Showing with 30 additions and 8 deletions.

+10 −2 CHANGELOG.md

+1 −0 Rakefile

+5 −5 lib/puppet/functions/azure_key_vault/lookup.rb

+1 −1 metadata.json

+13 −0 spec/functions/azure_key_vault_lookup_spec.rb
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,15 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
-## [v1.1.0](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/v1.1.0) (2020-02-17)
+## [v1.1.1](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/v1.1.1) (2021-04-22)
+
+[Full Changelog](https://github.com/tragiccode/tragiccode-azure_key_vault/compare/v1.1.0...v1.1.1)
+
+### Fixed
+
+- \(GH-65\) Managed identity access token not being cached in hiera lookups [\#66](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/66) ([dowlingw](https://github.com/dowlingw))
+
+## [v1.1.0](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/v1.1.0) (2020-02-18)
 
 [Full Changelog](https://github.com/tragiccode/tragiccode-azure_key_vault/compare/1.0.2...v1.1.0)
 
@@ -27,6 +35,7 @@ All notable changes to this project will be documented in this file. The format
 - \(GH-42\) Fix .empty? method missing on uri [\#45](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/45) ([TraGicCode](https://github.com/TraGicCode))
 - \(GH-43\) Fix debug message [\#44](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/44) ([TraGicCode](https://github.com/TraGicCode))
 - Fix typo in readme.md [\#29](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/29) ([lupyana](https://github.com/lupyana))
+- Change log level from info to debug [\#10](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/10) ([TraGicCode](https://github.com/TraGicCode))
 
 ## [1.0.0](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/1.0.0) (2018-10-25)
 
@@ -54,7 +63,6 @@ All notable changes to this project will be documented in this file. The format
 
 ### Fixed
 
-- Change log level from info to debug [\#10](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/10) ([TraGicCode](https://github.com/TraGicCode))
 - Add missing comma in readme.md [\#9](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/9) ([TraGicCode](https://github.com/TraGicCode))
 
 ## [0.2.0](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/0.2.0) (2018-08-23)

diff --git a/Rakefile b/Rakefile
@@ -47,6 +47,7 @@ if Bundler.rubygems.find_name('github_changelog_generator').any?
     config.user = "#{changelog_user}"
     config.project = "#{changelog_project}"
     config.future_release = "#{changelog_future_release}"
+    config.since_tag = '0.1.0'
     config.exclude_labels = ['maintenance']
     config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
     config.add_pr_wo_labels = true

diff --git a/lib/puppet/functions/azure_key_vault/lookup.rb b/lib/puppet/functions/azure_key_vault/lookup.rb
@@ -11,11 +11,11 @@ def lookup_key(secret_name, options, context)
     # This is a reserved key name in hiera
     return context.not_found if secret_name == 'lookup_options'
     return context.cached_value(secret_name) if context.cache_has_key(secret_name)
-    access_token = if context.cache_has_key('access_token')
-                     context.cached_value('access_token')
-                   else
-                     TragicCode::Azure.get_access_token(options['metadata_api_version'])
-                   end
+    access_token = context.cached_value('access_token')
+    if access_token.nil?
+      access_token = TragicCode::Azure.get_access_token(options['metadata_api_version'])
+      context.cache('access_token', access_token)
+    end
     begin
       secret_value = TragicCode::Azure.get_secret(
         options['vault_name'],

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "tragiccode-azure_key_vault",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "author": "tragiccode",
   "summary": "The azure_key_vault module allows you to easily fetch secrets securely within your puppet manifests.",
   "license": "Apache-2.0",

diff --git a/spec/functions/azure_key_vault_lookup_spec.rb b/spec/functions/azure_key_vault_lookup_spec.rb
@@ -38,6 +38,19 @@
       'secret_name', options, lookup_context
     ).and_return('value')
   end
+  it 'caches the access token after a cache miss' do
+    access_token_value = 'access_value'
+    secret_value = 'secret_value'
+
+    expect(lookup_context).to receive(:cached_value).with('access_token').and_return(nil)
+    expect(TragicCode::Azure).to receive(:get_access_token).and_return(access_token_value)
+    expect(lookup_context).to receive(:cache).with('access_token', access_token_value).ordered
+    expect(TragicCode::Azure).to receive(:get_secret).and_return(secret_value)
+    expect(lookup_context).to receive(:cache).and_return(secret_value).ordered
+    is_expected.to run.with_params(
+      'secret_name', options, lookup_context
+    ).and_return(secret_value)
+  end
 
   it 'call context.not_found for the lookup_options key' do
     expect(lookup_context).to receive(:not_found)