diff --git a/cmd/server.go b/cmd/server.go index 21a8fdf24..646983608 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -25,6 +25,7 @@ import ( "github.com/flanksource/incident-commander/incidents/responder" "github.com/flanksource/incident-commander/jobs" "github.com/flanksource/incident-commander/notification" + "github.com/flanksource/incident-commander/rbac" "github.com/flanksource/incident-commander/teams" // register event handlers @@ -133,6 +134,7 @@ func tableUpdatesHandler(ctx context.Context) { notificationUpdateCh := notifyRouter.GetOrCreateChannel("notifications") teamsUpdateChan := notifyRouter.GetOrCreateChannel("teams") + permissionUpdateChan := notifyRouter.GetOrCreateChannel("permissions") for { select { @@ -142,6 +144,13 @@ func tableUpdatesHandler(ctx context.Context) { case id := <-teamsUpdateChan: responder.PurgeCache(id) teams.PurgeCache(id) + + case <-permissionUpdateChan: + if err := rbac.ReloadPolicy(); err != nil { + ctx.Logger.Errorf("error reloading rbac policy due to permission updates: %v", err) + } else { + ctx.Logger.Debugf("reloading rbac policy due to permission updates") + } } } } diff --git a/go.mod b/go.mod index 47441d9d1..2a7dfcb66 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/containrrr/shoutrrr v0.8.0 github.com/fergusstrange/embedded-postgres v1.25.0 // indirect github.com/flanksource/commons v1.29.10 - github.com/flanksource/duty v1.0.689 + github.com/flanksource/duty v1.0.691 github.com/flanksource/gomplate/v3 v3.24.34 github.com/flanksource/kopper v1.0.10 github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 diff --git a/go.sum b/go.sum index eb031ab30..63d1f1582 100644 --- a/go.sum +++ b/go.sum @@ -877,8 +877,8 @@ github.com/flanksource/artifacts v1.0.14 h1:Vv70bccsae0MwGaf/uSPp34J5V1/PyKfct9z github.com/flanksource/artifacts v1.0.14/go.mod h1:qHVCnQu5k50aWNJ5UhpcAKEl7pAzqUrFFKGSm147G70= github.com/flanksource/commons v1.29.10 h1:T/S95Pl8kASEFvQjQ7fJjTUqeVdhxQXg1vfkULTYFJQ= github.com/flanksource/commons v1.29.10/go.mod h1:iTbrXOSp3Spv570Nly97D/U9cQjLZoVlmWCXqWzsvRU= -github.com/flanksource/duty v1.0.689 h1:rEww/gBYthQWwjST8Eh9rM8GmNgv9EnjJXTq5lg+yGw= -github.com/flanksource/duty v1.0.689/go.mod h1:XM1Y1FfW0TB4HvuP/GjwS3ZDvJKYM5o1wobgRIyqkuA= +github.com/flanksource/duty v1.0.691 h1:hWaKkX1OiK8VbGRvK9m1dkU1K0N6NhYijza9EdZs4oE= +github.com/flanksource/duty v1.0.691/go.mod h1:XM1Y1FfW0TB4HvuP/GjwS3ZDvJKYM5o1wobgRIyqkuA= github.com/flanksource/gomplate/v3 v3.20.4/go.mod h1:27BNWhzzSjDed1z8YShO6W+z6G9oZXuxfNFGd/iGSdc= github.com/flanksource/gomplate/v3 v3.24.34 h1:KeA7bim1OzUqBXTftumgdacMlb3fGX95Y0kOtBduYGQ= github.com/flanksource/gomplate/v3 v3.24.34/go.mod h1:FdQHxnyrBSmT5zNJTDq08oXxD+eOqti4ERanSoDmQAU= diff --git a/rbac/init.go b/rbac/init.go index 7cb505886..397e995a3 100644 --- a/rbac/init.go +++ b/rbac/init.go @@ -186,3 +186,7 @@ func Check(ctx context.Context, subject, object, action string) bool { return allowed } + +func ReloadPolicy() error { + return enforcer.LoadPolicy() +}