {
 	switch v.FsConfig.Provider {
 	case S3FilesystemProvider:
 		v.FsConfig.S3Config.AccessSecret.Hide()
@@ -96,6 +96,14 @@ func (v *BaseVirtualFolder) HideConfidentialData() {
 	}
 }

+// PrepareForRendering prepares a folder for rendering.
+// It hides confidential data and set to nil the empty secrets
+// so they are not serialized
+func (v *BaseVirtualFolder) PrepareForRendering() {
+	v.hideConfidentialData()
+	v.FsConfig.SetEmptySecretsIfNil()
+}
+
 // HasRedactedSecret returns true if the folder has a redacted secret
 func (v *BaseVirtualFolder) HasRedactedSecret() bool {
 	switch v.FsConfig.Provider {