From c7b4fc314b5fb611960192d5ce304e03692a2630 Mon Sep 17 00:00:00 2001 From: Chris Hoffman Date: Wed, 17 Jan 2018 19:21:59 -0500 Subject: [PATCH] Locking updates in database backend (#3774) --- builtin/logical/database/path_creds_create.go | 7 ++++--- builtin/logical/database/secret_creds.go | 15 +++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go index ff1de51dabf3..16a56823ae47 100644 --- a/builtin/logical/database/path_creds_create.go +++ b/builtin/logical/database/path_creds_create.go @@ -56,7 +56,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc { // Grab the read lock b.RLock() - var unlockFunc func() = b.RUnlock + unlockFunc := b.RUnlock // Get the Database object db, ok := b.getDBObj(role.DBName) @@ -83,9 +83,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc { // Create the user username, password, err := db.CreateUser(ctx, role.Statements, usernameConfig, expiration) - // Unlock - unlockFunc() if err != nil { + unlockFunc() b.closeIfShutdown(role.DBName, err) return nil, err } @@ -98,6 +97,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc { "role": name, }) resp.Secret.TTL = role.DefaultTTL + + unlockFunc() return resp, nil } } diff --git a/builtin/logical/database/secret_creds.go b/builtin/logical/database/secret_creds.go index f1b50142c79e..8f2a7b9a4a3e 100644 --- a/builtin/logical/database/secret_creds.go +++ b/builtin/logical/database/secret_creds.go @@ -50,7 +50,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc { // Grab the read lock b.RLock() - var unlockFunc func() = b.RUnlock + unlockFunc := b.RUnlock // Get the Database object db, ok := b.getDBObj(role.DBName) @@ -71,14 +71,14 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc { // Make sure we increase the VALID UNTIL endpoint for this user. if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() { err := db.RenewUser(ctx, role.Statements, username, expireTime) - // Unlock - unlockFunc() if err != nil { + unlockFunc() b.closeIfShutdown(role.DBName, err) return nil, err } } + unlockFunc() return resp, nil } } @@ -109,7 +109,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc { // Grab the read lock b.RLock() - var unlockFunc func() = b.RUnlock + unlockFunc := b.RUnlock // Get our connection db, ok := b.getDBObj(role.DBName) @@ -127,14 +127,13 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc { } } - err = db.RevokeUser(ctx, role.Statements, username) - // Unlock - unlockFunc() - if err != nil { + if err := db.RevokeUser(ctx, role.Statements, username); err != nil { + unlockFunc() b.closeIfShutdown(role.DBName, err) return nil, err } + unlockFunc() return resp, nil } }