Merge pull request #1472 from stgraber/main

incusd/auth/openfga: refresh model before applying patches
lxc · Dec 7, 2024 · f6628ea · f6628ea
2 parents 06d46f8 + 70e99b2
commit f6628ea
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/internal/server/auth/driver_openfga.go b/internal/server/auth/driver_openfga.go
@@ -146,6 +146,13 @@ func (f *fga) StopService(ctx context.Context) error {
 
 // ApplyPatch is called when an applicable server patch is run, this triggers a model re-upload.
 func (f *fga) ApplyPatch(ctx context.Context, name string) error {
+	// Always refresh the model.
+	logger.Info("Refreshing the OpenFGA model")
+	err := f.refreshModel(ctx)
+	if err != nil {
+		return err
+	}
+
 	if name == "auth_openfga_viewer" {
 		// Add the public access permission if not set.
 		resp, err := f.client.Check(ctx).Body(client.ClientCheckRequest{
@@ -172,9 +179,7 @@ func (f *fga) ApplyPatch(ctx context.Context, name string) error {
 		}
 	}
 
-	// Always refresh the model.
-	logger.Info("Refreshing the OpenFGA model")
-	return f.refreshModel(ctx)
+	return nil
 }
 
 func (f *fga) refreshModel(ctx context.Context) error {