From 76d764c72ff208279f7bc469b17cc64d6794ee58 Mon Sep 17 00:00:00 2001
From: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Date: Mon, 30 Oct 2023 23:12:43 +0000
Subject: [PATCH] fix: fixes disable cache flow

Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
(cherry picked from commit fddcadf003013342a48d2bca6702160aae598acf)
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +--
 .../pkg/client/drivers/rego/builtin.go        | 35 ++++++++++++-------
 vendor/modules.txt                            |  2 +-
 4 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 5cac214a85f..239c5123756 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/google/uuid v1.3.1
 	github.com/onsi/gomega v1.27.7
 	github.com/open-policy-agent/cert-controller v0.8.0
-	github.com/open-policy-agent/frameworks/constraint v0.0.0-20231019180654-3eb381ce6cbe
+	github.com/open-policy-agent/frameworks/constraint v0.0.0-20231030230613-2e0cb3d68575
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.16.0
 	github.com/spf13/cobra v1.7.0
diff --git a/go.sum b/go.sum
index aafd2cff4d5..d6dd4aefda2 100644
--- a/go.sum
+++ b/go.sum
@@ -967,8 +967,8 @@ github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
 github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
 github.com/open-policy-agent/cert-controller v0.8.0 h1:pao3WCLsKGz5dSWSlNUFrNFQdXtVTQ3lVDgk2IelH34=
 github.com/open-policy-agent/cert-controller v0.8.0/go.mod h1:alotCQRwX4M6VEwEgO53FB6nGLSlvah6L0pWxSRslIk=
-github.com/open-policy-agent/frameworks/constraint v0.0.0-20231019180654-3eb381ce6cbe h1:wQ2MKaTgPt74u7Ya5pQ0MU+Ako2vkdivi7UVy9kjYAg=
-github.com/open-policy-agent/frameworks/constraint v0.0.0-20231019180654-3eb381ce6cbe/go.mod h1:AaCd/gbQ31R7btHO450Kdp18/Zmvn7hjEt7Qbp+MfJM=
+github.com/open-policy-agent/frameworks/constraint v0.0.0-20231030230613-2e0cb3d68575 h1:rhln22JjTgsJGL8gDK4qEM372Ei1PPQk4ZTIOKM9WvY=
+github.com/open-policy-agent/frameworks/constraint v0.0.0-20231030230613-2e0cb3d68575/go.mod h1:AaCd/gbQ31R7btHO450Kdp18/Zmvn7hjEt7Qbp+MfJM=
 github.com/open-policy-agent/opa v0.57.1 h1:LAa4Z0UkpjV94nRLy6XCvgOacQ6N1jf8TJLMUIzFRqc=
 github.com/open-policy-agent/opa v0.57.1/go.mod h1:YYcVsWcdOW47owR0zElx8HPYZK60vL0MOPsEmh13us4=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego/builtin.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego/builtin.go
index 17e161e1791..7ea46eb6f3e 100644
--- a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego/builtin.go
+++ b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/rego/builtin.go
@@ -38,6 +38,12 @@ func externalDataBuiltin(d *Driver) func(bctx rego.BuiltinContext, regorequest *
 
 		prepareResponse.Idempotent = true
 		for _, k := range regoReq.Keys {
+			if d.providerResponseCache == nil {
+				// external data response cache is not enabled, add key to call provider
+				providerRequestKeys = append(providerRequestKeys, k)
+				continue
+			}
+
 			cachedResponse, err := d.providerResponseCache.Get(
 				externaldata.CacheKey{
 					ProviderName: regoReq.ProviderName,
@@ -70,19 +76,22 @@ func externalDataBuiltin(d *Driver) func(bctx rego.BuiltinContext, regorequest *
 				return externaldata.HandleError(statusCode, err)
 			}
 
-			for _, item := range externaldataResponse.Response.Items {
-				d.providerResponseCache.Upsert(
-					externaldata.CacheKey{
-						ProviderName: regoReq.ProviderName,
-						Key:          item.Key,
-					},
-					externaldata.CacheValue{
-						Received:   time.Now().Unix(),
-						Value:      item.Value,
-						Error:      item.Error,
-						Idempotent: externaldataResponse.Response.Idempotent,
-					},
-				)
+			// update provider response cache if it is enabled
+			if d.providerResponseCache != nil {
+				for _, item := range externaldataResponse.Response.Items {
+					d.providerResponseCache.Upsert(
+						externaldata.CacheKey{
+							ProviderName: regoReq.ProviderName,
+							Key:          item.Key,
+						},
+						externaldata.CacheValue{
+							Received:   time.Now().Unix(),
+							Value:      item.Value,
+							Error:      item.Error,
+							Idempotent: externaldataResponse.Response.Idempotent,
+						},
+					)
+				}
 			}
 
 			// we are taking conservative approach here, if any of the response is not idempotent
diff --git a/vendor/modules.txt b/vendor/modules.txt
index fc5f79ad84b..699c36115fc 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -445,7 +445,7 @@ github.com/onsi/gomega/types
 # github.com/open-policy-agent/cert-controller v0.8.0
 ## explicit; go 1.20
 github.com/open-policy-agent/cert-controller/pkg/rotator
-# github.com/open-policy-agent/frameworks/constraint v0.0.0-20231019180654-3eb381ce6cbe
+# github.com/open-policy-agent/frameworks/constraint v0.0.0-20231030230613-2e0cb3d68575
 ## explicit; go 1.18
 github.com/open-policy-agent/frameworks/constraint/deploy
 github.com/open-policy-agent/frameworks/constraint/pkg/apis