sweep: DIRACGrid#7984 Add locks to AuthManager caches

DIRACGridBot · Jan 14, 2025 · d57e974 · d57e974
1 parent 36f1a2c
commit d57e974
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/src/DIRAC/Core/DISET/AuthManager.py b/src/DIRAC/Core/DISET/AuthManager.py
@@ -1,5 +1,7 @@
 """ Module that holds DISET Authorization class for services
 """
+from threading import Lock
+
 from cachetools import TTLCache
 
 from DIRAC.ConfigurationSystem.Client.Config import gConfig
@@ -29,7 +31,9 @@ def __init__(self, authSection):
         """
         self.authSection = authSection
         self._cache_getUsersInGroup = TTLCache(maxsize=1000, ttl=60)
+        self._cache_getUsersInGroupLock = Lock()
         self._cache_getUsernameForDN = TTLCache(maxsize=1000, ttl=60)
+        self._cache_getUsernameForDNLock = Lock()
 
     def authQuery(self, methodQuery, credDict, defaultProperties=False):
         """
@@ -262,17 +266,19 @@ def getUsername(self, credDict):
             credDict[self.KW_GROUP] = result["Value"]
         credDict[self.KW_PROPERTIES] = Registry.getPropertiesForGroup(credDict[self.KW_GROUP], [])
 
-        usersInGroup = self._cache_getUsersInGroup.get(credDict[self.KW_GROUP])
-        if usersInGroup is None:
-            usersInGroup = Registry.getUsersInGroup(credDict[self.KW_GROUP], [])
-            self._cache_getUsersInGroup[credDict[self.KW_GROUP]] = usersInGroup
+        with self._cache_getUsersInGroupLock:
+            usersInGroup = self._cache_getUsersInGroup.get(credDict[self.KW_GROUP])
+            if usersInGroup is None:
+                usersInGroup = Registry.getUsersInGroup(credDict[self.KW_GROUP], [])
+                self._cache_getUsersInGroup[credDict[self.KW_GROUP]] = usersInGroup
         if not usersInGroup:
             return False
 
-        retVal = self._cache_getUsernameForDN.get(credDict[self.KW_DN])
-        if retVal is None:
-            retVal = Registry.getUsernameForDN(credDict[self.KW_DN], usersInGroup)
-            self._cache_getUsernameForDN[credDict[self.KW_DN]] = retVal
+        with self._cache_getUsernameForDNLock:
+            retVal = self._cache_getUsernameForDN.get(credDict[self.KW_DN])
+            if retVal is None:
+                retVal = Registry.getUsernameForDN(credDict[self.KW_DN], usersInGroup)
+                self._cache_getUsernameForDN[credDict[self.KW_DN]] = retVal
         if retVal["OK"]:
             credDict[self.KW_USERNAME] = retVal["Value"]
             return True