Currently, when resolving templates, we first check to see if we have resolved the exact file/commit/repo tuple before, and if so, we just use the cached result rather than re-retrieving the file from the git repository.
If we continued to do this for templates hosted in private repos, a number of security holes could have been introduced depending on the implementation, including:
blindly not checking to see if the original template resolution required credentials, and allowing any request for the cached value to succeed
not respecting revoked credentials (i.e. check to see if the credentials that were used before are still valid)
Instead of trying to handle these cases and figuring out other potential vectors (or ignore them completely), we do not cache or attempt to look in the cache at all for templates that require credentials.
At some point, we should investigate the necessity of the cache, and if we deem it to be crucial (which I believe it likely will, since at least for the template resolution we only want one file out of a whole repository, and especially now with service templates often being stored in service repos, don't want to clone the whole repo just to get the template), then we should reconsider how best to cache (if possible) templates that require credentials (which will likely be the majority of templates in production installations).
Currently, when resolving templates, we first check to see if we have resolved the exact file/commit/repo tuple before, and if so, we just use the cached result rather than re-retrieving the file from the git repository.
If we continued to do this for templates hosted in private repos, a number of security holes could have been introduced depending on the implementation, including:
Instead of trying to handle these cases and figuring out other potential vectors (or ignore them completely), we do not cache or attempt to look in the cache at all for templates that require credentials.
At some point, we should investigate the necessity of the cache, and if we deem it to be crucial (which I believe it likely will, since at least for the template resolution we only want one file out of a whole repository, and especially now with service templates often being stored in service repos, don't want to clone the whole repo just to get the template), then we should reconsider how best to cache (if possible) templates that require credentials (which will likely be the majority of templates in production installations).