security: Remove all legacy shared cache code and env vars

BREAKING CHANGE: Removed DG_UNSAFE_SHARED_CACHE and DG_CACHE_DIR environment variables. DeltaGlider now ONLY uses ephemeral process-isolated cache for security. Changes: - Removed cache_dir parameter from create_client() - Removed all conditional legacy cache mode logic - Updated documentation (CLAUDE.md, docs/sdk/api.md) - Updated tests to not pass removed cache_dir parameter - Marked Phase 1 of SECURITY_FIX_ROADMAP.md as completed All 99 tests passing. Ephemeral cache is now the only mode.
2026-04-23 08:48:56 +02:00 · 2025-10-10 08:56:49 +02:00
parent 37ea2f138c
commit 778d7f0148
7 changed files with 38 additions and 73 deletions
--- a/tests/integration/test_client.py
+++ b/tests/integration/test_client.py
@@ -124,7 +124,7 @@ class MockStorage:
@pytest.fixture
 def client(tmp_path):
    """Create a client with mocked storage."""
-    client = create_client(cache_dir=str(tmp_path / "cache"))
+    client = create_client()

    # Replace storage with mock
    mock_storage = MockStorage()
@@ -156,7 +156,6 @@ class TestCredentialHandling:
            aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
            aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
            region_name="us-west-2",
-            cache_dir=str(tmp_path / "cache"),
        )

        # Verify the client was created
@@ -179,7 +178,6 @@ class TestCredentialHandling:
            aws_access_key_id="ASIAIOSFODNN7EXAMPLE",
            aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
            aws_session_token="FwoGZXIvYXdzEBEaDH...",
-            cache_dir=str(tmp_path / "cache"),
        )

        assert client is not None
@@ -188,7 +186,7 @@ class TestCredentialHandling:
    def test_create_client_without_credentials_uses_environment(self, tmp_path):
        """Test that omitting credentials falls back to environment/IAM."""
        # This should use boto3's default credential chain
-        client = create_client(cache_dir=str(tmp_path / "cache"))
+        client = create_client()

        assert client is not None
        assert client.service.storage.client is not None
@@ -199,7 +197,6 @@ class TestCredentialHandling:
            endpoint_url="http://localhost:9000",
            aws_access_key_id="minioadmin",
            aws_secret_access_key="minioadmin",
-            cache_dir=str(tmp_path / "cache"),
        )

        assert client is not None
--- a/tests/integration/test_delete_objects_recursive.py
+++ b/tests/integration/test_delete_objects_recursive.py
@@ -71,7 +71,7 @@ def mock_storage():
 def client(tmp_path):
    """Create DeltaGliderClient with mock storage."""
    # Use create_client to get a properly configured client
-    client = create_client(cache_dir=str(tmp_path / "cache"))
+    client = create_client()

    # Replace storage with mock
    mock_storage = MockStorage()