mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
fix: add mutex to mock policy context builder (#10057)
It is possible that two different threads call the build function at the same time causing one append to be lost, this PR adds a mutex to avoid this Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
This commit is contained in:
Vishal Choudhary
GitHub
parent
bec5c24660
commit
3db5bdfad8
2 changed files with 12 additions and 9 deletions
|
|
@ -631,10 +631,10 @@ func makeKey(policy kyverno.PolicyInterface) string {
|
|||
}
|
||||
|
||||
type mockPolicyContextBuilder struct {
|
||||
sync.Mutex
|
||||
configuration config.Configuration
|
||||
jp jmespath.Interface
|
||||
contexts []*engine.PolicyContext
|
||||
count int
|
||||
}
|
||||
|
||||
func newMockPolicyContextBuilder(
|
||||
|
|
@ -645,11 +645,13 @@ func newMockPolicyContextBuilder(
|
|||
configuration: configuration,
|
||||
jp: jp,
|
||||
contexts: make([]*policycontext.PolicyContext, 0),
|
||||
count: 0,
|
||||
}
|
||||
}
|
||||
|
||||
func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, roles, clusterRoles []string, gvk schema.GroupVersionKind) (*engine.PolicyContext, error) {
|
||||
b.Lock()
|
||||
defer b.Unlock()
|
||||
|
||||
userRequestInfo := kyvernov1beta1.RequestInfo{
|
||||
AdmissionUserInfo: *request.UserInfo.DeepCopy(),
|
||||
Roles: roles,
|
||||
|
|
@ -659,7 +661,6 @@ func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, r
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
b.count += 1
|
||||
b.contexts = append(b.contexts, pc)
|
||||
return pc, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,14 +26,15 @@ func (h *resourceHandlers) handleBackgroundApplies(ctx context.Context, logger l
|
|||
}
|
||||
|
||||
func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, policies []kyvernov1.PolicyInterface, admissionRequestTimestamp time.Time, wg *sync.WaitGroup) {
|
||||
if wg != nil { // for unit testing purposes
|
||||
defer wg.Done()
|
||||
}
|
||||
|
||||
policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to create policy context")
|
||||
return
|
||||
}
|
||||
if wg != nil { // for unit testing purposes
|
||||
defer wg.Done()
|
||||
}
|
||||
|
||||
if request.AdmissionRequest.Operation == admissionv1.Delete {
|
||||
policyContext = policyContext.WithNewResource(policyContext.OldResource())
|
||||
|
|
@ -95,14 +96,15 @@ func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr
|
|||
}
|
||||
|
||||
func (h *resourceHandlers) handleGenerate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, generatePolicies []kyvernov1.PolicyInterface, ts time.Time, wg *sync.WaitGroup) {
|
||||
if wg != nil { // for unit testing purposes
|
||||
defer wg.Done()
|
||||
}
|
||||
|
||||
policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to create policy context")
|
||||
return
|
||||
}
|
||||
if wg != nil { // for unit testing purposes
|
||||
defer wg.Done()
|
||||
}
|
||||
|
||||
gh := generation.NewGenerationHandler(logger, h.engine, h.client, h.kyvernoClient, h.nsLister, h.urLister, h.cpolLister, h.polLister, h.urGenerator, h.eventGen, h.metricsConfig, h.backgroundServiceAccountName)
|
||||
var policies []kyvernov1.PolicyInterface
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue