From d57e974e2d410dd4975a360c8e553d7feb7e69cf Mon Sep 17 00:00:00 2001
From: Chris Burr <chrisburr@users.noreply.github.com>
Date: Tue, 14 Jan 2025 19:42:08 +0100
Subject: [PATCH] sweep: #7984 Add locks to AuthManager caches

---
 src/DIRAC/Core/DISET/AuthManager.py | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/DIRAC/Core/DISET/AuthManager.py b/src/DIRAC/Core/DISET/AuthManager.py
index 98835095bcc..f78cbe08e8d 100755
--- a/src/DIRAC/Core/DISET/AuthManager.py
+++ b/src/DIRAC/Core/DISET/AuthManager.py
@@ -1,5 +1,7 @@
 """ Module that holds DISET Authorization class for services
 """
+from threading import Lock
+
 from cachetools import TTLCache
 
 from DIRAC.ConfigurationSystem.Client.Config import gConfig
@@ -29,7 +31,9 @@ def __init__(self, authSection):
         """
         self.authSection = authSection
         self._cache_getUsersInGroup = TTLCache(maxsize=1000, ttl=60)
+        self._cache_getUsersInGroupLock = Lock()
         self._cache_getUsernameForDN = TTLCache(maxsize=1000, ttl=60)
+        self._cache_getUsernameForDNLock = Lock()
 
     def authQuery(self, methodQuery, credDict, defaultProperties=False):
         """
@@ -262,17 +266,19 @@ def getUsername(self, credDict):
             credDict[self.KW_GROUP] = result["Value"]
         credDict[self.KW_PROPERTIES] = Registry.getPropertiesForGroup(credDict[self.KW_GROUP], [])
 
-        usersInGroup = self._cache_getUsersInGroup.get(credDict[self.KW_GROUP])
-        if usersInGroup is None:
-            usersInGroup = Registry.getUsersInGroup(credDict[self.KW_GROUP], [])
-            self._cache_getUsersInGroup[credDict[self.KW_GROUP]] = usersInGroup
+        with self._cache_getUsersInGroupLock:
+            usersInGroup = self._cache_getUsersInGroup.get(credDict[self.KW_GROUP])
+            if usersInGroup is None:
+                usersInGroup = Registry.getUsersInGroup(credDict[self.KW_GROUP], [])
+                self._cache_getUsersInGroup[credDict[self.KW_GROUP]] = usersInGroup
         if not usersInGroup:
             return False
 
-        retVal = self._cache_getUsernameForDN.get(credDict[self.KW_DN])
-        if retVal is None:
-            retVal = Registry.getUsernameForDN(credDict[self.KW_DN], usersInGroup)
-            self._cache_getUsernameForDN[credDict[self.KW_DN]] = retVal
+        with self._cache_getUsernameForDNLock:
+            retVal = self._cache_getUsernameForDN.get(credDict[self.KW_DN])
+            if retVal is None:
+                retVal = Registry.getUsernameForDN(credDict[self.KW_DN], usersInGroup)
+                self._cache_getUsernameForDN[credDict[self.KW_DN]] = retVal
         if retVal["OK"]:
             credDict[self.KW_USERNAME] = retVal["Value"]
             return True