Merge pull request #1629 from micro/auth/rules-fix

Auth: Load rules if not present
This commit is contained in:
ben-toogood 2020-05-13 17:27:53 +01:00 committed by GitHub
commit ebd53794af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -59,17 +59,14 @@ func (s *svc) Init(opts ...auth.Option) {
go func() {
ruleTimer := time.NewTicker(time.Second * 30)
// load rules immediately on startup
s.loadRules()
for {
<-ruleTimer.C
// jitter for up to 5 seconds, this stops
// all the services calling the auth service
// at the exact same time
time.Sleep(jitter.Do(time.Second * 5))
s.loadRules()
<-ruleTimer.C
}
}()
}
@ -132,6 +129,9 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
// Verify an account has access to a resource
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
// load the rules if none are loaded
s.loadRulesIfEmpty()
// set the namespace on the resource
if len(res.Namespace) == 0 {
res.Namespace = s.Options().Namespace
@ -286,6 +286,16 @@ func (s *svc) loadRules() {
s.rules = rsp.Rules
}
func (s *svc) loadRulesIfEmpty() {
s.Lock()
rules := s.rules
s.Unlock()
if len(rules) == 0 {
s.loadRules()
}
}
func serializeToken(t *pb.Token) *auth.Token {
return &auth.Token{
AccessToken: t.AccessToken,