Fix static secret caching race condition (#28494)

* Fix static ssecret caching data race * Fix static ssecret caching data race * Changelog
hashicorp · Sep 24, 2024 · 6d66990 · 6d66990
1 parent 7cf6cbd
commit 6d66990
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/changelog/28494.txt b/changelog/28494.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+proxy/cache (enterprise): Fixed a data race that could occur while tracking capabilities in Proxy's static secret cache.
+```
diff --git a/command/agentproxyshared/cache/lease_cache.go b/command/agentproxyshared/cache/lease_cache.go
@@ -791,13 +791,15 @@ func (c *LeaseCache) storeStaticSecretIndex(ctx context.Context, req *SendReques
 
 	path := getStaticSecretPathFromRequest(req)
 
+	capabilitiesIndex.IndexLock.Lock()
 	// Extra caution -- avoid potential nil
 	if capabilitiesIndex.ReadablePaths == nil {
 		capabilitiesIndex.ReadablePaths = make(map[string]struct{})
 	}
 
 	// update the index with the new capability:
 	capabilitiesIndex.ReadablePaths[path] = struct{}{}
+	capabilitiesIndex.IndexLock.Unlock()
 
 	err = c.SetCapabilitiesIndex(ctx, capabilitiesIndex)
 	if err != nil {