working file caching

ptiurin · ptiurin · commit c09412eabd68 · 2025-10-06T13:23:37.000+01:00
diff --git a/src/firebolt/async_db/connection.py b/src/firebolt/async_db/connection.py
@@ -237,6 +237,9 @@ async def connect(
     if not auth:
         raise ConfigurationError("auth is required to connect.")
 
+    if account_name:
+        auth._account_name = account_name
+
     api_endpoint = fix_url_schema(api_endpoint)
     # Type checks
     assert auth is not None
diff --git a/src/firebolt/client/auth/base.py b/src/firebolt/client/auth/base.py
@@ -8,8 +8,12 @@
 from httpx import Auth as HttpxAuth
 from httpx import Request, Response, codes
 
-from firebolt.utils.token_storage import TokenSecureStorage
-from firebolt.utils.util import Timer, cached_property, get_internal_error_code
+from firebolt.utils.cache import (
+    ConnectionInfo,
+    SecureCacheKey,
+    _firebolt_cache,
+)
+from firebolt.utils.util import Timer, get_internal_error_code
 
 logger = logging.getLogger(__name__)
 
@@ -38,6 +42,7 @@ class Auth(HttpxAuth):
 
     __slots__ = (
         "_token",
+        "_account_name",
         "_expires",
         "_use_token_cache",
     )
@@ -47,7 +52,8 @@ class Auth(HttpxAuth):
 
     def __init__(self, use_token_cache: bool = True):
         self._use_token_cache = use_token_cache
-        self._token: Optional[str] = self._get_cached_token()
+        self._account_name: Optional[str] = None
+        self._token: Optional[str] = None
         self._expires: Optional[int] = None
         self._lock = Lock()
 
@@ -103,36 +109,49 @@ def expired(self) -> bool:
         """
         return self._expires is not None and self._expires <= int(time())
 
-    @cached_property
-    def _token_storage(self) -> Optional[TokenSecureStorage]:
-        """Token filesystem cache storage.
-
-        This is evaluated lazily, only if caching is enabled.
-
-        Returns:
-            Optional[TokenSecureStorage]: Token filesystem cache storage if any
-        """
-        return None
-
     def _get_cached_token(self) -> Optional[str]:
-        """If caching is enabled, get token from filesystem cache.
+        """If caching is enabled, get token from cache.
 
         If caching is disabled, None is returned.
 
         Returns:
             Optional[str]: Token if any, and if caching is enabled; None otherwise
         """
-        if not self._use_token_cache or not self._token_storage:
+        if not self._use_token_cache:
             return None
-        return self._token_storage.get_cached_token()
+
+        cache_key = SecureCacheKey(
+            [self.principal, self.secret, self._account_name], self.secret
+        )
+        connection_info = _firebolt_cache.get(cache_key)
+
+        if connection_info and connection_info.token:
+            return connection_info.token
+
+        return None
 
     def _cache_token(self) -> None:
-        """If caching isenabled, cache token to filesystem."""
-        if not self._use_token_cache or not self._token_storage:
+        """If caching is enabled, cache token."""
+        if not self._use_token_cache:
             return
-        # Only cache if token and expiration are retrieved
-        if self._token and self._expires:
-            self._token_storage.cache_token(self._token, self._expires)
+        # Only cache if token is retrieved
+        if self._token:
+            cache_key = SecureCacheKey(
+                [self.principal, self.secret, self._account_name], self.secret
+            )
+
+            # Get existing connection info or create new one
+            connection_info = _firebolt_cache.get(cache_key)
+            if connection_info is None:
+                connection_info = ConnectionInfo(
+                    id="NONE"
+                )  # This is triggered first so there will be no id
+
+            # Update token information
+            connection_info.token = self._token
+
+            # Cache it
+            _firebolt_cache.set(cache_key, connection_info)
 
     @abstractmethod
     def get_new_token_generator(self) -> Generator[Request, Response, None]:
diff --git a/src/firebolt/client/auth/client_credentials.py b/src/firebolt/client/auth/client_credentials.py
@@ -1,10 +1,6 @@
-from typing import Optional
-
 from firebolt.client.auth.base import AuthRequest, FireboltAuthVersion
 from firebolt.client.auth.request_auth_base import _RequestBasedAuth
-from firebolt.utils.token_storage import TokenSecureStorage
 from firebolt.utils.urls import AUTH_SERVICE_ACCOUNT_URL
-from firebolt.utils.util import cached_property
 
 
 class ClientCredentials(_RequestBasedAuth):
@@ -79,17 +75,6 @@ def get_firebolt_version(self) -> FireboltAuthVersion:
         """
         return FireboltAuthVersion.V2
 
-    @cached_property
-    def _token_storage(self) -> Optional[TokenSecureStorage]:
-        """Token filesystem cache storage.
-
-        This is evaluated lazily, only if caching is enabled
-
-        Returns:
-            TokenSecureStorage: Token filesystem cache storage
-        """
-        return TokenSecureStorage(username=self.client_id, password=self.client_secret)
-
     def _make_auth_request(self) -> AuthRequest:
         """Get new token using username and password.
 
diff --git a/src/firebolt/client/auth/service_account.py b/src/firebolt/client/auth/service_account.py
@@ -1,10 +1,6 @@
-from typing import Optional
-
 from firebolt.client.auth.base import AuthRequest, FireboltAuthVersion
 from firebolt.client.auth.request_auth_base import _RequestBasedAuth
-from firebolt.utils.token_storage import TokenSecureStorage
 from firebolt.utils.urls import AUTH_SERVICE_ACCOUNT_URL
-from firebolt.utils.util import cached_property
 
 
 class ServiceAccount(_RequestBasedAuth):
@@ -77,17 +73,6 @@ def copy(self) -> "ServiceAccount":
         """
         return ServiceAccount(self.client_id, self.client_secret, self._use_token_cache)
 
-    @cached_property
-    def _token_storage(self) -> Optional[TokenSecureStorage]:
-        """Token filesystem cache storage.
-
-        This is evaluated lazily, only if caching is enabled
-
-        Returns:
-            TokenSecureStorage: Token filesystem cache storage
-        """
-        return TokenSecureStorage(username=self.client_id, password=self.client_secret)
-
     def _make_auth_request(self) -> AuthRequest:
         """Get new token using username and password.
 
diff --git a/src/firebolt/client/auth/username_password.py b/src/firebolt/client/auth/username_password.py
@@ -1,10 +1,6 @@
-from typing import Optional
-
 from firebolt.client.auth.base import AuthRequest, FireboltAuthVersion
 from firebolt.client.auth.request_auth_base import _RequestBasedAuth
-from firebolt.utils.token_storage import TokenSecureStorage
 from firebolt.utils.urls import AUTH_URL
-from firebolt.utils.util import cached_property
 
 
 class UsernamePassword(_RequestBasedAuth):
@@ -77,17 +73,6 @@ def copy(self) -> "UsernamePassword":
         """
         return UsernamePassword(self.username, self.password, self._use_token_cache)
 
-    @cached_property
-    def _token_storage(self) -> Optional[TokenSecureStorage]:
-        """Token filesystem cache storage.
-
-        This is evaluated lazily, only if caching is enabled
-
-        Returns:
-            TokenSecureStorage: Token filesystem cache storage
-        """
-        return TokenSecureStorage(username=self.username, password=self.password)
-
     def _make_auth_request(self) -> AuthRequest:
         """Get new token using username and password.
 
diff --git a/src/firebolt/db/connection.py b/src/firebolt/db/connection.py
@@ -66,6 +66,9 @@ def connect(
     if not auth:
         raise ConfigurationError("auth is required to connect.")
 
+    if account_name:
+        auth._account_name = account_name
+
     api_endpoint = fix_url_schema(api_endpoint)
     # Type checks
     assert auth is not None
diff --git a/src/firebolt/utils/cache.py b/src/firebolt/utils/cache.py
@@ -1,6 +1,11 @@
+import logging
 import os
 import time
-from dataclasses import dataclass, field
+from dataclasses import asdict, dataclass, field
+from json import JSONDecodeError
+from json import dumps as json_dumps
+from json import loads as json_loads
+from os import makedirs, path
 from typing import (
     Any,
     Callable,
@@ -12,10 +17,21 @@
     TypeVar,
 )
 
+from appdirs import user_data_dir
+
+from firebolt.utils.file_operations import (
+    FernetEncrypter,
+    generate_encrypted_file_name,
+    generate_salt,
+)
+
 T = TypeVar("T")
 
 # Cache expiry configuration
 CACHE_EXPIRY_SECONDS = 3600  # 1 hour
+APPNAME = "firebolt"
+
+logger = logging.getLogger(__name__)
 
 
 class ReprCacheable(Protocol):
@@ -47,6 +63,22 @@ class ConnectionInfo:
     system_engine: Optional[EngineInfo] = None
     databases: Dict[str, DatabaseInfo] = field(default_factory=dict)
     engines: Dict[str, EngineInfo] = field(default_factory=dict)
+    token: Optional[str] = None
+
+    def __post_init__(self) -> None:
+        """
+        Post-initialization processing to convert dicts to dataclasses.
+        """
+        if self.system_engine and isinstance(self.system_engine, dict):
+            self.system_engine = EngineInfo(**self.system_engine)
+        self.databases = {
+            k: DatabaseInfo(**v)
+            for k, v in self.databases.items()
+            if isinstance(v, dict)
+        }
+        self.engines = {
+            k: EngineInfo(**v) for k, v in self.engines.items() if isinstance(v, dict)
+        }
 
 
 def noop_if_disabled(func: Callable) -> Callable:
@@ -150,4 +182,118 @@ def __hash__(self) -> int:
         return hash(self.key)
 
 
-_firebolt_cache = UtilCache[ConnectionInfo](cache_name="connection_info")
+class FileBasedCache(UtilCache[ConnectionInfo]):
+    """
+    File-based cache that persists to disk with encryption.
+    Extends UtilCache to provide persistent storage using encrypted files.
+    """
+
+    def __init__(self, cache_name: str = ""):
+        super().__init__(cache_name)
+        self._data_dir = user_data_dir(appname=APPNAME)  # TODO: change to new dir
+        makedirs(self._data_dir, exist_ok=True)
+
+    def _get_file_path(self, key: SecureCacheKey) -> str:
+        """Get the file path for a cache key."""
+        cache_key = self.create_key(key)
+        encrypted_filename = generate_encrypted_file_name(cache_key, key.encryption_key)
+        return path.join(self._data_dir, encrypted_filename)
+
+    def _read_data_json(self, file_path: str, encrypter: FernetEncrypter) -> dict:
+        """Read and decrypt JSON data from file."""
+        if not path.exists(file_path):
+            return {}
+
+        try:
+            with open(file_path, "r") as f:
+                encrypted_data = f.read()
+
+            decrypted_data = encrypter.decrypt(encrypted_data)
+            if decrypted_data is None:
+                logger.debug("Decryption failed for %s", file_path)
+                return {}
+
+            return json_loads(decrypted_data) if decrypted_data else {}
+        except (JSONDecodeError, IOError) as e:
+            logger.debug(
+                "Failed to read or decode data from %s error: %s", file_path, e
+            )
+            return {}
+
+    def _write_data_json(
+        self, file_path: str, data: dict, encrypter: FernetEncrypter
+    ) -> None:
+        """Encrypt and write JSON data to file."""
+        try:
+            json_str = json_dumps(data)
+            logger.debug("Writing data to %s", file_path)
+            encrypted_data = encrypter.encrypt(json_str)
+            with open(file_path, "w") as f:
+                f.write(encrypted_data)
+        except (IOError, OSError) as e:
+            # Silently proceed if we can't write to disk
+            logger.debug("Failed to write data to %s error: %s", file_path, e)
+
+    def get(self, key: SecureCacheKey) -> Optional[ConnectionInfo]:
+        """Get value from cache, checking both memory and disk."""
+        if self.disabled:
+            return None
+
+        # First try memory cache
+        memory_result = super().get(key)
+        if memory_result is not None:
+            logger.debug("Cache hit in memory")
+            return memory_result
+
+        # If not in memory, try to load from disk
+        file_path = self._get_file_path(key)
+        encrypter = FernetEncrypter(generate_salt(), key.encryption_key)
+        raw_data = self._read_data_json(file_path, encrypter)
+        if not raw_data:
+            return None
+        logger.debug("Cache hit on disk")
+        data = ConnectionInfo(**raw_data)
+
+        # Add to memory cache and return
+        super().set(key, data)
+        return data
+
+    def set(self, key: SecureCacheKey, value: ConnectionInfo) -> None:
+        """Set value in both memory and disk cache."""
+        if self.disabled:
+            return
+
+        logger.debug("Setting value in cache")
+        # First set in memory
+        super().set(key, value)
+
+        file_path = self._get_file_path(key)
+        encrypter = FernetEncrypter(generate_salt(), key.encryption_key)
+        data = asdict(value)
+
+        self._write_data_json(file_path, data, encrypter)
+
+    def delete(self, key: SecureCacheKey) -> None:
+        """Delete value from both memory and disk cache."""
+        if self.disabled:
+            return
+
+        # Delete from memory
+        super().delete(key)
+
+        # Delete from disk
+        file_path = self._get_file_path(key)
+        try:
+            if path.exists(file_path):
+                os.remove(file_path)
+        except OSError:
+            logger.debug("Failed to delete file %s", file_path)
+            # Silently proceed if we can't delete the file
+
+    def clear(self) -> None:
+        # Clear memory only, as deleting every file is not safe
+        logger.debug("Clearing memory cache")
+        super().clear()
+
+
+_firebolt_cache = FileBasedCache(cache_name="connection_info")
diff --git a/src/firebolt/utils/file_operations.py b/src/firebolt/utils/file_operations.py
