chore: use state vars where we can

lib/perl/OVH/Bastion/allowkeeper.inc

@@ -754,15 +754,14 @@ sub get_group_list {
     return $_cache_get_group_list{$groupType};
 }
 
-my $_cache_get_account_list = undef;
-
 sub get_account_list {
     my %params   = @_;
     my $accounts = $params{'accounts'} || [];
     my $cache    = $params{'cache'};            # if true, allow cache use
+    state $cached_response;
 
-    if ($cache and $_cache_get_account_list) {
-        return $_cache_get_account_list;
+    if ($cache and $cached_response) {
+        return $cached_response;
     }
 
     my %users;
@@ -785,8 +784,8 @@ sub get_account_list {
             $users{$name} = {name => $name, uid => $uid, gid => $gid, home => $dir, shell => $shell};
         }
     }
-    $_cache_get_account_list = R('OK', value => \%users);
-    return $_cache_get_account_list;
+    $cached_response = R('OK', value => \%users);
+    return $cached_response;
 }
 
 sub get_realm_list {

lib/perl/OVH/Bastion/configuration.inc

@@ -57,13 +57,12 @@ sub main_configuration_directory {
     return "/etc/bastion";
 }
 
-my $_cache_config = undef;
-
 sub load_configuration {
     my %params    = @_;
     my $mock_data = $params{'mock_data'};
     my $noisy     = $params{'noisy'};       # print warnings/errors on stdout in addition to syslog
     my $test      = $params{'test'};        # noisy + also print missing configuration options
+    state $cached_response;
 
     # do NOT use warn_syslog in this func, or any other function that needs to read configuration,
     # or we might end up in an infinite loop: store errors we wanna log at the end
@@ -79,11 +78,11 @@ sub load_configuration {
         }
 
         # mock data always overrides cache
-        undef $_cache_config;
+        undef $cached_response;
     }
 
-    if (ref $_cache_config eq 'HASH') {
-        return R('OK', value => $_cache_config);
+    if (ref $cached_response eq 'HASH') {
+        return R('OK', value => $cached_response);
     }
 
     my $C;
@@ -528,7 +527,7 @@ sub load_configuration {
     $C->{'fanciness'} = 'full'  if $C->{'fanciness'} eq 'genz';
 
     # OK we're done
-    $_cache_config = $C;
+    $cached_response = $C;
 
     # now that we cached our result, we can call warn_syslog() without risking an infinite loop
     warn_syslog($_,                                                                          $noisy) for @errors;

lib/perl/OVH/Bastion/log.inc

@@ -654,19 +654,18 @@ sub _write_log {
     return;
 }
 
-my $_log_access_update_done = 0;
-
 sub log_access_update {
     my %params    = @_;
     my $account   = $params{'account'};
     my $insert_id = $params{'insert_id'};
     my $db_name   = $params{'db_name'};
     my $uniq_id   = $params{'uniq_id'};
+    state $update_done;
     my $fnret;
 
     # ensure we never get called more than once in a process
-    return R('OK_DUPLICATE') if $_log_access_update_done;
-    $_log_access_update_done = 1;
+    return R('OK_DUPLICATE') if $update_done;
+    $update_done = 1;
 
     # if we get a valid account, we'll try to log to its files, if enabled.
     # if not, or if its invalid, still try to log what we can (hence don't return here)

lib/perl/OVH/Bastion/os.inc

@@ -3,10 +3,9 @@ package OVH::Bastion;
 
 use common::sense;
 
-my $_sysinfo_cache;
-
 sub sysinfo {
-    if (not defined $_sysinfo_cache) {
+    state $cached_response;
+    if (not defined $cached_response) {
         my $fnret = OVH::Bastion::execute(cmd => [qw{ uname -sr }]);
 
         if ($fnret and $fnret->value and $fnret->value->{'stdout'}) {
@@ -14,13 +13,13 @@ sub sysinfo {
             my $flavor = 'unknown';
             $flavor = 'debian' if -f "/etc/debian_version";
             $flavor = 'redhat' if -f "/etc/redhat-release";
-            $_sysinfo_cache = R('OK', value => {system => $system, release => $release, flavor => $flavor});
+            $cached_response = R('OK', value => {system => $system, release => $release, flavor => $flavor});
         }
         else {
-            $_sysinfo_cache = R('OK', value => {system => 'unknown', release => 'unknown', flavor => 'unknown'});
+            $cached_response = R('OK', value => {system => 'unknown', release => 'unknown', flavor => 'unknown'});
         }
     }
-    return $_sysinfo_cache;
+    return $cached_response;
 }
 
 sub is_linux { return R($^O eq 'linux' ? 'OK' : 'KO'); }

lib/perl/OVH/Bastion/ssh.inc

@@ -597,11 +597,10 @@ sub get_bastion_ips {
     return R('OK', value => \@checkedIps);
 }
 
-my $_cache_get_supported_ssh_algorithms_list_runtime = undef;
-
 sub get_supported_ssh_algorithms_list {
     my %params = @_;
     my $way    = $params{'way'};    # ingress or egress
+    state @cached_runtime_list;
 
     if (not $way) {
         return R('ERR_MISSING_PARAMETER', msg => 'Missing required argument way in get_supported_ssh_algorithms_list');
@@ -618,8 +617,8 @@ sub get_supported_ssh_algorithms_list {
 
     # other vary, detect this by running openssh client -V
     my @supportedList;
-    if (ref $_cache_get_supported_ssh_algorithms_list_runtime eq 'ARRAY') {
-        @supportedList = @{$_cache_get_supported_ssh_algorithms_list_runtime};
+    if (@cached_runtime_list) {
+        @supportedList = @cached_runtime_list;
     }
     else {
         push @supportedList, 'rsa';    # rsa is always supported
@@ -630,7 +629,7 @@ sub get_supported_ssh_algorithms_list {
                     my $version = $1;
                     push @supportedList, 'ecdsa'   if ($version gt "5.7");
                     push @supportedList, 'ed25519' if ($version gt "6.5");
-                    $_cache_get_supported_ssh_algorithms_list_runtime = \@supportedList;
+                    @cached_runtime_list = @supportedList;
                     last;
                 }
             }