Locking updates in database backend (#3774)

2026-05-04 20:06:27 +02:00 · 2018-01-17 19:21:59 -05:00 · 2018-01-17 19:21:59 -05:00 · c7b4fc314b
commit c7b4fc314b
parent 95eea30d88
2 changed files with 11 additions and 11 deletions
--- a/builtin/logical/database/path_creds_create.go
+++ b/builtin/logical/database/path_creds_create.go
@ -56,7 +56,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {

 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock

 		// Get the Database object
 		db, ok := b.getDBObj(role.DBName)
@ -83,9 +83,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {

 		// Create the user
 		username, password, err := db.CreateUser(ctx, role.Statements, usernameConfig, expiration)
-		// Unlock
-		unlockFunc()
 		if err != nil {
+			unlockFunc()
 			b.closeIfShutdown(role.DBName, err)
 			return nil, err
 		}
@ -98,6 +97,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 			"role":     name,
 		})
 		resp.Secret.TTL = role.DefaultTTL
+
+		unlockFunc()
 		return resp, nil
 	}
 }
--- a/builtin/logical/database/secret_creds.go
+++ b/builtin/logical/database/secret_creds.go
@ -50,7 +50,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {

 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock

 		// Get the Database object
 		db, ok := b.getDBObj(role.DBName)
@ -71,14 +71,14 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 		// Make sure we increase the VALID UNTIL endpoint for this user.
 		if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() {
 			err := db.RenewUser(ctx, role.Statements, username, expireTime)
-			// Unlock
-			unlockFunc()
 			if err != nil {
+				unlockFunc()
 				b.closeIfShutdown(role.DBName, err)
 				return nil, err
 			}
 		}

+		unlockFunc()
 		return resp, nil
 	}
 }
@ -109,7 +109,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {

 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock

 		// Get our connection
 		db, ok := b.getDBObj(role.DBName)
@ -127,14 +127,13 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 			}
 		}

-		err = db.RevokeUser(ctx, role.Statements, username)
-		// Unlock
-		unlockFunc()
-		if err != nil {
+		if err := db.RevokeUser(ctx, role.Statements, username); err != nil {
+			unlockFunc()
 			b.closeIfShutdown(role.DBName, err)
 			return nil, err
 		}

+		unlockFunc()
 		return resp, nil
 	}
 }