pub struct AdaptiveCache { /* private fields */ }Expand description
Path-keyed in-memory cache with adaptive TTL.
The router wraps every get() with the cache: on a hit, return
the cached value (clone of SecretString); on a miss or
expiry, ask the source and store the result via
AdaptiveCache::put.
Thread-safe — uses a single std::sync::Mutex internally.
Operations are CPU-bound (hash + mutex grab), so the standard
library mutex is the right primitive (no tokio::sync::Mutex
hold across .await).
Implementations§
Source§impl AdaptiveCache
impl AdaptiveCache
Sourcepub fn new(base_ttl: Duration) -> Self
pub fn new(base_ttl: Duration) -> Self
Build a cache with the given source-default TTL and the production clock.
Sourcepub fn with_clock(base_ttl: Duration, clock: Arc<dyn CacheClock>) -> Self
pub fn with_clock(base_ttl: Duration, clock: Arc<dyn CacheClock>) -> Self
Build a cache with a caller-supplied clock. Used by tests.
Sourcepub fn clock(&self) -> &Arc<dyn CacheClock>
pub fn clock(&self) -> &Arc<dyn CacheClock>
Borrow the clock. Useful for doctor-style introspection
and tests.
Sourcepub fn get(&self, path: &SecretPath) -> Option<SecretString>
pub fn get(&self, path: &SecretPath) -> Option<SecretString>
Look up path. Returns Some(value.clone()) on hit;
None on miss or after the TTL has elapsed (the expired
entry is evicted lazily).
Sourcepub fn put(
&self,
path: &SecretPath,
value: SecretString,
lease_duration: Option<Duration>,
max_ttl: Option<Duration>,
) -> bool
pub fn put( &self, path: &SecretPath, value: SecretString, lease_duration: Option<Duration>, max_ttl: Option<Duration>, ) -> bool
Insert a value. Returns true if the value was cached;
false if caching was suppressed (by lease_duration = Some(0) or by an effective TTL of zero).
lease_duration is the upstream-reported lease (from
GetOutcome::lease_duration);
max_ttl is the per-secret cap from the global index
(cache_ttl_seconds_max). Both are optional; both can only
lower the effective TTL, never raise it.
Sourcepub fn invalidate(&self, path: &SecretPath)
pub fn invalidate(&self, path: &SecretPath)
Drop the entry for one path. Idempotent — no-op if the path is not in the cache.
Sourcepub fn invalidate_all(&self)
pub fn invalidate_all(&self)
Drop every entry. Used by devboy secrets refresh --all.