fix getting updated user namespaces

core/clustersmngr/factory.go

@@ -129,6 +129,8 @@ type clustersManager struct {
 	kubeConfigOptions   []KubeConfigOption
 	// list of watchers to notify of clusters updates
 	watchers []*ClustersWatcher
+
+	usersLock sync.Map
 }
 
 // ClusterListUpdate records the changes to the cluster state managed by the factory.
@@ -458,7 +460,11 @@ func (cf *clustersManager) UpdateUserNamespaces(ctx context.Context, user *auth.
 		go func(cluster Cluster) {
 			defer wg.Done()
 
-			clusterNs := cf.clustersNamespaces.Get(cluster.Name)
+			clusterNs, found := cf.clustersNamespaces.Get(cluster.Name)
+			if !found {
+				cf.log.Error(nil, "failed to get cluster namespaces", "cluster", cluster.Name)
+				return
+			}
 
 			cfg, err := ClientConfigWithUser(user, cf.kubeConfigOptions...)(cluster)
 			if err != nil {
@@ -479,11 +485,21 @@ func (cf *clustersManager) UpdateUserNamespaces(ctx context.Context, user *auth.
 	wg.Wait()
 }
 
+func (cf *clustersManager) LockUser(user *auth.UserPrincipal) *sync.Mutex {
+	actual, _ := cf.usersLock.LoadOrStore(user.Hash(), &sync.Mutex{})
+	lock := actual.(*sync.Mutex)
+	lock.Lock()
+	return lock
+}
+
 func (cf *clustersManager) GetUserNamespaces(user *auth.UserPrincipal) map[string][]v1.Namespace {
 	return cf.usersNamespaces.GetAll(user, cf.clusters.Get())
 }
 
 func (cf *clustersManager) userNsList(ctx context.Context, user *auth.UserPrincipal) map[string][]v1.Namespace {
+	userLock := cf.LockUser(user)
+	defer userLock.Unlock()
+
 	userNamespaces := cf.GetUserNamespaces(user)
 	if len(userNamespaces) > 0 {
 		return userNamespaces

core/clustersmngr/factory_caches.go

@@ -105,11 +105,16 @@ func (cn *ClustersNamespaces) Clear() {
 	cn.namespaces = make(map[string][]v1.Namespace)
 }
 
-func (cn *ClustersNamespaces) Get(cluster string) []v1.Namespace {
+func (cn *ClustersNamespaces) Get(cluster string) ([]v1.Namespace, bool) {
 	cn.Lock()
 	defer cn.Unlock()
 
-	return cn.namespaces[cluster]
+	clusterObj, ok := cn.namespaces[cluster]
+	if !ok {
+		return nil, false
+	}
+
+	return clusterObj, true
 }
 
 type UsersNamespaces struct {
@@ -147,7 +152,7 @@ func (un *UsersNamespaces) Clear() {
 }
 
 func (un UsersNamespaces) cacheKey(user *auth.UserPrincipal, cluster string) uint64 {
-	return ttlcache.StringKey(fmt.Sprintf("%s:%s", user.ID, cluster))
+	return ttlcache.StringKey(fmt.Sprintf("%s:%s", user.Hash(), cluster))
 }
 
 type UsersClients struct {

core/clustersmngr/factory_caches_test.go

@@ -75,11 +75,14 @@ func TestClustersNamespaces(t *testing.T) {
 
 	cs.Set(clusterName, []v1.Namespace{ns})
 
-	g.Expect(cs.Get(clusterName)).To(Equal([]v1.Namespace{ns}))
+	got, found := cs.Get(clusterName)
+	g.Expect(found).To(BeTrue())
+	g.Expect(got).To(Equal([]v1.Namespace{ns}))
 
 	cs.Clear()
 
-	g.Expect(cs.Get(clusterName)).To(HaveLen(0))
+	_, found = cs.Get(clusterName)
+	g.Expect(found).To(BeFalse())
 }
 
 func TestClusterSet_Set(t *testing.T) {

core/clustersmngr/factory_test.go

@@ -182,6 +182,7 @@ func TestUpdateUsers(t *testing.T) {
 		clustersFetcher.FetchReturns([]clustersmngr.Cluster{c1, c2}, nil)
 
 		g.Expect(clustersManager.UpdateClusters(ctx)).To(Succeed())
+		g.Expect(clustersManager.UpdateNamespaces(ctx))
 		clustersManager.UpdateUserNamespaces(ctx, u1)
 
 		contents := clustersManager.GetUserNamespaces(u1)

pkg/server/auth/auth.go

@@ -2,8 +2,10 @@ package auth
 
 import (
 	"context"
+	"crypto/md5"
 	"crypto/rand"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -98,6 +100,12 @@ func (p *UserPrincipal) String() string {
 	return fmt.Sprintf("id=%q groups=%v", p.ID, p.Groups)
 }
 
+// Hash returns a unique string using user id,token and groups.
+func (p *UserPrincipal) Hash() string {
+	hash := md5.Sum([]byte(fmt.Sprintf("%s/%s/%v", p.ID, p.Token(), p.Groups)))
+	return hex.EncodeToString(hash[:])
+}
+
 func (p *UserPrincipal) Valid() bool {
 	if p.ID == "" && p.Token() == "" {
 		return false

pkg/server/auth/auth_test.go

@@ -331,7 +331,17 @@ func TestUserPrincipal_String(t *testing.T) {
 	// principal is logged out.
 	p := auth.NewUserPrincipal(auth.ID("testing"), auth.Groups([]string{"group1", "group2"}), auth.Token("test-token"))
 
-	if s := p.String(); s != `id="testing" groups=[group1 group2]` {
-		t.Fatalf("principal.String() got %s, want %s", s, `id="testing" groups=[group1 group2]`)
+	want := `id="testing" groups=[group1 group2]`
+	if s := p.String(); s != want {
+		t.Fatalf("principal.String() got %s, want %s", s, want)
+	}
+}
+
+func TestUserPrincipal_Hash(t *testing.T) {
+	p := auth.NewUserPrincipal(auth.ID("testing"), auth.Groups([]string{"group1", "group2"}), auth.Token("test-token"))
+
+	want := "f6b28168aaeae03685db1e9151a397a8"
+	if s := p.Hash(); s != want {
+		t.Fatalf("principal.String() got %s, want %s", s, want)
 	}
 }