Auth: Load rules if not present
This commit is contained in:
parent
cf61d98635
commit
2299244332
@ -59,17 +59,14 @@ func (s *svc) Init(opts ...auth.Option) {
|
|||||||
go func() {
|
go func() {
|
||||||
ruleTimer := time.NewTicker(time.Second * 30)
|
ruleTimer := time.NewTicker(time.Second * 30)
|
||||||
|
|
||||||
// load rules immediately on startup
|
|
||||||
s.loadRules()
|
|
||||||
|
|
||||||
for {
|
for {
|
||||||
<-ruleTimer.C
|
|
||||||
|
|
||||||
// jitter for up to 5 seconds, this stops
|
// jitter for up to 5 seconds, this stops
|
||||||
// all the services calling the auth service
|
// all the services calling the auth service
|
||||||
// at the exact same time
|
// at the exact same time
|
||||||
time.Sleep(jitter.Do(time.Second * 5))
|
time.Sleep(jitter.Do(time.Second * 5))
|
||||||
s.loadRules()
|
s.loadRules()
|
||||||
|
|
||||||
|
<-ruleTimer.C
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
@ -132,6 +129,9 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
|
|||||||
|
|
||||||
// Verify an account has access to a resource
|
// Verify an account has access to a resource
|
||||||
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
||||||
|
// load the rules if none are loaded
|
||||||
|
s.loadRulesIfEmpty()
|
||||||
|
|
||||||
// set the namespace on the resource
|
// set the namespace on the resource
|
||||||
if len(res.Namespace) == 0 {
|
if len(res.Namespace) == 0 {
|
||||||
res.Namespace = s.Options().Namespace
|
res.Namespace = s.Options().Namespace
|
||||||
@ -286,6 +286,16 @@ func (s *svc) loadRules() {
|
|||||||
s.rules = rsp.Rules
|
s.rules = rsp.Rules
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *svc) loadRulesIfEmpty() {
|
||||||
|
s.Lock()
|
||||||
|
rules := s.rules
|
||||||
|
s.Unlock()
|
||||||
|
|
||||||
|
if len(rules) == 0 {
|
||||||
|
s.loadRules()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func serializeToken(t *pb.Token) *auth.Token {
|
func serializeToken(t *pb.Token) *auth.Token {
|
||||||
return &auth.Token{
|
return &auth.Token{
|
||||||
AccessToken: t.AccessToken,
|
AccessToken: t.AccessToken,
|
||||||
|
Loading…
Reference in New Issue
Block a user