Add lock in the tidy function

hashicorp · Jun 6, 2016 · 544bd9f · 544bd9f
1 parent de2add6
commit 544bd9f
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/builtin/credential/appgroup/path_tidy_user_id.go b/builtin/credential/appgroup/path_tidy_user_id.go
@@ -40,37 +40,47 @@ func (b *backend) tidySecretID(s logical.Storage) error {
 
 	var result error
 	for _, saltedSelector := range saltedSelectors {
-		hashedSecrets, err := s.List(fmt.Sprintf("secret_id/%s", saltedSelector))
+		// saltedSelector will already have a '/' suffix. Don't append another one.
+		hashedSecretIDs, err := s.List(fmt.Sprintf("secret_id/%s", saltedSelector))
 		if err != nil {
 			return err
 		}
-		for _, hashedSecret := range hashedSecrets {
-			entryIndex := fmt.Sprintf("secret_id/%s%s", saltedSelector, hashedSecret)
+		for _, hashedSecretID := range hashedSecretIDs {
+			lock := b.secretIDLock(hashedSecretID)
+			lock.Lock()
+			// saltedSelector will already have a '/' suffix. Don't append another one.
+			entryIndex := fmt.Sprintf("secret_id/%s%s", saltedSelector, hashedSecretID)
 			secretIDEntry, err := s.Get(entryIndex)
 			if err != nil {
-				return fmt.Errorf("error fetching secret ID %s: %s", hashedSecret, err)
+				lock.Unlock()
+				return fmt.Errorf("error fetching secret ID %s: %s", hashedSecretID, err)
 			}
 
 			if secretIDEntry == nil {
-				result = multierror.Append(result, errwrap.Wrapf("[ERR] {{err}}", fmt.Errorf("entry for secret ID %s is nil", hashedSecret)))
+				result = multierror.Append(result, errwrap.Wrapf("[ERR] {{err}}", fmt.Errorf("entry for secret ID %s is nil", hashedSecretID)))
+				lock.Unlock()
 				continue
 			}
 
 			if secretIDEntry.Value == nil || len(secretIDEntry.Value) == 0 {
-				return fmt.Errorf("found entry for secret ID %s but actual secret ID is empty", hashedSecret)
+				lock.Unlock()
+				return fmt.Errorf("found entry for secret ID %s but actual secret ID is empty", hashedSecretID)
 			}
 
 			var result secretIDStorageEntry
 			if err := secretIDEntry.DecodeJSON(&result); err != nil {
+				lock.Unlock()
 				return err
 			}
 
 			// Unset ExpirationTime indicates non-expiring SecretIDs
 			if !result.ExpirationTime.IsZero() && time.Now().UTC().After(result.ExpirationTime) {
 				if err := s.Delete(entryIndex); err != nil {
-					return fmt.Errorf("error deleting secret ID %s from storage: %s", hashedSecret, err)
+					lock.Unlock()
+					return fmt.Errorf("error deleting secret ID %s from storage: %s", hashedSecretID, err)
 				}
 			}
+			lock.Unlock()
 		}
 	}
 	return result