-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge Identity Entities if two claim the same alias #5075
Conversation
Fixes #5000 |
} | ||
} | ||
|
||
result := make([]string, 0, len(all)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will making a slice of len(all) and using index to insert elements into it be any better? Or will append be a no-op in terms of new allocations when the capacity matches the desired size?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a noop, no new allocations in this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good!
vault/identity_store_util.go
Outdated
@@ -176,20 +176,25 @@ func (i *IdentityStore) loadEntities(ctx context.Context) error { | |||
} | |||
|
|||
for _, item := range bucket.Items { | |||
i.lock.Lock() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to grab this lock before the for
loop to cover loading of all the items in the bucket?
// If the entity from which we are merging from was already a merged | ||
// entity, transfer over the Merged set to the entity we are | ||
// merging into. | ||
toEntity.MergedEntityIDs = append(toEntity.MergedEntityIDs, fromEntity.MergedEntityIDs...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use strutil.MergeSlices
here as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could -- the main reason I did it for policies was for deduplication -- that shouldn't be a problem here. Don't think it really matters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. Okay.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Outside of the locking comment, this looks good to me!
1e213d1
to
dcd3343
Compare
Past bugs/race conditions meant two entities could be created each claiming the same alias. There are planned longer term fixes for this (outside of the race condition being fixed in 0.10.4) that involve changing the data model, but this is an immediate workaround that has the same net effect: if two entities claim the same alias, assume they were created due to this race condition and merge them. In this situation, also automatically merge policies so we don't lose e.g. RGPs.
dcd3343
to
bf864e5
Compare
Past bugs/race conditions meant two entities could be created each
claiming the same alias. There are planned longer term fixes for this
(outside of the race condition being fixed in 0.10.4) that involve
changing the data model, but this is an immediate workaround that has
the same net effect: if two entities claim the same alias, assume they
were created due to this race condition and merge them.
In this situation, also automatically merge policies so we don't lose
e.g. RGPs.