NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit0fef6b0

committed

fix tests

1 parent9061a1c commit0fef6b0Copy full SHA for 0fef6b0

File tree

2 files changed

+55

-31

lines changed

enterprise/wsproxy
- keycache.go
- keycache_test.go

2 files changed

+55

-31

lines changed

`‎enterprise/wsproxy/keycache.go`

Lines changed: 51 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,12 +45,14 @@ func NewCryptoKeyCache(ctx context.Context, log slog.Logger, client *wsproxysdk.`
`45`	`45`	`opt(cache)`
`46`	`46`	`}`
`47`	`47`
`48`		`-m,latest,err:=cache.fetch(ctx)`
	`48`	`+cache.refreshCtx,cache.refreshCancel=context.WithCancel(ctx)`
	`49`	`+cache.refresher=cache.Clock.AfterFunc(time.Minute*10,cache.refresh)`
	`50`	`+m,latest,err:=cache.fetchKeys(ctx)`
`49`	`51`	`iferr!=nil {`
	`52`	`+cache.refreshCancel()`
`50`	`53`	`returnnil,xerrors.Errorf("initial fetch: %w",err)`
`51`	`54`	`}`
`52`	`55`	`cache.keys,cache.latest=m,latest`
`53`		`-cache.refresher=cache.Clock.AfterFunc(time.Minute*10,cache.refresh)`
`54`	`56`
`55`	`57`	`returncache,nil`
`56`	`58`	`}`
`@@ -77,9 +79,12 @@ func (k *CryptoKeyCache) Signing(ctx context.Context) (codersdk.CryptoKey, error`
`77`	`79`	`}`
`78`	`80`
`79`	`81`	`k.keysMu.RLock()`
`80`		`-ifk.latest.CanSign(now) {`
`81`		`-k.keysMu.RUnlock()`
`82`		`-returnk.latest,nil`
	`82`	`+latest=k.latest`
	`83`	`+k.keysMu.RUnlock()`
	`84`	`+`
	`85`	`+now=k.Clock.Now()`
	`86`	`+iflatest.CanSign(now) {`
	`87`	`+returnlatest,nil`
`83`	`88`	`}`
`84`	`89`
`85`	`90`	`_,latest,err:=k.fetch(ctx)`
`@@ -91,27 +96,28 @@ func (k *CryptoKeyCache) Signing(ctx context.Context) (codersdk.CryptoKey, error`
`91`	`96`	`}`
`92`	`97`
`93`	`98`	`func (k*CryptoKeyCache)Verifying(ctx context.Context,sequenceint32) (codersdk.CryptoKey,error) {`
`94`		`-now:=k.Clock.Now()`
`95`		`-k.keysMu.RLock()`
`96`	`99`	`ifk.isClosed() {`
`97`		`-k.keysMu.RUnlock()`
`98`	`100`	`return codersdk.CryptoKey{},cryptokeys.ErrClosed`
`99`	`101`	`}`
`100`	`102`
	`103`	`+now:=k.Clock.Now()`
	`104`	`+k.keysMu.RLock()`
`101`	`105`	`key,ok:=k.keys[sequence]`
`102`	`106`	`k.keysMu.RUnlock()`
`103`	`107`	`ifok {`
`104`	`108`	`returnvalidKey(key,now)`
`105`	`109`	`}`
`106`	`110`
`107`		`-k.keysMu.Lock()`
`108`		`-deferk.keysMu.Unlock()`
	`111`	`+k.fetchLock.Lock()`
	`112`	`+deferk.fetchLock.Unlock()`
`109`	`113`
`110`	`114`	`ifk.isClosed() {`
`111`	`115`	`return codersdk.CryptoKey{},cryptokeys.ErrClosed`
`112`	`116`	`}`
`113`	`117`
	`118`	`+k.keysMu.RLock()`
`114`	`119`	`key,ok=k.keys[sequence]`
	`120`	`+k.keysMu.RUnlock()`
`115`	`121`	`ifok {`
`116`	`122`	`returnvalidKey(key,now)`
`117`	`123`	`}`
`@@ -134,14 +140,23 @@ func (k *CryptoKeyCache) refresh() {`
`134`	`140`	`return`
`135`	`141`	`}`
`136`	`142`
`137`		`-k.keysMu.RLock()`
`138`		`-ifk.Clock.Now().Sub(k.lastFetch)<time.Minute*10 {`
`139`		`-k.keysMu.Unlock()`
	`143`	`+k.fetchLock.Lock()`
	`144`	`+deferk.fetchLock.Unlock()`
	`145`	`+`
	`146`	`+ifk.isClosed() {`
`140`	`147`	`return`
`141`	`148`	`}`
`142`	`149`
`143`		`-k.fetchLock.Lock()`
`144`		`-deferk.fetchLock.Unlock()`
	`150`	`+k.keysMu.RLock()`
	`151`	`+lastFetch:=k.lastFetch`
	`152`	`+k.keysMu.RUnlock()`
	`153`	`+`
	`154`	`+// There's a window we must account for where the timer fires while a fetch`
	`155`	`+// is ongoing but prior to the timer getting reset. In this case we want to`
	`156`	`+// avoid double fetching.`
	`157`	`+ifk.Clock.Now().Sub(lastFetch)<time.Minute*10 {`
	`158`	`+return`
	`159`	`+}`
`145`	`160`
`146`	`161`	`_,_,err:=k.fetch(k.refreshCtx)`
`147`	`162`	`iferr!=nil {`
`@@ -150,19 +165,28 @@ func (k *CryptoKeyCache) refresh() {`
`150`	`165`	`}`
`151`	`166`	`}`
`152`	`167`
`153`		`-func (k*CryptoKeyCache)fetch(ctx context.Context) (map[int32]codersdk.CryptoKey, codersdk.CryptoKey,error) {`
`154`		`-`
	`168`	`+func (k*CryptoKeyCache)fetchKeys(ctx context.Context) (map[int32]codersdk.CryptoKey, codersdk.CryptoKey,error) {`
`155`	`169`	`keys,err:=k.client.CryptoKeys(ctx)`
`156`	`170`	`iferr!=nil {`
`157`		`-returnnil, codersdk.CryptoKey{},xerrors.Errorf("get security keys: %w",err)`
	`171`	`+returnnil, codersdk.CryptoKey{},xerrors.Errorf("crypto keys: %w",err)`
`158`	`172`	`}`
	`173`	`+cache,latest:=toKeyMap(keys.CryptoKeys,k.Clock.Now())`
	`174`	`+returncache,latest,nil`
	`175`	`+}`
`159`	`176`
`160`		`-iflen(keys.CryptoKeys)==0 {`
	`177`	`+// fetch fetches the keys from the control plane and updates the cache. The fetchMu`
	`178`	`+// must be held when calling this function to avoid multiple concurrent fetches.`
	`179`	`+func (k*CryptoKeyCache)fetch(ctx context.Context) (map[int32]codersdk.CryptoKey, codersdk.CryptoKey,error) {`
	`180`	`+keys,latest,err:=k.fetchKeys(ctx)`
	`181`	`+iferr!=nil {`
	`182`	`+returnnil, codersdk.CryptoKey{},xerrors.Errorf("fetch keys: %w",err)`
	`183`	`+}`
	`184`	`+`
	`185`	`+iflen(keys)==0 {`
`161`	`186`	`returnnil, codersdk.CryptoKey{},cryptokeys.ErrKeyNotFound`
`162`	`187`	`}`
`163`	`188`
`164`	`189`	`now:=k.Clock.Now()`
`165`		`-kmap,latest:=toKeyMap(keys.CryptoKeys,now)`
`166`	`190`	`if!latest.CanSign(now) {`
`167`	`191`	`returnnil, codersdk.CryptoKey{},cryptokeys.ErrKeyInvalid`
`168`	`192`	`}`
`@@ -172,9 +196,9 @@ func (k *CryptoKeyCache) fetch(ctx context.Context) (map[int32]codersdk.CryptoKe`
`172`	`196`
`173`	`197`	`k.lastFetch=k.Clock.Now()`
`174`	`198`	`k.refresher.Reset(time.Minute*10)`
`175`		`-k.keys,k.latest=kmap,latest`
	`199`	`+k.keys,k.latest=keys,latest`
`176`	`200`
`177`		`-returnkmap,latest,nil`
	`201`	`+returnkeys,latest,nil`
`178`	`202`	`}`
`179`	`203`
`180`	`204`	`functoKeyMap(keys []codersdk.CryptoKey,now time.Time) (map[int32]codersdk.CryptoKey, codersdk.CryptoKey) {`
`@@ -202,6 +226,11 @@ func (k *CryptoKeyCache) isClosed() bool {`
`202`	`226`	`}`
`203`	`227`
`204`	`228`	`func (k*CryptoKeyCache)Close() {`
	`229`	`+// The fetch lock must always be held before holding the keys lock`
	`230`	`+// otherwise we risk a deadlock.`
	`231`	`+k.fetchLock.Lock()`
	`232`	`+deferk.fetchLock.Unlock()`
	`233`	`+`
`205`	`234`	`k.keysMu.Lock()`
`206`	`235`	`deferk.keysMu.Unlock()`
`207`	`236`

`‎enterprise/wsproxy/keycache_test.go`

Lines changed: 4 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -317,8 +317,6 @@ func TestCryptoKeyCache(t *testing.T) {`
`317`	`317`	`clock=quartz.NewMock(t)`
`318`	`318`	`)`
`319`	`319`
`320`		`-trap:=clock.Trap().TickerFunc()`
`321`		`-`
`322`	`320`	`now:=clock.Now().UTC()`
`323`	`321`	`expected:= codersdk.CryptoKey{`
`324`	`322`	`Feature:codersdk.CryptoKeyFeatureWorkspaceApp,`
`@@ -339,8 +337,6 @@ func TestCryptoKeyCache(t *testing.T) {`
`339`	`337`	`require.Equal(t,expected,got)`
`340`	`338`	`require.Equal(t,1,fc.called)`
`341`	`339`
`342`		`-wait:=trap.MustWait(ctx)`
`343`		`-`
`344`	`340`	`newKey:= codersdk.CryptoKey{`
`345`	`341`	`Feature:codersdk.CryptoKeyFeatureWorkspaceApp,`
`346`	`342`	`Secret:"key2",`
`@@ -349,8 +345,6 @@ func TestCryptoKeyCache(t *testing.T) {`
`349`	`345`	`}`
`350`	`346`	`fc.keys= []codersdk.CryptoKey{newKey}`
`351`	`347`
`352`		`-wait.Release()`
`353`		`-`
`354`	`348`	`// The ticker should fire and cause a request to coderd.`
`355`	`349`	`_,advance:=clock.AdvanceNext()`
`356`	`350`	`advance.MustWait(ctx)`
`@@ -362,9 +356,10 @@ func TestCryptoKeyCache(t *testing.T) {`
`362`	`356`	`require.Equal(t,newKey,got)`
`363`	`357`	`require.Equal(t,2,fc.called)`
`364`	`358`
`365`		`-// Assert we do not have the old key.`
`366`		`-_,err=cache.Verifying(ctx,expected.Sequence)`
`367`		`-require.Error(t,err)`
	`359`	`+// The ticker should fire and cause a request to coderd.`
	`360`	`+_,advance=clock.AdvanceNext()`
	`361`	`+advance.MustWait(ctx)`
	`362`	`+require.Equal(t,3,fc.called)`
`368`	`363`	`})`
`369`	`364`
`370`	`365`	`t.Run("Closed",func(t*testing.T) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0fef6b0

File tree

2 files changed

2 files changed

`‎enterprise/wsproxy/keycache.go`

`‎enterprise/wsproxy/keycache_test.go`

0 commit comments