incusd/auth/openfga: Re-sync resources hourly

Closes #272 Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
lxc · Dec 5, 2023 · 8c0effd · 8c0effd
1 parent fca5c56
commit 8c0effd
Showing 1 changed file with 19 additions and 10 deletions.
diff --git a/internal/server/auth/driver_openfga.go b/internal/server/auth/driver_openfga.go
@@ -237,18 +237,27 @@ func (f *fga) connect(ctx context.Context, certificateCache *certificate.Cache,
 	}
 
 	if opts.resourcesFunc != nil {
-		resources, err := opts.resourcesFunc()
-		if err != nil {
-			return err
-		}
+		// Start resource sync routine.
+		go func(resourcesFunc func() (*Resources, error)) {
+			for {
+				resources, err := resourcesFunc()
+				if err == nil {
+					err := f.syncResources(f.shutdownCtx, *resources)
+					if err != nil {
+						logger.Error("Failed background OpenFGA resource sync", logger.Ctx{"err": err})
+					}
+				} else {
+					logger.Error("Failed getting local OpenFGA resources", logger.Ctx{"err": err})
+				}
 
-		// resources is nil if we're not supposed to perform an update.
-		if resources != nil {
-			err := f.syncResources(ctx, *resources)
-			if err != nil {
-				return err
+				select {
+				case <-time.After(time.Hour):
+					continue
+				case <-f.shutdownCtx.Done():
+					return
+				}
 			}
-		}
+		}(opts.resourcesFunc)
 	}
 
 	return nil