diff --git a/changelog/28494.txt b/changelog/28494.txt new file mode 100644 index 000000000000..50b9223968a4 --- /dev/null +++ b/changelog/28494.txt @@ -0,0 +1,3 @@ +```release-note:bug +proxy/cache (enterprise): Fixed a data race that could occur while tracking capabilities in Proxy's static secret cache. +``` diff --git a/command/agentproxyshared/cache/lease_cache.go b/command/agentproxyshared/cache/lease_cache.go index ee135e51a047..b29a57461320 100644 --- a/command/agentproxyshared/cache/lease_cache.go +++ b/command/agentproxyshared/cache/lease_cache.go @@ -791,6 +791,7 @@ func (c *LeaseCache) storeStaticSecretIndex(ctx context.Context, req *SendReques path := getStaticSecretPathFromRequest(req) + capabilitiesIndex.IndexLock.Lock() // Extra caution -- avoid potential nil if capabilitiesIndex.ReadablePaths == nil { capabilitiesIndex.ReadablePaths = make(map[string]struct{}) @@ -798,6 +799,7 @@ func (c *LeaseCache) storeStaticSecretIndex(ctx context.Context, req *SendReques // update the index with the new capability: capabilitiesIndex.ReadablePaths[path] = struct{}{} + capabilitiesIndex.IndexLock.Unlock() err = c.SetCapabilitiesIndex(ctx, capabilitiesIndex) if err != nil {