Skip to content

Commit 66baacf

Browse files
stgraberstgraber
committed
incusd/auth/openfga: Force OpenFGA update on initial config and patching
Signed-off-by: Stéphane Graber <[email protected]>
1 parent 873000c commit 66baacf

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

internal/server/auth/driver_openfga.go

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -158,15 +158,15 @@ func (f *fga) ApplyPatch(ctx context.Context, name string) error {
158158
}
159159

160160
if !resp.GetAllowed() {
161-
err = f.updateTuples(ctx, []client.ClientTupleKey{
161+
err = f.sendTuples(ctx, []client.ClientTupleKey{
162162
{User: "user:*", Relation: "authenticated", Object: ObjectServer().String()},
163163
}, nil)
164164
if err != nil {
165165
return err
166166
}
167167

168168
// Attempt to clear the former version of this permission.
169-
_ = f.updateTuples(ctx, nil, []client.ClientTupleKeyWithoutCondition{
169+
_ = f.sendTuples(ctx, nil, []client.ClientTupleKeyWithoutCondition{
170170
{User: "user:*", Relation: "viewer", Object: ObjectServer().String()},
171171
})
172172
}
@@ -210,7 +210,7 @@ func (f *fga) connect(ctx context.Context, certificateCache *certificate.Cache,
210210
}
211211

212212
// Allow basic authenticated access.
213-
err = f.updateTuples(ctx, []client.ClientTupleKey{
213+
err = f.sendTuples(ctx, []client.ClientTupleKey{
214214
{User: "user:*", Relation: "authenticated", Object: ObjectServer().String()},
215215
}, nil)
216216
if err != nil {
@@ -866,6 +866,7 @@ func (f *fga) DeleteStorageBucket(ctx context.Context, projectName string, stora
866866
return f.updateTuples(ctx, nil, deletions)
867867
}
868868

869+
// updateTuples sends an object update to OpenFGA if it's currently online.
869870
func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey, deletions []client.ClientTupleKeyWithoutCondition) error {
870871
// If offline, skip updating as a full sync will happen after connection.
871872
if !f.online {
@@ -876,6 +877,11 @@ func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey,
876877
return nil
877878
}
878879

880+
return f.sendTuples(ctx, writes, deletions)
881+
}
882+
883+
// sendTuples directly sends the write/deletion tuples to OpenFGA.
884+
func (f *fga) sendTuples(ctx context.Context, writes []client.ClientTupleKey, deletions []client.ClientTupleKeyWithoutCondition) error {
879885
ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
880886
defer cancel()
881887

0 commit comments

Comments
 (0)