mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-22 19:21:09 +01:00
Code Issues Projects Releases Wiki Activity

Added mutex locking for config/certificate endpoint

Browse Source
This commit is contained in:
vishalnayak 2016-04-19 15:32:15 -04:00
parent 4f46bbaa32
commit 23a2bc76a5
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/credential/aws/path_config_certificate.go
View File

@ -101,6 +101,8 @@ func (b *backend) pathConfigCertificateExistenceCheck(req *logical.Request, data
// pathCertificatesList is used to list all the AWS public certificates registered with Vault. // pathCertificatesList is used to list all the AWS public certificates registered with Vault.
func (b *backend) pathCertificatesList( func (b *backend) pathCertificatesList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) { req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.RLock()
defer b.configMutex.RUnlock()
certs, err := req.Storage.List("config/certificate/") certs, err := req.Storage.List("config/certificate/")
if err != nil { if err != nil {
return nil, err return nil, err
@ -169,6 +171,8 @@ func awsPublicCertificates(s logical.Storage) ([]*x509.Certificate, error) {
// awsPublicCertificate is used to get the configured AWS Public Key that is used // awsPublicCertificate is used to get the configured AWS Public Key that is used
// to verify the PKCS#7 signature of the instance identity document. // to verify the PKCS#7 signature of the instance identity document.
func awsPublicCertificateEntry(s logical.Storage, certName string) (*awsPublicCert, error) { func awsPublicCertificateEntry(s logical.Storage, certName string) (*awsPublicCert, error) {
b.configMutex.RLock()
defer b.configMutex.RUnlock()
entry, err := s.Get("config/certificate/" + certName) entry, err := s.Get("config/certificate/" + certName)
if err != nil { if err != nil {
return nil, err return nil, err
@ -271,6 +275,8 @@ func (b *backend) pathConfigCertificateCreateUpdate(
return logical.ErrorResponse("invalid certificate; failed to decode and parse certificate"), nil return logical.ErrorResponse("invalid certificate; failed to decode and parse certificate"), nil
} }
b.configMutex.Lock()
defer b.configMutex.Unlock()
// If none of the checks fail, save the provided certificate. // If none of the checks fail, save the provided certificate.
entry, err := logical.StorageEntryJSON("config/certificate/"+certName, certEntry) entry, err := logical.StorageEntryJSON("config/certificate/"+certName, certEntry)
if err != nil { if err != nil {