From e36eef476a9e89c813259c4df47d56dc86285894 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Mon, 4 Nov 2024 12:38:08 +0400 Subject: [PATCH 1/2] perform acl operations on cloned map --- logic/acls/nodeacls/retrieve.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/logic/acls/nodeacls/retrieve.go b/logic/acls/nodeacls/retrieve.go index d5fa68c40..195ac4971 100644 --- a/logic/acls/nodeacls/retrieve.go +++ b/logic/acls/nodeacls/retrieve.go @@ -3,6 +3,7 @@ package nodeacls import ( "encoding/json" "fmt" + "maps" "sync" "github.com/gravitl/netmaker/logic/acls" @@ -20,8 +21,9 @@ func AreNodesAllowed(networkID NetworkID, node1, node2 NodeID) bool { } var allowed bool acls.AclMutex.Lock() - currNetworkACLNode1 := currentNetworkACL[acls.AclID(node1)] - currNetworkACLNode2 := currentNetworkACL[acls.AclID(node2)] + currNetAclCopy := maps.Clone(currentNetworkACL) + currNetworkACLNode1 := currNetAclCopy[acls.AclID(node1)] + currNetworkACLNode2 := currNetAclCopy[acls.AclID(node2)] acls.AclMutex.Unlock() allowed = currNetworkACLNode1.IsAllowed(acls.AclID(node2)) && currNetworkACLNode2.IsAllowed(acls.AclID(node1)) return allowed From 38cb4d86e4d2eaeac90843859d67bcb436a79e93 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Mon, 4 Nov 2024 12:46:08 +0400 Subject: [PATCH 2/2] return clone of map --- logic/acls/common.go | 5 +++-- logic/acls/nodeacls/retrieve.go | 7 +++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/logic/acls/common.go b/logic/acls/common.go index 9296e3b80..bb35123a3 100644 --- a/logic/acls/common.go +++ b/logic/acls/common.go @@ -2,6 +2,7 @@ package acls import ( "encoding/json" + "maps" "sync" "github.com/gravitl/netmaker/database" @@ -133,7 +134,7 @@ func fetchACLContainer(containerID ContainerID) (ACLContainer, error) { defer AclMutex.RUnlock() if servercfg.CacheEnabled() { if aclContainer, ok := fetchAclContainerFromCache(containerID); ok { - return aclContainer, nil + return maps.Clone(aclContainer), nil } } aclJson, err := fetchACLContainerJson(ContainerID(containerID)) @@ -147,7 +148,7 @@ func fetchACLContainer(containerID ContainerID) (ACLContainer, error) { if servercfg.CacheEnabled() { storeAclContainerInCache(containerID, currentNetworkACL) } - return currentNetworkACL, nil + return maps.Clone(currentNetworkACL), nil } // fetchACLContainerJson - fetch the current ACL of given container except in json string diff --git a/logic/acls/nodeacls/retrieve.go b/logic/acls/nodeacls/retrieve.go index 195ac4971..4411c5b22 100644 --- a/logic/acls/nodeacls/retrieve.go +++ b/logic/acls/nodeacls/retrieve.go @@ -21,9 +21,8 @@ func AreNodesAllowed(networkID NetworkID, node1, node2 NodeID) bool { } var allowed bool acls.AclMutex.Lock() - currNetAclCopy := maps.Clone(currentNetworkACL) - currNetworkACLNode1 := currNetAclCopy[acls.AclID(node1)] - currNetworkACLNode2 := currNetAclCopy[acls.AclID(node2)] + currNetworkACLNode1 := currentNetworkACL[acls.AclID(node1)] + currNetworkACLNode2 := currentNetworkACL[acls.AclID(node2)] acls.AclMutex.Unlock() allowed = currNetworkACLNode1.IsAllowed(acls.AclID(node2)) && currNetworkACLNode2.IsAllowed(acls.AclID(node1)) return allowed @@ -69,5 +68,5 @@ func FetchAllACLs(networkID NetworkID) (acls.ACLContainer, error) { if err != nil { return nil, err } - return currentNetworkACL, nil + return maps.Clone(currentNetworkACL), nil }