From b9e5aeb45983b68896d452689213855c34c367cc Mon Sep 17 00:00:00 2001 From: Steven Clark Date: Wed, 22 Dec 2021 09:51:13 -0500 Subject: [PATCH] Attempt to address a data race issue within identity store - take 2 (#13476) * Attempt to address a data race issue within identity store * Testcase TestIdentityStore_LocalAliasInvalidations identified a data race issue. * This reverts the previous attempt to address the issue from #13093 --- changelog/13476.txt | 3 +++ vault/identity_store.go | 5 ++--- vault/identity_store_util.go | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 changelog/13476.txt diff --git a/changelog/13476.txt b/changelog/13476.txt new file mode 100644 index 000000000..d5b8af057 --- /dev/null +++ b/changelog/13476.txt @@ -0,0 +1,3 @@ +```release-note:bug +core/identity: Address a data race condition between local updates to aliases and invalidations +``` diff --git a/vault/identity_store.go b/vault/identity_store.go index f948771fc..96643170d 100644 --- a/vault/identity_store.go +++ b/vault/identity_store.go @@ -751,7 +751,7 @@ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical. } // Check if an entity already exists for the given alias - entity, err = i.entityByAliasFactors(alias.MountAccessor, alias.Name, false) + entity, err = i.entityByAliasFactors(alias.MountAccessor, alias.Name, true) if err != nil { return nil, err } @@ -838,8 +838,7 @@ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical. } txn.Commit() - - return entity, nil + return entity.Clone() } // changedAliasIndex searches an entity for changed alias metadata. diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 4bd9cf402..48716050e 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -695,7 +695,7 @@ func (i *IdentityStore) processLocalAlias(ctx context.Context, lAlias *logical.A return nil, fmt.Errorf("mount accessor %q is not local", lAlias.MountAccessor) } - alias, err := i.MemDBAliasByFactors(lAlias.MountAccessor, lAlias.Name, true, false) + alias, err := i.MemDBAliasByFactors(lAlias.MountAccessor, lAlias.Name, false, false) if err != nil { return nil, err }