From 1dcf203fc21427bf401ae6a570c7d72375eaf742 Mon Sep 17 00:00:00 2001 From: "kumahq[bot]" <110050114+kumahq[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:02:28 +0100 Subject: [PATCH] fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) (#12021) Automatic cherry-pick of #11997 for branch release-2.6 Generated by [action](https://github.com/kumahq/kuma/actions/runs/11796491720) Signed-off-by: Charly Molter Signed-off-by: Mike Beaumont Co-authored-by: Charly Molter Co-authored-by: Mike Beaumont --- pkg/kds/util/meta.go | 8 -------- pkg/kds/util/resource.go | 9 +++++++-- pkg/plugins/resources/memory/store.go | 5 +++-- pkg/plugins/resources/remote/store.go | 5 +++-- pkg/plugins/secrets/k8s/store.go | 1 + 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/pkg/kds/util/meta.go b/pkg/kds/util/meta.go index 8ba29d994ebe..fb703424a322 100644 --- a/pkg/kds/util/meta.go +++ b/pkg/kds/util/meta.go @@ -53,14 +53,6 @@ func CloneResourceMeta(m model.ResourceMeta, fs ...CloneResourceMetaOpt) model.R return meta } -func kumaResourceMetaToResourceMeta(meta *mesh_proto.KumaResource_Meta) model.ResourceMeta { - return &resourceMeta{ - name: meta.Name, - mesh: meta.Mesh, - labels: meta.GetLabels(), - } -} - func (r *resourceMeta) GetName() string { return r.name } diff --git a/pkg/kds/util/resource.go b/pkg/kds/util/resource.go index b26c22f3da6b..1e3298414a53 100644 --- a/pkg/kds/util/resource.go +++ b/pkg/kds/util/resource.go @@ -2,6 +2,7 @@ package util import ( "fmt" + "maps" "strings" envoy_sd "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" @@ -56,7 +57,7 @@ func ToEnvoyResources(rlist model.ResourceList) ([]envoy_types.Resource, error) Meta: &mesh_proto.KumaResource_Meta{ Name: r.GetMeta().GetName(), Mesh: r.GetMeta().GetMesh(), - Labels: r.GetMeta().GetLabels(), + Labels: maps.Clone(r.GetMeta().GetLabels()), Version: "", }, Spec: pbany, @@ -136,7 +137,11 @@ func toResources(resourceType model.ResourceType, krs []*mesh_proto.KumaResource if err = model.FromAny(kr.Spec, obj.GetSpec()); err != nil { return nil, err } - obj.SetMeta(kumaResourceMetaToResourceMeta(kr.Meta)) + obj.SetMeta(&resourceMeta{ + name: kr.GetMeta().GetName(), + mesh: kr.GetMeta().GetMesh(), + labels: maps.Clone(kr.GetMeta().GetLabels()), + }) if err := list.AddItem(obj); err != nil { return nil, err } diff --git a/pkg/plugins/resources/memory/store.go b/pkg/plugins/resources/memory/store.go index f45057ff1f66..7e858cf62bfa 100644 --- a/pkg/plugins/resources/memory/store.go +++ b/pkg/plugins/resources/memory/store.go @@ -3,6 +3,7 @@ package memory import ( "context" "fmt" + "maps" "strconv" "strings" "sync" @@ -123,7 +124,7 @@ func (c *memoryStore) Create(_ context.Context, r core_model.Resource, fs ...sto Version: initialVersion(), CreationTime: opts.CreationTime, ModificationTime: opts.CreationTime, - Labels: opts.Labels, + Labels: maps.Clone(opts.Labels), } // fill the meta @@ -180,7 +181,7 @@ func (c *memoryStore) Update(_ context.Context, r core_model.Resource, fs ...sto meta.Version = meta.Version.Next() meta.ModificationTime = opts.ModificationTime if opts.ModifyLabels { - meta.Labels = opts.Labels + meta.Labels = maps.Clone(opts.Labels) } r.SetMeta(meta) diff --git a/pkg/plugins/resources/remote/store.go b/pkg/plugins/resources/remote/store.go index 09b0079af978..5eeb6cc62d82 100644 --- a/pkg/plugins/resources/remote/store.go +++ b/pkg/plugins/resources/remote/store.go @@ -5,6 +5,7 @@ import ( "context" "encoding/json" "io" + "maps" "net/http" "strconv" @@ -41,7 +42,7 @@ func (s *remoteStore) Create(ctx context.Context, res model.Resource, fs ...stor Type: string(res.Descriptor().Name), Name: opts.Name, Mesh: opts.Mesh, - Labels: opts.Labels, + Labels: maps.Clone(opts.Labels), } if err := s.upsert(ctx, res, meta); err != nil { return err @@ -55,7 +56,7 @@ func (s *remoteStore) Update(ctx context.Context, res model.Resource, fs ...stor Type: string(res.Descriptor().Name), Name: res.GetMeta().GetName(), Mesh: res.GetMeta().GetMesh(), - Labels: opts.Labels, + Labels: maps.Clone(opts.Labels), } if err := s.upsert(ctx, res, meta); err != nil { return err diff --git a/pkg/plugins/secrets/k8s/store.go b/pkg/plugins/secrets/k8s/store.go index fd30e075b72f..a4c423ae8b8a 100644 --- a/pkg/plugins/secrets/k8s/store.go +++ b/pkg/plugins/secrets/k8s/store.go @@ -113,6 +113,7 @@ func (s *KubernetesStore) Update(ctx context.Context, r core_model.Resource, fs } func setLabelsAnnotationsAndMesh(s *kube_core.Secret, mesh string, labels map[string]string) { + labels = maps.Clone(labels) if labels == nil { labels = map[string]string{} }