Locking updates in database backend

builtin/logical/database/path_creds_create.go

@@ -56,7 +56,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 
 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock
 
 		// Get the Database object
 		db, ok := b.getDBObj(role.DBName)
@@ -66,11 +66,15 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 			b.Lock()
 			unlockFunc = b.Unlock
 
-			// Create a new DB object
-			db, err = b.createDBObj(ctx, req.Storage, role.DBName)
-			if err != nil {
-				unlockFunc()
-				return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
+			// Check again
+			db, ok = b.getDBObj(role.DBName)
+			if !ok {
+				// Create a new DB object
+				db, err = b.createDBObj(ctx, req.Storage, role.DBName)
+				if err != nil {
+					unlockFunc()
+					return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
+				}
 			}
 		}
 
@@ -83,9 +87,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 
 		// Create the user
 		username, password, err := db.CreateUser(ctx, role.Statements, usernameConfig, expiration)
-		// Unlock
-		unlockFunc()
 		if err != nil {
+			unlockFunc()
 			b.closeIfShutdown(role.DBName, err)
 			return nil, err
 		}
@@ -98,6 +101,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 			"role":     name,
 		})
 		resp.Secret.TTL = role.DefaultTTL
+
+		unlockFunc()
 		return resp, nil
 	}
 }

builtin/logical/database/secret_creds.go

@@ -50,7 +50,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 
 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock
 
 		// Get the Database object
 		db, ok := b.getDBObj(role.DBName)
@@ -60,25 +60,29 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 			b.Lock()
 			unlockFunc = b.Unlock
 
-			// Create a new DB object
-			db, err = b.createDBObj(ctx, req.Storage, role.DBName)
-			if err != nil {
-				unlockFunc()
-				return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
+			// Check again
+			db, ok = b.getDBObj(role.DBName)
+			if !ok {
+				// Create a new DB object
+				db, err = b.createDBObj(ctx, req.Storage, role.DBName)
+				if err != nil {
+					unlockFunc()
+					return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
+				}
 			}
 		}
 
 		// Make sure we increase the VALID UNTIL endpoint for this user.
 		if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() {
 			err := db.RenewUser(ctx, role.Statements, username, expireTime)
-			// Unlock
-			unlockFunc()
 			if err != nil {
+				unlockFunc()
 				b.closeIfShutdown(role.DBName, err)
 				return nil, err
 			}
 		}
 
+		unlockFunc()
 		return resp, nil
 	}
 }
@@ -109,7 +113,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 
 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock
 
 		// Get our connection
 		db, ok := b.getDBObj(role.DBName)
@@ -119,22 +123,25 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 			b.Lock()
 			unlockFunc = b.Unlock
 
-			// Create a new DB object
-			db, err = b.createDBObj(ctx, req.Storage, role.DBName)
-			if err != nil {
-				unlockFunc()
-				return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
+			// Check again
+			db, ok = b.getDBObj(role.DBName)
+			if !ok {
+				// Create a new DB object
+				db, err = b.createDBObj(ctx, req.Storage, role.DBName)
+				if err != nil {
+					unlockFunc()
+					return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
+				}
 			}
 		}
 
-		err = db.RevokeUser(ctx, role.Statements, username)
-		// Unlock
-		unlockFunc()
-		if err != nil {
+		if err := db.RevokeUser(ctx, role.Statements, username); err != nil {
+			unlockFunc()
 			b.closeIfShutdown(role.DBName, err)
 			return nil, err
 		}
 
+		unlockFunc()
 		return resp, nil
 	}
 }