feat: Enable multiple token caching and add option to disable caching…

[DaThumpingRabbit]

Description

Due to the previous PR #544 fixing the cache behavior, users are not able to use multiple credentials anymore with the same AVP

This new PR's goal is to fix that issue by adding the following features

• Tokens will now be cached on separate files identified by the connection method. Additionally, the approle and userpass method will have an additional identifier containing either the roleID or the username to allow users to reference multiple credentials if needed
• Addition of a command-line parameter to disable completely the token caching feature if the user needs to make a fresh login at every call

Fixes: #658

Checklist

Please make sure that your PR fulfills the following requirements:

• Reviewed the guidelines for contributing to this repository
• The commit message follows the Conventional Commits Guidelines.
• Tests for the changes have been updated
• Are you adding dependencies? If so, please run go mod tidy -compat=1.21 to ensure only the minimum is pulled in.
• Docs have been added / updated
• Optional. My organization is added to USERS.md.

Type of Change

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• New tests
• Build/CI related changes
• Documentation content changes
• Other (please describe)

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 53.44828% with 27 lines in your changes missing coverage. Please review.

Project coverage is 72.91%. Comparing base (42a43f0) to head (b5c0bad).
Report is 11 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/utils/util.go	44.68%	17 Missing and 9 partials ⚠️
pkg/auth/vault/userpass.go	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #660      +/-   ##
==========================================
+ Coverage   72.16%   72.91%   +0.74%     
==========================================
  Files          26       26              
  Lines        1994     1606     -388     
==========================================
- Hits         1439     1171     -268     
+ Misses        458      326     -132     
- Partials       97      109      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pre]

Can't wait to see this merged soon!

[DaThumpingRabbit]

@werne2j @jkayani
Would you have time to look into that PR ? I think that lots of people might have been impacted by my last one to enable the cache feature

[sabinayakc]

@DaThumpingRabbit Just a question, does this improve the performance of the plugin? We are experiencing issues in our vault using approle method and vault seals itself. We have around 500 apps using this plugin via Argo. And we see millions of info logs shown below.

Wondering if token caching would help here.

2025-01-14T23:18:34.080Z [INFO]  expiration: revoked lease: lease_id=auth/approle/login/hb5224a3b526cf46546abe77d6e43d94efa5183fca0b38c
2025-01-14T23:18:34.080Z [INFO]  expiration: revoked lease: lease_id=auth/approle/login/h15ada71de47d5c65793165fd92f2774d313d9b81cf05

[DaThumpingRabbit]

@sabinayakc It should definitely improve performance as you will contact the vault instance less (as long as there is a valid token for the auth method you are using, it will be used instead of performing a new login)
This should improve both the performance of argo and the load on the vault instance

However, it will also depend on your configuration, if you have one approle per app (taking an extreme use case) with a very short TTL, it will do nothing for you
But if you have argocd refreshing 100 apps with the same approle during the time your token is valid, you will reuse it instead of making 100 logins

(please note that this PR is not available in any current release of the plugin for now, cf #666)