mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-14 11:48:53 +00:00
fix: add mutex to mock policy context builder (#10057)
It is possible that two different threads call the build function at the same time causing one append to be lost, this PR adds a mutex to avoid this Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
This commit is contained in:
Vishal Choudhary
GitHub
parent
bec5c24660
commit
3db5bdfad8
2 changed files with 12 additions and 9 deletions
|
|
@ -631,10 +631,10 @@ func makeKey(policy kyverno.PolicyInterface) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
type mockPolicyContextBuilder struct {
|
type mockPolicyContextBuilder struct {
|
||||||
|
sync.Mutex
|
||||||
configuration config.Configuration
|
configuration config.Configuration
|
||||||
jp jmespath.Interface
|
jp jmespath.Interface
|
||||||
contexts []*engine.PolicyContext
|
contexts []*engine.PolicyContext
|
||||||
count int
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func newMockPolicyContextBuilder(
|
func newMockPolicyContextBuilder(
|
||||||
|
|
@ -645,11 +645,13 @@ func newMockPolicyContextBuilder(
|
||||||
configuration: configuration,
|
configuration: configuration,
|
||||||
jp: jp,
|
jp: jp,
|
||||||
contexts: make([]*policycontext.PolicyContext, 0),
|
contexts: make([]*policycontext.PolicyContext, 0),
|
||||||
count: 0,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, roles, clusterRoles []string, gvk schema.GroupVersionKind) (*engine.PolicyContext, error) {
|
func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, roles, clusterRoles []string, gvk schema.GroupVersionKind) (*engine.PolicyContext, error) {
|
||||||
|
b.Lock()
|
||||||
|
defer b.Unlock()
|
||||||
|
|
||||||
userRequestInfo := kyvernov1beta1.RequestInfo{
|
userRequestInfo := kyvernov1beta1.RequestInfo{
|
||||||
AdmissionUserInfo: *request.UserInfo.DeepCopy(),
|
AdmissionUserInfo: *request.UserInfo.DeepCopy(),
|
||||||
Roles: roles,
|
Roles: roles,
|
||||||
|
|
@ -659,7 +661,6 @@ func (b *mockPolicyContextBuilder) Build(request admissionv1.AdmissionRequest, r
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
b.count += 1
|
|
||||||
b.contexts = append(b.contexts, pc)
|
b.contexts = append(b.contexts, pc)
|
||||||
return pc, err
|
return pc, err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,14 +26,15 @@ func (h *resourceHandlers) handleBackgroundApplies(ctx context.Context, logger l
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, policies []kyvernov1.PolicyInterface, admissionRequestTimestamp time.Time, wg *sync.WaitGroup) {
|
func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, policies []kyvernov1.PolicyInterface, admissionRequestTimestamp time.Time, wg *sync.WaitGroup) {
|
||||||
|
if wg != nil { // for unit testing purposes
|
||||||
|
defer wg.Done()
|
||||||
|
}
|
||||||
|
|
||||||
policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
|
policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "failed to create policy context")
|
logger.Error(err, "failed to create policy context")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if wg != nil { // for unit testing purposes
|
|
||||||
defer wg.Done()
|
|
||||||
}
|
|
||||||
|
|
||||||
if request.AdmissionRequest.Operation == admissionv1.Delete {
|
if request.AdmissionRequest.Operation == admissionv1.Delete {
|
||||||
policyContext = policyContext.WithNewResource(policyContext.OldResource())
|
policyContext = policyContext.WithNewResource(policyContext.OldResource())
|
||||||
|
|
@ -95,14 +96,15 @@ func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *resourceHandlers) handleGenerate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, generatePolicies []kyvernov1.PolicyInterface, ts time.Time, wg *sync.WaitGroup) {
|
func (h *resourceHandlers) handleGenerate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, generatePolicies []kyvernov1.PolicyInterface, ts time.Time, wg *sync.WaitGroup) {
|
||||||
|
if wg != nil { // for unit testing purposes
|
||||||
|
defer wg.Done()
|
||||||
|
}
|
||||||
|
|
||||||
policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
|
policyContext, err := h.buildPolicyContextFromAdmissionRequest(logger, request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "failed to create policy context")
|
logger.Error(err, "failed to create policy context")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if wg != nil { // for unit testing purposes
|
|
||||||
defer wg.Done()
|
|
||||||
}
|
|
||||||
|
|
||||||
gh := generation.NewGenerationHandler(logger, h.engine, h.client, h.kyvernoClient, h.nsLister, h.urLister, h.cpolLister, h.polLister, h.urGenerator, h.eventGen, h.metricsConfig, h.backgroundServiceAccountName)
|
gh := generation.NewGenerationHandler(logger, h.engine, h.client, h.kyvernoClient, h.nsLister, h.urLister, h.cpolLister, h.polLister, h.urGenerator, h.eventGen, h.metricsConfig, h.backgroundServiceAccountName)
|
||||||
var policies []kyvernov1.PolicyInterface
|
var policies []kyvernov1.PolicyInterface
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue