diff --git a/acl/cache.go b/acl/cache.go index 2b1409ea9..22d13d7b9 100644 --- a/acl/cache.go +++ b/acl/cache.go @@ -14,6 +14,7 @@ type FaultFunc func(id string) (string, string, error) // aclEntry allows us to store the ACL with it's policy ID type aclEntry struct { ACL ACL + Parent string PolicyID string } @@ -72,23 +73,24 @@ func (c *Cache) ruleID(rules string) string { // GetACLPolicy is used to get the potentially cached ACL // policy. If not cached, it will be generated and then cached. -func (c *Cache) GetACLPolicy(id string) (*Policy, error) { +func (c *Cache) GetACLPolicy(id string) (string, *Policy, error) { // Check for a cached acl if raw, ok := c.aclCache.Get(id); ok { cached := raw.(aclEntry) if raw, ok := c.ruleCache.Get(cached.PolicyID); ok { - return raw.(*Policy), nil + return cached.Parent, raw.(*Policy), nil } } // Fault in the rules - _, rules, err := c.faultfn(id) + parent, rules, err := c.faultfn(id) if err != nil { - return nil, err + return "", nil, err } // Get cached - return c.GetPolicy(rules) + policy, err := c.GetPolicy(rules) + return parent, policy, err } // GetACL is used to get a potentially cached ACL policy. @@ -139,7 +141,7 @@ func (c *Cache) GetACL(id string) (ACL, error) { } // Cache and return the ACL - c.aclCache.Add(id, aclEntry{compiled, ruleID}) + c.aclCache.Add(id, aclEntry{compiled, parentID, ruleID}) return compiled, nil } diff --git a/acl/cache_test.go b/acl/cache_test.go index 96b06ba34..8502e44d3 100644 --- a/acl/cache_test.go +++ b/acl/cache_test.go @@ -182,19 +182,25 @@ func TestCache_GetACLPolicy(t *testing.T) { t.Fatalf("err: %v", err) } - p2, err := c.GetACLPolicy("foo") + parent, p2, err := c.GetACLPolicy("foo") if err != nil { t.Fatalf("err: %v", err) } + if parent != "deny" { + t.Fatalf("bad: %v", parent) + } if p2 != p { t.Fatalf("expected cached policy") } - p3, err := c.GetACLPolicy("bar") + parent, p3, err := c.GetACLPolicy("bar") if err != nil { t.Fatalf("err: %v", err) } + if parent != "deny" { + t.Fatalf("bad: %v", parent) + } if p3 != p { t.Fatalf("expected cached policy")