Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a potential race: StaticOIDCClientsStore concurrent access #45

Merged
merged 3 commits into from
Jun 24, 2024
Merged

Fix a potential race: StaticOIDCClientsStore concurrent access #45

merged 3 commits into from
Jun 24, 2024

Conversation

ErmakovDmitriy
Copy link
Contributor

This PR introduces an RWMutex to protect StaticOIDCClientsStore access.

I read the StaticOIDCClientsStore implementation and think that a race condition is possible under some circumstances, in particular when a new OIDCClientConfig is added (just after the auth agent startup) and at the same time HAProxy causes the auth agent to lookup for another OIDCClientConfig for another domain.

I tried to write a test case (in the commit) to check how it behaved and before I added the sync.RWMutex, I managed to get, sometimes (once every 5-8 test runs) an error:

fatal error: concurrent map read and map write

goroutine 9 [running]:
github.com/criteo/haproxy-spoe-auth/internal/auth.(*StaticOIDCClientsStore).GetClient(...)
        /home/demonihin/projects/haproxy-spoe-auth/internal/auth/oidc_clients_store.go:38
github.com/criteo/haproxy-spoe-auth/internal/auth.TestStaticOIDCClientsStoreRace.func2()
        /home/demonihin/projects/haproxy-spoe-auth/internal/auth/oidc_clients_store_test.go:38 +0x78
created by github.com/criteo/haproxy-spoe-auth/internal/auth.TestStaticOIDCClientsStoreRace in goroutine 6
        /home/demonihin/projects/haproxy-spoe-auth/internal/auth/oidc_clients_store_test.go:36 +0x114

goroutine 1 [runnable]:
internal/poll.(*FD).Write(0x400014bc18, {0x222380, 0x400000e348, 0x100004000103450})
        /opt/go/src/internal/poll/fd_unix.go:366
os.(*File).write(...)
        /opt/go/src/os/file_posix.go:46
os.(*File).Write(0x4000052030, {0x40000108b8?, 0x5, 0xf202c?})
        /opt/go/src/os/file.go:183 +0x5c
fmt.Fprint({0x293048, 0x4000052030}, {0x400014bdb8, 0x2, 0x2})
        /opt/go/src/fmt/print.go:263 +0x74
fmt.Print(...)
        /opt/go/src/fmt/print.go:272
testing.(*M).Run(0x4000104dc0)
        /opt/go/src/testing/testing.go:1961 +0x8bc
main.main()
        _testmain.go:59 +0x1a8

goroutine 7 [runnable]:
strings.Clone(...)
        /opt/go/src/strings/clone.go:25
github.com/criteo/haproxy-spoe-auth/internal/auth.(*StaticOIDCClientsStore).AddClient(0x400006e2e0, {0x400004f790, 0xe}, {0x22d5fe, 0x9}, {0x22eab3, 0xd}, {0x4000200340, 0x1f})
        /home/demonihin/projects/haproxy-spoe-auth/internal/auth/oidc_clients_store.go:49 +0xac
github.com/criteo/haproxy-spoe-auth/internal/auth.TestStaticOIDCClientsStoreRace.func1()
        /home/demonihin/projects/haproxy-spoe-auth/internal/auth/oidc_clients_store_test.go:26 +0xa4
created by github.com/criteo/haproxy-spoe-auth/internal/auth.TestStaticOIDCClientsStoreRace in goroutine 6
        /home/demonihin/projects/haproxy-spoe-auth/internal/auth/oidc_clients_store_test.go:17 +0xec
exit status 2
FAIL    github.com/criteo/haproxy-spoe-auth/internal/auth       0.040s

@mougams
Copy link
Contributor

mougams commented Jun 17, 2024

Hi @ErmakovDmitriy - sorry for the delay, thank you for your PR. Same as the other one, could you please fix conflicts and push back your patch? Thx

@mougams mougams merged commit 9b7a59e into criteo:master Jun 24, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mougams mougams mougams approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ErmakovDmitriy @mougams