VAULT-19233 First part of caching static secrets work (#23054)

* VAULT-19233 First part of caching static secrets work

* VAULT-19233 update godoc

* VAULT-19233 invalidate cache on non-GET

* VAULT-19233 add locking to proxy cache writes

* VAULT-19233 update locking, future-proof

* VAULT-19233 fix mutex

* VAULT-19233 Use ParseSecret

command/agentproxyshared/cache/cacheboltdb/bolt.go

@@ -39,6 +39,9 @@ const (
 	// TokenType - Bucket/type for auto-auth tokens
 	TokenType = "token"
 
+	// StaticSecretType - Bucket/type for static secrets
+	StaticSecretType = "static-secret"
+
 	// LeaseType - v2 Bucket/type for auth AND secret leases.
 	//
 	// This bucket stores keys in the same order they were created using

command/agentproxyshared/cache/cachememdb/index.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"encoding/json"
 	"net/http"
+	"sync"
 	"time"
 )
 
@@ -22,6 +23,12 @@ type Index struct {
 	// Required: true, Unique: true
 	Token string
 
+	// Tokens is a list of tokens that can access this cached response,
+	// which is used for static secret caching, and enabling multiple
+	// tokens to be able to access the same cache entry for static secrets.
+	// Required: false, Unique: false
+	Tokens []string
+
 	// TokenParent is the parent token of the token held by this index
 	// Required: false, Unique: false
 	TokenParent string
@@ -71,6 +78,10 @@ type Index struct {
 
 	// Type is the index type (token, auth-lease, secret-lease)
 	Type string
+
+	// IndexLock is a lock held for some indexes to prevent data
+	// races upon update.
+	IndexLock sync.Mutex
 }
 
 type IndexName uint32

command/agentproxyshared/cache/cachememdb/index_test.go

@@ -17,6 +17,7 @@ func TestSerializeDeserialize(t *testing.T) {
 	testIndex := &Index{
 		ID:            "testid",
 		Token:         "testtoken",
+		Tokens:        []string{"token1", "token2"},
 		TokenParent:   "parent token",
 		TokenAccessor: "test accessor",
 		Namespace:     "test namespace",