Merge pull request #1629 from micro/auth/rules-fix

Auth: Load rules if not present
2020-05-13 17:27:53 +01:00
parent cf61d98635 2299244332
commit ebd53794af
1 changed files with 15 additions and 5 deletions
--- a/auth/service/service.go
+++ b/auth/service/service.go
@@ -59,17 +59,14 @@ func (s *svc) Init(opts ...auth.Option) {
 	go func() {
 		ruleTimer := time.NewTicker(time.Second * 30)
 		// load rules immediately on startup
 		s.loadRules()
 		for {
 			<-ruleTimer.C
 			// jitter for up to 5 seconds, this stops
 			// all the services calling the auth service
 			// at the exact same time
 			time.Sleep(jitter.Do(time.Second * 5))
 			s.loadRules()
 			<-ruleTimer.C
 		}
 	}()
 }
@@ -132,6 +129,9 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
 // Verify an account has access to a resource
 func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 	// load the rules if none are loaded
 	s.loadRulesIfEmpty()
 	// set the namespace on the resource
 	if len(res.Namespace) == 0 {
 		res.Namespace = s.Options().Namespace
@@ -286,6 +286,16 @@ func (s *svc) loadRules() {
 	s.rules = rsp.Rules
 }
 func (s *svc) loadRulesIfEmpty() {
 	s.Lock()
 	rules := s.rules
 	s.Unlock()
 	if len(rules) == 0 {
 		s.loadRules()
 	}
 }
 func serializeToken(t *pb.Token) *auth.Token {
 	return &auth.Token{
 		AccessToken:  t.AccessToken,