GitList

Browse code

authz: eliminate race during plugin removal from middleware

Also, this removes the use of a questionable golang range feature which
corrects for mutation of a slice during iteration over that slice. This
makes the filter operation easier to read and reason about.

Signed-off-by: David Sheets <dsheets@docker.com>

David Sheets authored on 2017/06/13 19:52:04
Showing 2 changed files

pkg/authorization/middleware.go index 0513012..595a06d 100644
plugin/backend_linux.go index 1d7f3a8..012f6cf 100644

pkg/authorization/middleware.go

History View file @ 7da3986

@@ -46,6 +46,19 @@ func (m *Middleware) SetPlugins(names []string) {
                      	m.mu.Unlock()
+                     }
                     +// RemovePlugin removes a single plugin from this authz middleware chain
                     +func (m *Middleware) RemovePlugin(name string) {
                     +	m.mu.Lock()
                     +	defer m.mu.Unlock()
                     +	plugins := m.plugins[:0]
                     +	for _, authPlugin := range m.plugins {
                     +		if authPlugin.Name() != name {
                     +			plugins = append(plugins, authPlugin)
                     +		}
                     +	}
                     +	m.plugins = plugins
                     +}
+                    +
                      // WrapHandler returns a new handler function wrapping the previous one in the request chain.
                      func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
                      	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

plugin/backend_linux.go

History View file @ 7da3986

@@ -60,14 +60,7 @@ func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) er
                      	for _, typ := range p.GetTypes() {
                      		if typ.Capability == authorization.AuthZApiImplements {
                     -			authzList := pm.config.AuthzMiddleware.GetAuthzPlugins()
                     -			for i, authPlugin := range authzList {
                     -				if authPlugin.Name() == p.Name() {
                     -					// Remove plugin from authzmiddleware chain
                     -					authzList = append(authzList[:i], authzList[i+1:]...)
                     -					pm.config.AuthzMiddleware.SetAuthzPlugins(authzList)
                     -				}
                     -			}
                     +			pm.config.AuthzMiddleware.RemovePlugin(p.Name())
+                     		}
+                     	}