fix: add mutex to mock policy context builder (#10057)

It is possible that two different threads call the build function at the same time causing one append to be lost, this PR adds a mutex to avoid this Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2025-03-29 19:05:27 +00:00 · 2024-04-17 14:43:19 +05:30 · 2024-04-17 14:43:19 +05:30 · 3db5bdfad8
commit 3db5bdfad8
parent bec5c24660
2 changed files with 12 additions and 9 deletions
--- a/pkg/webhooks/resource/handlers_test.go
+++ b/pkg/webhooks/resource/handlers_test.go
@ -631,10 +631,10 @@ func makeKey(policy kyverno.PolicyInterface) string {
 }

 type mockPolicyContextBuilder struct {
+	sync.Mutex
 	configuration config.Configuration
 	jp            jmespath.Interface
 	contexts      []*engine.PolicyContext
-	count         int
 }

 func newMockPolicyContextBuilder(
@ -645,11 +645,13 @@ func newMockPolicyContextBuilder(
 		configuration: configuration,
 		jp:            jp,
 		contexts:      make([]*policycontext.PolicyContext, 0),
-		count:         0,
 	}
 }

 func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, roles, clusterRoles []string, gvk schema.GroupVersionKind) (*engine.PolicyContext, error) {
+	b.Lock()
+	defer b.Unlock()
+
 	userRequestInfo := kyvernov1beta1.RequestInfo{
 		AdmissionUserInfo: *request.UserInfo.DeepCopy(),
 		Roles:             roles,
@ -659,7 +661,6 @@ func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, r
 	if err != nil {
 		return nil, err
 	}
-	b.count += 1
 	b.contexts = append(b.contexts, pc)
 	return pc, err
 }
--- a/pkg/webhooks/resource/updaterequest.go
+++ b/pkg/webhooks/resource/updaterequest.go
@ -26,14 +26,15 @@ func (h *resourceHandlers) handleBackgroundApplies(ctx context.Context, logger l
 }

 func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, policies []kyvernov1.PolicyInterface, admissionRequestTimestamp time.Time, wg *sync.WaitGroup) {
+	if wg != nil { // for unit testing purposes
+		defer wg.Done()
+	}
+
 	policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
 	if err != nil {
 		logger.Error(err, "failed to create policy context")
 		return
 	}
-	if wg != nil { // for unit testing purposes
-		defer wg.Done()
-	}

 	if request.AdmissionRequest.Operation == admissionv1.Delete {
 		policyContext = policyContext.WithNewResource(policyContext.OldResource())
@ -95,14 +96,15 @@ func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr
 }

 func (h *resourceHandlers) handleGenerate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, generatePolicies []kyvernov1.PolicyInterface, ts time.Time, wg *sync.WaitGroup) {
+	if wg != nil { // for unit testing purposes
+		defer wg.Done()
+	}
+
 	policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
 	if err != nil {
 		logger.Error(err, "failed to create policy context")
 		return
 	}
-	if wg != nil { // for unit testing purposes
-		defer wg.Done()
-	}

 	gh := generation.NewGenerationHandler(logger, h.engine, h.client, h.kyvernoClient, h.nsLister, h.urLister, h.cpolLister, h.polLister, h.urGenerator, h.eventGen, h.metricsConfig, h.backgroundServiceAccountName)
 	var policies []kyvernov1.PolicyInterface