MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

run IAM purge routines deterministically every hr (#20587) 

Existing implementation runs IAM purge routines for expired LDAP and
OIDC accounts with a probability of 0.25 after every IAM refresh. This
change ensures that they are run once in each hour.
This commit is contained in:
Aditya Manthramurthy 2024-10-29 09:01:48 -07:00 committed by GitHub
parent f85c28e960
commit c4239ced22
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/iam.go
View File

@ -406,6 +406,7 @@ func (sys *IAMSys) periodicRoutines(ctx context.Context, baseInterval time.Durat
timer := time.NewTimer(waitInterval()) timer := time.NewTimer(waitInterval())
defer timer.Stop() defer timer.Stop()
lastPurgeHour := -1
for { for {
select { select {
case <-timer.C: case <-timer.C:
@ -421,9 +422,9 @@ func (sys *IAMSys) periodicRoutines(ctx context.Context, baseInterval time.Durat
} }
} }
// The following actions are performed about once in 4 times that // Run purge routines once in each hour.
// IAM is refreshed: if refreshStart.Hour() != lastPurgeHour {
if r.Intn(4) == 0 { lastPurgeHour = refreshStart.Hour()
// Poll and remove accounts for those users who were removed // Poll and remove accounts for those users who were removed
// from LDAP/OpenID. // from LDAP/OpenID.
if sys.LDAPConfig.Enabled() { if sys.LDAPConfig.Enabled() {