search

hubblestack / hubble

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting.
Apache License 2.0
380 stars 87 forks source link

Loader fixes #1102

Closed jettero closed 3 years ago

jettero commented 3 years ago

There's a few things here... not the least of which is a pretty obvious memory leak that we've had for as long as we've had grains-refresh...

The primary purpose of this PR is the 'POP' though. The persistent __opts__ protection mechanism. It's definitely an anti-pattern that we're logging data by dropping it in config and publishing config... man, I wish we didn't do that, but we do it in a huge number of places.

Recently, for some reason, the lazy loader refreshes have been resetting some of the __opts__ return data. I can't see why it hadn't been doing it before now, but it's doing it now... so the solution -- until we address the anti-pattern -- is to trick the lazy loader into preserving opts.

Lastly, you may wonder: why is there no unit test to make sure this works?

This was a "Heisenbug." Recreating the bug is difficult. You have to trick the garbage collection into firing at the right time to trigger the bug and hope your config pulisher publishes the broken state. It's probably not possible to recreate in a unit test. Or at least, if you could do it, you couldn't do it reliably.