Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Improve trusted cert loading in Certificate Auth into release/1.17.x #27903

Merged
merged 1 commit into from
Jul 29, 2024
Merged

Backport of Improve trusted cert loading in Certificate Auth into release/1.17.x #27903

merged 1 commit into from
Jul 29, 2024

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #27902 to be assessed for backporting due to the inclusion of the label backport/1.17.x.

The below text is copied from the body of the original PR.

Currently, cert auth has a cache of certName->trusted certificate data. This cache is updated lazily on login. In highly concurrent situations, several logins of the same cert or more likely, logins not specifying role name may happen simulataneously. In the status quo, each results in going to storage, fetching the role data (or all roles!), unmarshalling, and certificate parsing.

This change puts a lock matrix in front of the cache miss scenario, so only one of the logins will load and process the role data. In addition, we treat the absent role name specially, caching it separately so that it cannot be flushed by eviction on the role cache.

Overview of commits

@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jul 29, 2024
@sgmiller sgmiller added this to the 1.17.3 milestone Jul 29, 2024
@sgmiller sgmiller enabled auto-merge (squash) July 29, 2024 21:17
@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@github-actions GitHub Actions
Copy link

CI Results:
All Go tests succeeded! ✅

@sgmiller sgmiller merged commit 4d49110 into release/1.17.x Jul 29, 2024
76 of 77 checks passed
@sgmiller sgmiller deleted the backport/sgm/improve-cert-trust-loading/usually-measured-chimp branch July 29, 2024 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

Assignees

@sgmiller sgmiller

Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.17.3
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-secure-vault-core @sgmiller