UPSTREAM: <carry>: Prevent rapid reset http2 DOS on API server

Adjust test that was added to work with go 1.18 Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
openshift · Oct 13, 2023 · 61fc003 · 61fc003
1 parent 4ac814f
commit 61fc003
Showing 1 changed file with 24 additions and 2 deletions.
diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication_test.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication_test.go
@@ -25,7 +25,7 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
-	"sync/atomic"
+	"sync"
 	"testing"
 	"time"
 
@@ -592,7 +592,7 @@ func TestUnauthenticatedHTTP2ClientConnectionClose(t *testing.T) {
 			f := func(t *testing.T, nextProto string, expectConnections uint64) {
 				defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.UnauthenticatedHTTP2DOSMitigation, !tc.skipHTTP2DOSMitigation)()
 
-				var localAddrs atomic.Uint64 // indicates how many TCP connection set up
+				var localAddrs atomicUint64 // indicates how many TCP connection set up
 
 				tlsConfig := &tls.Config{
 					RootCAs:    rootCAs,
@@ -665,3 +665,25 @@ func TestUnauthenticatedHTTP2ClientConnectionClose(t *testing.T) {
 		})
 	}
 }
+
+// atomicUint64 is a mutex-based implementation of atomic.Uint64, as that type is only available in
+// go 1.19 and newer.
+type atomicUint64 struct {
+	lock  sync.Mutex
+	value uint64
+}
+
+func (a *atomicUint64) Add(delta uint64) (new uint64) {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	a.value += delta
+	return a.value
+}
+
+func (a *atomicUint64) Load() uint64 {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+
+	return a.value
+}