diff --git a/changelog/10726.txt b/changelog/10726.txt new file mode 100644 index 000000000000..e8de0771ea7a --- /dev/null +++ b/changelog/10726.txt @@ -0,0 +1,3 @@ +```release-note:improvement +core: reduce memory used by leases +``` diff --git a/vault/expiration.go b/vault/expiration.go index f857b4e3e5bf..c268d96f4df1 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -115,10 +115,10 @@ type ExpirationManager struct { testRegisterAuthFailure uberAtomic.Bool } -type ExpireLeaseStrategy func(context.Context, *ExpirationManager, *leaseEntry) +type ExpireLeaseStrategy func(context.Context, *ExpirationManager, string, *namespace.Namespace) // revokeIDFunc is invoked when a given ID is expired -func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *leaseEntry) { +func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, leaseID string, ns *namespace.Namespace) { for attempt := uint(0); attempt < maxRevokeAttempts; attempt++ { releasePermit := func() {} if m.revokePermitPool != nil { @@ -128,10 +128,10 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le m.logger.Trace("expiring lease; got permit pool") } - metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration"}, 1, []metrics.Label{{"namespace", le.namespace.ID}}) + metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration"}, 1, []metrics.Label{{"namespace", ns.ID}}) revokeCtx, cancel := context.WithTimeout(ctx, DefaultMaxRequestDuration) - revokeCtx = namespace.ContextWithNamespace(revokeCtx, le.namespace) + revokeCtx = namespace.ContextWithNamespace(revokeCtx, ns) go func() { select { @@ -144,12 +144,12 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le select { case <-m.quitCh: - m.logger.Error("shutting down, not attempting further revocation of lease", "lease_id", le.LeaseID) + m.logger.Error("shutting down, not attempting further revocation of lease", "lease_id", leaseID) releasePermit() cancel() return case <-m.quitContext.Done(): - m.logger.Error("core context canceled, not attempting further revocation of lease", "lease_id", le.LeaseID) + m.logger.Error("core context canceled, not attempting further revocation of lease", "lease_id", leaseID) releasePermit() cancel() return @@ -157,7 +157,7 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le } m.coreStateLock.RLock() - err := m.Revoke(revokeCtx, le.LeaseID) + err := m.Revoke(revokeCtx, leaseID) m.coreStateLock.RUnlock() releasePermit() cancel() @@ -165,12 +165,12 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le return } - metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration", "error"}, 1, []metrics.Label{{"namespace", le.namespace.ID}}) + metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration", "error"}, 1, []metrics.Label{{"namespace", ns.ID}}) - m.logger.Error("failed to revoke lease", "lease_id", le.LeaseID, "error", err) + m.logger.Error("failed to revoke lease", "lease_id", leaseID, "error", err) time.Sleep((1 << attempt) * revokeRetryBase) } - m.logger.Error("maximum revoke attempts reached", "lease_id", le.LeaseID) + m.logger.Error("maximum revoke attempts reached", "lease_id", leaseID) } // NewExpirationManager creates a new ExpirationManager that is backed @@ -1523,9 +1523,10 @@ func (m *ExpirationManager) updatePendingInternal(le *leaseEntry) { pending.timer.Reset(leaseTotal) // No change to lease count in this case } else { + leaseID, namespace := le.LeaseID, le.namespace // Extend the timer by the lease total timer := time.AfterFunc(leaseTotal, func() { - m.expireFunc(m.quitContext, m, le) + m.expireFunc(m.quitContext, m, leaseID, namespace) }) pending = pendingInfo{ timer: timer,