From 69f13e43dfdd8069459800ccc3039f45fc884814 Mon Sep 17 00:00:00 2001
From: vnugent <public@vaughnnugent.com>
Date: Wed, 15 May 2024 22:04:43 -0400
Subject: fix: #3 Defer vault loading until a secret actually needs it

---
 lib/VNLib.Plugins.Extensions.Loading/src/IAsyncLazy.cs    |  9 +++++++++
 .../src/Secrets/OnDemandSecret.cs                         | 15 +++++++++++----
 .../src/Secrets/PluginSecretStore.cs                      |  4 ++--
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/IAsyncLazy.cs b/lib/VNLib.Plugins.Extensions.Loading/src/IAsyncLazy.cs
index 482785c..cb907b9 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/IAsyncLazy.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/IAsyncLazy.cs
@@ -52,6 +52,12 @@ namespace VNLib.Plugins.Extensions.Loading
         /// If the operation has not completed, throws an exception.
         /// </summary>
         T Value { get; }
+
+        /// <summary>
+        /// Gets or allocates a task that represents the async result
+        /// </summary>
+        /// <returns>A task that represents the asynchronous lazy result that completes with the resulting value</returns>
+        Task<T> AsTask();
     }
 
     /// <summary>
@@ -141,6 +147,9 @@ namespace VNLib.Plugins.Extensions.Loading
 
             ///<inheritdoc/>
             public TaskAwaiter<T> GetAwaiter() => _task.GetAwaiter();
+
+            ///<inheritdoc/>
+            public Task<T> AsTask() => _task;
         }
 #nullable enable
 
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/OnDemandSecret.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/OnDemandSecret.cs
index 17f3523..edbef8c 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/OnDemandSecret.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/OnDemandSecret.cs
@@ -35,13 +35,20 @@ using System.Collections.Generic;
 using VNLib.Utils.Memory;
 using VNLib.Utils.Logging;
 using VNLib.Utils.Extensions;
+using VNLib.Utils.Resources;
 
 using static VNLib.Plugins.Extensions.Loading.PluginSecretConstants;
 
 namespace VNLib.Plugins.Extensions.Loading
 {
-    internal sealed class OnDemandSecret(PluginBase plugin, string secretName, IKvVaultClient? vault) : IOnDemandSecret
+    internal sealed class OnDemandSecret(PluginBase plugin, string secretName, Func<IKvVaultClient?> vaultCb) : IOnDemandSecret
     {
+        /*
+         * Defer loading vault until needed by a vault secret. This avoids loading the vault client
+         * if no secrets are needed from the vault.
+         */
+        private readonly LazyInitializer<IKvVaultClient?> vault = new(vaultCb);
+
         public string SecretName { get; } = secretName ?? throw new ArgumentNullException(nameof(secretName));
 
         ///<inheritdoc/>
@@ -175,16 +182,16 @@ namespace VNLib.Plugins.Extensions.Loading
             string secret = path[(lastSep + 1)..].ToString();
 
             //Try load client
-            _ = vault ?? throw new KeyNotFoundException("Vault client not found");
+            _ = vault.Instance ?? throw new KeyNotFoundException("Vault client not found");
 
             if (async)
             {
-                Task<ISecretResult?> asTask = Task.Run(() => vault.ReadSecretAsync(secret, mount, secretTableKey));
+                Task<ISecretResult?> asTask = Task.Run(() => vault.Instance.ReadSecretAsync(secret, mount, secretTableKey));
                 return new ValueTask<ISecretResult?>(asTask);
             }
             else
             {
-                ISecretResult? result = vault.ReadSecret(secret, mount, secretTableKey);
+                ISecretResult? result = vault.Instance.ReadSecret(secret, mount, secretTableKey);
                 return new ValueTask<ISecretResult?>(result);
             }
         }
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs
index 1d366b0..759bd12 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs
@@ -46,7 +46,7 @@ namespace VNLib.Plugins.Extensions.Loading
         /// Gets the ambient vault client for the current plugin
         /// if the configuration is loaded, null otherwise
         /// </summary>
-        /// <returns>The ambient <see cref="IVaultClient"/> if loaded, null otherwise</returns>
+        /// <returns>The ambient <see cref="IKvVaultClient"/> if loaded, null otherwise</returns>
         /// <exception cref="KeyNotFoundException"></exception>
         /// <exception cref="ObjectDisposedException"></exception>
         public IKvVaultClient? GetVaultClient() => LoadingExtensions.GetOrCreateSingleton(_plugin, TryGetVaultLoader);
@@ -114,7 +114,7 @@ namespace VNLib.Plugins.Extensions.Loading
         public IOnDemandSecret GetOnDemandSecret(string secretName)
         {
             ArgumentException.ThrowIfNullOrWhiteSpace(secretName);
-            return new OnDemandSecret(_plugin, secretName, GetVaultClient());
+            return new OnDemandSecret(_plugin, secretName, GetVaultClient);
         }
 
         ///<inheritdoc/>
-- 
cgit