use lock with mount_accessor

hashicorp · Feb 13, 2024 · 06c02bf · 06c02bf
1 parent 6907855
commit 06c02bf
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 20 deletions.
diff --git a/vault/data_identity_entity.go b/vault/data_identity_entity.go
@@ -201,6 +201,7 @@ func identityEntityDataSource() *schema.Resource {
 
 func identityEntityLookup(client *api.Client, data map[string]interface{}) (*api.Secret, error) {
 	log.Print("[DEBUG] Looking up IdentityEntity")
+
 	resp, err := client.Logical().Write(entity.LookupPath, data)
 	if err != nil {
 		return nil, fmt.Errorf("Error reading Identity Entity '%v': %w", data, err)

diff --git a/vault/resource_identity_group_alias.go b/vault/resource_identity_group_alias.go
@@ -13,7 +13,10 @@ import (
 	"github.com/hashicorp/terraform-provider-vault/internal/provider"
 )
 
-const identityGroupAliasPath = "/identity/group-alias"
+const (
+	identityGroupAliasPath   = "/identity/group-alias"
+	identityGroupAliasIDPath = identityGroupAliasPath + "/id"
+)
 
 func identityGroupAliasResource() *schema.Resource {
 	return &schema.Resource{
@@ -49,6 +52,10 @@ func identityGroupAliasResource() *schema.Resource {
 }
 
 func identityGroupAliasCreate(d *schema.ResourceData, meta interface{}) error {
+	lock, unlock := getEntityLockFuncs(d, identityGroupAliasIDPath)
+	lock()
+	defer unlock()
+
 	client, e := provider.GetClient(d, meta)
 	if e != nil {
 		return e
@@ -60,9 +67,6 @@ func identityGroupAliasCreate(d *schema.ResourceData, meta interface{}) error {
 
 	path := identityGroupAliasPath
 
-	provider.VaultMutexKV.Lock(path)
-	defer provider.VaultMutexKV.Unlock(path)
-
 	data := map[string]interface{}{
 		"name":                    name,
 		consts.FieldMountAccessor: mountAccessor,
@@ -80,6 +84,10 @@ func identityGroupAliasCreate(d *schema.ResourceData, meta interface{}) error {
 }
 
 func identityGroupAliasUpdate(d *schema.ResourceData, meta interface{}) error {
+	lock, unlock := getEntityLockFuncs(d, identityGroupAliasIDPath)
+	lock()
+	defer unlock()
+
 	client, e := provider.GetClient(d, meta)
 	if e != nil {
 		return e
@@ -88,10 +96,7 @@ func identityGroupAliasUpdate(d *schema.ResourceData, meta interface{}) error {
 	id := d.Id()
 
 	log.Printf("[DEBUG] Updating IdentityGroupAlias %q", id)
-	path := identityGroupAliasIDPath(id)
-
-	provider.VaultMutexKV.Lock(path)
-	defer provider.VaultMutexKV.Unlock(path)
+	path := getIdentityGroupAliasIDPath(id)
 
 	resp, err := client.Logical().Read(path)
 	if err != nil {
@@ -132,10 +137,7 @@ func identityGroupAliasRead(d *schema.ResourceData, meta interface{}) error {
 
 	id := d.Id()
 
-	path := identityGroupAliasIDPath(id)
-
-	provider.VaultMutexKV.Lock(path)
-	defer provider.VaultMutexKV.Unlock(path)
+	path := getIdentityGroupAliasIDPath(id)
 
 	log.Printf("[DEBUG] Reading IdentityGroupAlias %s from %q", id, path)
 	resp, err := client.Logical().Read(path)
@@ -159,17 +161,18 @@ func identityGroupAliasRead(d *schema.ResourceData, meta interface{}) error {
 }
 
 func identityGroupAliasDelete(d *schema.ResourceData, meta interface{}) error {
+	lock, unlock := getEntityLockFuncs(d, identityGroupAliasIDPath)
+	lock()
+	defer unlock()
+
 	client, e := provider.GetClient(d, meta)
 	if e != nil {
 		return e
 	}
 
 	id := d.Id()
 
-	path := identityGroupAliasIDPath(id)
-
-	provider.VaultMutexKV.Lock(path)
-	defer provider.VaultMutexKV.Unlock(path)
+	path := getIdentityGroupAliasIDPath(id)
 
 	log.Printf("[DEBUG] Deleting IdentityGroupAlias %q", id)
 	_, err := client.Logical().Delete(path)
@@ -189,7 +192,7 @@ func identityGroupAliasExists(d *schema.ResourceData, meta interface{}) (bool, e
 
 	id := d.Id()
 
-	path := identityGroupAliasIDPath(id)
+	path := getIdentityGroupAliasIDPath(id)
 	key := id
 
 	// use the name if no ID is set
@@ -212,6 +215,6 @@ func identityGroupAliasNamePath(name string) string {
 	return fmt.Sprintf("%s/name/%s", identityGroupAliasPath, name)
 }
 
-func identityGroupAliasIDPath(id string) string {
-	return fmt.Sprintf("%s/id/%s", identityGroupAliasPath, id)
+func getIdentityGroupAliasIDPath(id string) string {
+	return fmt.Sprintf("%s/%s", identityGroupAliasPath, id)
 }
diff --git a/vault/resource_identity_group_alias_test.go b/vault/resource_identity_group_alias_test.go
@@ -87,7 +87,7 @@ func testAccCheckIdentityGroupAliasDestroy(s *terraform.State) error {
 			return e
 		}
 
-		secret, err := client.Logical().Read(identityGroupAliasIDPath(rs.Primary.ID))
+		secret, err := client.Logical().Read(getIdentityGroupAliasIDPath(rs.Primary.ID))
 		if err != nil {
 			return fmt.Errorf("error checking for identity group %q: %s", rs.Primary.ID, err)
 		}