GUACAMOLE-641: Automatically cache requests for secrets from the vault.

extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultConfigurationService.java

@@ -25,6 +25,7 @@ import com.microsoft.aad.adal4j.ClientCredential;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
 import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.properties.IntegerGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 
 /**
@@ -46,6 +47,19 @@ public class AzureKeyVaultConfigurationService extends VaultConfigurationService
      */
     private static final String TOKEN_MAPPING_FILENAME = "azure-keyvault-token-mapping.json";
 
+    /**
+     * The number of milliseconds that each retrieved secret should be cached
+     * for.
+     */
+    private static final IntegerGuacamoleProperty SECRET_TTL = new IntegerGuacamoleProperty() {
+
+        @Override
+        public String getName() {
+            return "azure-keyvault-secret-ttl";
+        }
+
+    };
+
     /**
      * The URL of the Azure Key Vault that should be used to populate token
      * values.
@@ -95,6 +109,21 @@ public class AzureKeyVaultConfigurationService extends VaultConfigurationService
         super(TOKEN_MAPPING_FILENAME);
     }
 
+    /**
+     * Returns the number of milliseconds that each retrieved secret should be
+     * cached for. By default, secrets are cached for 10 seconds.
+     *
+     * @return
+     *     The number of milliseconds to cache each retrieved secret.
+     *
+     * @throws GuacamoleException
+     *     If the value specified within guacamole.properties cannot be
+     *     parsed.
+     */
+    public int getSecretTTL() throws GuacamoleException {
+        return environment.getProperty(SECRET_TTL, 10000);
+    }
+
     /**
      * Returns the base URL of the Azure Key Vault containing the secrets that
      * should be retrieved to populate connection parameter tokens. The base

extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/secret/AzureKeyVaultSecretService.java

@@ -31,13 +31,13 @@ import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultAuthenticationException;
 import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService;
-import org.apache.guacamole.auth.vault.secret.VaultSecretService;
+import org.apache.guacamole.auth.vault.secret.CachedVaultSecretService;
 
 /**
  * Service which retrieves secrets from Azure Key Vault.
  */
 @Singleton
-public class AzureKeyVaultSecretService implements VaultSecretService {
+public class AzureKeyVaultSecretService extends CachedVaultSecretService {
 
     /**
      * Pattern which matches contiguous groups of characters which are not
@@ -71,23 +71,20 @@ public class AzureKeyVaultSecretService implements VaultSecretService {
     }
 
     @Override
-    public String getValue(String name) throws GuacamoleException {
+    protected CachedSecret refreshCachedSecret(String name)
+            throws GuacamoleException {
+
+        int ttl = confService.getSecretTTL();
+        String url = confService.getVaultURL();
 
         try {
 
-            // Retrieve configuration information necessary for connecting to
-            // Azure Key Vault
-            String url = confService.getVaultURL();
-            KeyVaultCredentials credentials = credentialProvider.get();
-
-            // Authenticate against Azure Key Vault
-            KeyVaultClient client = new KeyVaultClient(credentials);
-
-            // Retrieve requested secret
+            // Retrieve requested secret from Azure Key Vault
+            KeyVaultClient client = new KeyVaultClient(credentialProvider.get());
             SecretBundle secret = client.getSecret(url, name);
 
             // FIXME: STUB
-            return null;
+            return new CachedSecret(null, ttl);
 
         }
         catch (AzureKeyVaultAuthenticationException e) {