resolver: add credentials cache

Signed-off-by: Tonis Tiigi <[email protected]>
moby · Jul 5, 2020 · ed60a2f · ed60a2f
1 parent 05013a6
commit ed60a2f
Showing 1 changed file with 23 additions and 4 deletions.
diff --git a/util/resolver/resolver.go b/util/resolver/resolver.go
@@ -150,16 +150,32 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
 }
 
 type SessionAuthenticator struct {
-	sm     *session.Manager
-	groups []session.Group
-	mu     sync.RWMutex
+	sm      *session.Manager
+	groups  []session.Group
+	mu      sync.RWMutex
+	cache   map[string]credentials
+	cacheMu sync.RWMutex
+}
+
+type credentials struct {
+	user    string
+	secret  string
+	created time.Time
 }
 
 func NewSessionAuthenticator(sm *session.Manager, g session.Group) *SessionAuthenticator {
-	return &SessionAuthenticator{sm: sm, groups: []session.Group{g}}
+	return &SessionAuthenticator{sm: sm, groups: []session.Group{g}, cache: map[string]credentials{}}
 }
 
 func (a *SessionAuthenticator) credentials(h string) (string, string, error) {
+	a.cacheMu.RLock()
+	c, ok := a.cache[h]
+	if ok && time.Since(c.created) < time.Minute {
+		a.cacheMu.RUnlock()
+		return c.user, c.secret, nil
+	}
+	a.cacheMu.RUnlock()
+
 	a.mu.RLock()
 	defer a.mu.RUnlock()
 
@@ -170,6 +186,9 @@ func (a *SessionAuthenticator) credentials(h string) (string, string, error) {
 		if err != nil {
 			continue
 		}
+		a.cacheMu.Lock()
+		a.cache[h] = credentials{user: user, secret: secret, created: time.Now()}
+		a.cacheMu.Unlock()
 		return user, secret, nil
 	}
 	return "", "", err