From ece5e1c678d3af97e7d9faa212df0e298e66315f Mon Sep 17 00:00:00 2001 From: Archangel_SDY Date: Thu, 6 Dec 2018 21:41:21 +0800 Subject: [PATCH] Pass `k8sStore` to member functions by pointer Passing `k8sStore` by value implies read and copy of `backendConfig`, which is not protected by a mutex and may cause race conditions. --- .../ingress/controller/store/backend_ssl.go | 6 ++--- internal/ingress/controller/store/store.go | 26 +++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/internal/ingress/controller/store/backend_ssl.go b/internal/ingress/controller/store/backend_ssl.go index 786049c17..e593f564f 100644 --- a/internal/ingress/controller/store/backend_ssl.go +++ b/internal/ingress/controller/store/backend_ssl.go @@ -35,7 +35,7 @@ import ( // syncSecret synchronizes the content of a TLS Secret (certificate(s), secret // key) with the filesystem. The resulting files can be used by NGINX. -func (s k8sStore) syncSecret(key string) { +func (s *k8sStore) syncSecret(key string) { s.syncSecretMu.Lock() defer s.syncSecretMu.Unlock() @@ -74,7 +74,7 @@ func (s k8sStore) syncSecret(key string) { // getPemCertificate receives a secret, and creates a ingress.SSLCert as return. // It parses the secret and verifies if it's a keypair, or a 'ca.crt' secret only. -func (s k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error) { +func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error) { secret, err := s.listers.Secret.ByKey(secretName) if err != nil { return nil, err @@ -143,7 +143,7 @@ func (s k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error) return sslCert, nil } -func (s k8sStore) checkSSLChainIssues() { +func (s *k8sStore) checkSSLChainIssues() { for _, item := range s.ListLocalSSLCerts() { secrKey := k8s.MetaNamespaceKey(item) secret, err := s.GetLocalSSLCert(secrKey) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index af79fe062..db2066cf1 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -689,7 +689,7 @@ func objectRefAnnotationNsKey(ann string, ing *extensions.Ingress) (string, erro // syncSecrets synchronizes data from all Secrets referenced by the given // Ingress with the local store and file system. -func (s k8sStore) syncSecrets(ing *extensions.Ingress) { +func (s *k8sStore) syncSecrets(ing *extensions.Ingress) { key := k8s.MetaNamespaceKey(ing) for _, secrKey := range s.secretIngressMap.ReferencedBy(key) { s.syncSecret(secrKey) @@ -697,12 +697,12 @@ func (s k8sStore) syncSecrets(ing *extensions.Ingress) { } // GetSecret returns the Secret matching key. -func (s k8sStore) GetSecret(key string) (*corev1.Secret, error) { +func (s *k8sStore) GetSecret(key string) (*corev1.Secret, error) { return s.listers.Secret.ByKey(key) } // ListLocalSSLCerts returns the list of local SSLCerts -func (s k8sStore) ListLocalSSLCerts() []*ingress.SSLCert { +func (s *k8sStore) ListLocalSSLCerts() []*ingress.SSLCert { var certs []*ingress.SSLCert for _, item := range s.sslStore.List() { if s, ok := item.(*ingress.SSLCert); ok { @@ -714,12 +714,12 @@ func (s k8sStore) ListLocalSSLCerts() []*ingress.SSLCert { } // GetService returns the Service matching key. -func (s k8sStore) GetService(key string) (*corev1.Service, error) { +func (s *k8sStore) GetService(key string) (*corev1.Service, error) { return s.listers.Service.ByKey(key) } // getIngress returns the Ingress matching key. -func (s k8sStore) getIngress(key string) (*extensions.Ingress, error) { +func (s *k8sStore) getIngress(key string) (*extensions.Ingress, error) { ing, err := s.listers.IngressWithAnnotation.ByKey(key) if err != nil { return nil, err @@ -729,7 +729,7 @@ func (s k8sStore) getIngress(key string) (*extensions.Ingress, error) { } // ListIngresses returns the list of Ingresses -func (s k8sStore) ListIngresses() []*ingress.Ingress { +func (s *k8sStore) ListIngresses() []*ingress.Ingress { // filter ingress rules ingresses := make([]*ingress.Ingress, 0) for _, item := range s.listers.IngressWithAnnotation.List() { @@ -741,22 +741,22 @@ func (s k8sStore) ListIngresses() []*ingress.Ingress { } // GetLocalSSLCert returns the local copy of a SSLCert -func (s k8sStore) GetLocalSSLCert(key string) (*ingress.SSLCert, error) { +func (s *k8sStore) GetLocalSSLCert(key string) (*ingress.SSLCert, error) { return s.sslStore.ByKey(key) } // GetConfigMap returns the ConfigMap matching key. -func (s k8sStore) GetConfigMap(key string) (*corev1.ConfigMap, error) { +func (s *k8sStore) GetConfigMap(key string) (*corev1.ConfigMap, error) { return s.listers.ConfigMap.ByKey(key) } // GetServiceEndpoints returns the Endpoints of a Service matching key. -func (s k8sStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) { +func (s *k8sStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) { return s.listers.Endpoint.ByKey(key) } // GetAuthCertificate is used by the auth-tls annotations to get a cert from a secret -func (s k8sStore) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error) { +func (s *k8sStore) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error) { if _, err := s.GetLocalSSLCert(name); err != nil { s.syncSecret(name) } @@ -773,7 +773,7 @@ func (s k8sStore) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error) }, nil } -func (s k8sStore) writeSSLSessionTicketKey(cmap *corev1.ConfigMap, fileName string) { +func (s *k8sStore) writeSSLSessionTicketKey(cmap *corev1.ConfigMap, fileName string) { ticketString := ngx_template.ReadConfig(cmap.Data).SSLSessionTicketKey s.backendConfig.SSLSessionTicketKey = "" @@ -823,7 +823,7 @@ func (s *k8sStore) setConfig(cmap *corev1.ConfigMap) { // Run initiates the synchronization of the informers and the initial // synchronization of the secrets. -func (s k8sStore) Run(stopCh chan struct{}) { +func (s *k8sStore) Run(stopCh chan struct{}) { // start informers s.informers.Run(stopCh) @@ -833,7 +833,7 @@ func (s k8sStore) Run(stopCh chan struct{}) { } // ListControllerPods returns a list of ingress-nginx controller Pods -func (s k8sStore) ListControllerPods() []*corev1.Pod { +func (s *k8sStore) ListControllerPods() []*corev1.Pod { var pods []*corev1.Pod for _, i := range s.listers.Pod.List() {