fix: some races when accessing ldap/openid config globally (#14978)

2025-11-07 12:52:58 -05:00 · 2022-05-25 18:32:53 -07:00
parent 5aae7178ad
commit fd46a1c3b3
6 changed files with 83 additions and 11 deletions
--- a/internal/config/identity/ldap/config.go
+++ b/internal/config/identity/ldap/config.go
@@ -62,6 +62,31 @@ type Config struct {
 	rootCAs           *x509.CertPool
 }

+// Clone returns a cloned copy of LDAP config.
+func (l *Config) Clone() Config {
+	if l == nil {
+		return Config{}
+	}
+	cfg := Config{
+		Enabled:                   l.Enabled,
+		ServerAddr:                l.ServerAddr,
+		UserDNSearchBaseDistName:  l.UserDNSearchBaseDistName,
+		UserDNSearchBaseDistNames: l.UserDNSearchBaseDistNames,
+		UserDNSearchFilter:        l.UserDNSearchFilter,
+		GroupSearchBaseDistName:   l.GroupSearchBaseDistName,
+		GroupSearchBaseDistNames:  l.GroupSearchBaseDistNames,
+		GroupSearchFilter:         l.GroupSearchFilter,
+		LookupBindDN:              l.LookupBindDN,
+		LookupBindPassword:        l.LookupBindPassword,
+		stsExpiryDuration:         l.stsExpiryDuration,
+		tlsSkipVerify:             l.tlsSkipVerify,
+		serverInsecure:            l.serverInsecure,
+		serverStartTLS:            l.serverStartTLS,
+		rootCAs:                   l.rootCAs,
+	}
+	return cfg
+}
+
 // LDAP keys and envs.
 const (
 	ServerAddr         = "server_addr"
--- a/internal/config/identity/openid/openid.go
+++ b/internal/config/identity/openid/openid.go
@@ -164,6 +164,32 @@ type Config struct {
 	closeRespFn func(io.ReadCloser)
 }

+// Clone returns a cloned copy of OpenID config.
+func (r *Config) Clone() Config {
+	if r == nil {
+		return Config{}
+	}
+	cfg := Config{
+		Enabled:            r.Enabled,
+		arnProviderCfgsMap: make(map[arn.ARN]*providerCfg, len(r.arnProviderCfgsMap)),
+		ProviderCfgs:       make(map[string]*providerCfg, len(r.ProviderCfgs)),
+		pubKeys:            r.pubKeys,
+		roleArnPolicyMap:   make(map[arn.ARN]string, len(r.roleArnPolicyMap)),
+		transport:          r.transport,
+		closeRespFn:        r.closeRespFn,
+	}
+	for k, v := range r.arnProviderCfgsMap {
+		cfg.arnProviderCfgsMap[k] = v
+	}
+	for k, v := range r.ProviderCfgs {
+		cfg.ProviderCfgs[k] = v
+	}
+	for k, v := range r.roleArnPolicyMap {
+		cfg.roleArnPolicyMap[k] = v
+	}
+	return cfg
+}
+
 // LookupConfig lookup jwks from config, override with any ENVs.
 func LookupConfig(kvsMap map[string]config.KVS, transport http.RoundTripper, closeRespFn func(io.ReadCloser), serverRegion string) (c Config, err error) {
 	openIDClientTransport := http.DefaultTransport