mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-10 19:27:59 +00:00
b7168e454b
* 🐛 Fix concurrency bugs in executor cache - Fix DimensionCaches.remove() using RLock instead of Lock for map delete operation, which could cause concurrent map read/write panic - Fix RemoveByHash accessing len(items) without holding the lock - Fix getCacheItems returning internal map reference, allowing unsynchronized iteration after lock release; return snapshot copies - Add early return in updateSARCheckResultToCache for clarity Assisted by Claude Signed-off-by: zhujian <jiazhu@redhat.com> * 🐛 Fix wrong index in clusterRoleEnqueueFu causing missed cache refresh When a ClusterRole changes, the controller should find RoleBindings referencing it via the byClusterRole index. It was incorrectly using the byRole index, which indexes by "namespace/name" for Role refs and never matches a bare ClusterRole name. This caused executor caches to not refresh when a ClusterRole was modified, leaving revoked permissions cached as allowed for up to 10 minutes. Assisted by Claude Signed-off-by: zhujian <jiazhu@redhat.com> * 🌱 Make RemoveByHash private as it is only used internally Assisted by Claude Signed-off-by: zhujian <jiazhu@redhat.com> * Add concurrency and index-fix tests for executor cache - Add concurrent remove/get, getCacheItems, and cleanup tests to verify race-free behavior with -race detector - Add TestCacheControllerClusterRoleWithRoleBindingOnly to verify clusterRoleEnqueueFu uses byClusterRole index for RoleBindings Signed-off-by: zhujian <jiazhu@redhat.com> --------- Signed-off-by: zhujian <jiazhu@redhat.com>