Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify approle tidy to validate dangling accessors #4981

Merged
merged 1 commit into from
Jul 24, 2018

Conversation

jefferai
Copy link
Member

No description provided.

@jefferai
Copy link
Member Author

This fixes a race condition that can be found with the new test. It's difficult to trigger -- after a whole lot of tweaking, maybe 25% of my test runs were able to produce the race. However, the new trace output was also able to verify the fix when it was triggered during one of the test runs:

=== RUN   TestAppRole_TidyDanglingAccessors_RaceTest
2018-07-23T22:19:29.286-0400 [TRACE] tidy: listing role HMACs: prefix=secret_id/
2018-07-23T22:19:29.517-0400 [TRACE] tidy: listing accessors: prefix=accessor/
2018-07-23T22:19:30.150-0400 [TRACE] tidy: listing secret ID HMACs: role_hmac=96cf92d299266895ab08152a1c6b5e91f38fc2b0e59a0fbe03ce0c4b1e15b5a1/
2018-07-23T22:19:31.358-0400 [TRACE] tidy: found dangling accessor, verifying
2018-07-23T22:19:31.374-0400 [TRACE] tidy: found dangling accessor, verifying
--- PASS: TestAppRole_TidyDanglingAccessors_RaceTest (5.29s)
        path_tidy_user_id_test.go:143: wrote 31950 entries

The dangling accessor was triggered by the race (to which there isn't currently a straightforward fix, because of the complexity of locking the backend), but the validation added ensured that these valid accessors were rechecked and found to be correct, and did not remove them.

@briankassouf briankassouf merged commit 77e6124 into master Jul 24, 2018
@briankassouf briankassouf deleted the dangling-accessor-tidy-fixup branch July 24, 2018 21:00
Copy link
Contributor

@vishalnayak vishalnayak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a neat best effort to not remove valid accessor entries. LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants