[config] Fix race in security resource modification when draft mode e…

…nabled

In security draft mode to avoid issues, a scope lock is created when
an action is ongoing. It avoids any other action to be performed and also
forbidden any security resource modifications.
The check on resource modification was buggy as it required the lock to
check if it was already acquired. That produces race when concurrency
security resources modifications occur.

Change-Id: I980456c22551ca6e7f5dd645140f4f54fb354c0a
Closes-Bug: #1767425
(cherry picked from commit d601451)

src/config/api-server/vnc_cfg_api_server/vnc_cfg_types.py

@@ -529,8 +529,8 @@ def _pending_update(cls, draft_pm, obj_dict, draft_mode_state,
                 ':'.join(scope_fq_name),
             ),
         )
-        if not scope_lock.acquire(blocking=False):
-            contenders = scope_lock.contenders()
+        contenders = scope_lock.contenders()
+        if contenders:
             action_in_progress = '<unknown action>'
             if len(contenders) > 0 and contenders[0]:
                 _, _, action_in_progress = contenders[0].partition(' ')
@@ -540,7 +540,6 @@ def _pending_update(cls, draft_pm, obj_dict, draft_mode_state,
                     ':'.join(scope_fq_name), scope_uuid,
                     cls.object_type.replace('_', ' ').title()))
             return False, (400, msg)
-        scope_lock.release()
 
         if not delta_obj_dict:
             delta_obj_dict = {}

src/config/common/tests/test_utils.py

@@ -1177,8 +1177,8 @@ def release(self):
             lock.release()
 
         def contenders(self):
-            _, contender = self._locks[self._path]
-            return [contender]
+            lock, contender = self._locks[self._path]
+            return [contender] if lock.locked() else []
 
         def destroy(self):
             self._locks.pop(self._path, None)