From 3a730d2434729a53316d0c15c0cdcbc466e27e23 Mon Sep 17 00:00:00 2001 From: Carlos Eduardo Arango Gutierrez Date: Thu, 12 Feb 2026 21:06:08 +0100 Subject: [PATCH] fix(aws): preserve error chain with errors.Join, copy tags for goroutines Instance creation errors were formatted with %v, breaking the error chain. Use errors.Join so callers can inspect individual errors. Also copy p.Tags before the goroutine loop to prevent a future data race if Tags is ever modified during creation. Audit findings #11 (MEDIUM), #15 (MEDIUM). Signed-off-by: Carlos Eduardo Arango Gutierrez --- pkg/provider/aws/cluster.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/provider/aws/cluster.go b/pkg/provider/aws/cluster.go index a4792a6ac..3c095bb5c 100644 --- a/pkg/provider/aws/cluster.go +++ b/pkg/provider/aws/cluster.go @@ -18,6 +18,7 @@ package aws import ( "context" + "errors" "fmt" "sync" "time" @@ -419,6 +420,10 @@ func (p *Provider) createInstances( instancesChan := make(chan InstanceInfo, count) errorsChan := make(chan error, count) + // Copy tags to avoid data race if p.Tags is modified during creation + tagsCopy := make([]types.Tag, len(p.Tags)) + copy(tagsCopy, p.Tags) + for i := 0; i < count; i++ { wg.Add(1) go func(index int) { @@ -427,7 +432,7 @@ func (p *Provider) createInstances( instanceName := fmt.Sprintf("%s-%s-%d", p.ObjectMeta.Name, role, index) // Filter out the Name tag from p.Tags to avoid duplicates var tags []types.Tag - for _, tag := range p.Tags { + for _, tag := range tagsCopy { if aws.ToString(tag.Key) != "Name" { tags = append(tags, tag) } @@ -550,7 +555,7 @@ func (p *Provider) createInstances( errs = append(errs, err) } if len(errs) > 0 { - return nil, fmt.Errorf("errors creating instances: %v", errs) + return nil, fmt.Errorf("errors creating instances: %w", errors.Join(errs...)) } // Collect instances