From ddb18a8c3c7ebac0a092b268e30ad1f0faf3825a Mon Sep 17 00:00:00 2001
From: Ingo Oppermann <ingo@datarhei.com>
Date: Mon, 26 Jun 2023 14:05:22 +0200
Subject: [PATCH] Return error on reload on encountering an invalid identity

---
 cluster/iam/iam.go       | 15 +++++++++++----
 iam/identity/identity.go |  2 +-
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/cluster/iam/iam.go b/cluster/iam/iam.go
index 99e0b677..948217b4 100644
--- a/cluster/iam/iam.go
+++ b/cluster/iam/iam.go
@@ -41,15 +41,22 @@ func New(config iam.Config, store store.Store) (iam.IAM, error) {
 
 func (m *manager) apply(op store.Operation) {
 	m.logger.Debug().WithField("operation", string(op)).Log("Applying action on operation")
+
+	var err error
+
 	switch op {
 	case store.OpAddIdentity:
-		m.ReloadIndentities()
+		err = m.ReloadIndentities()
 	case store.OpUpdateIdentity:
-		m.ReloadIndentities()
+		err = m.ReloadIndentities()
 	case store.OpRemoveIdentity:
-		m.ReloadIndentities()
+		err = m.ReloadIndentities()
 	case store.OpSetPolicies:
-		m.ReloadPolicies()
+		err = m.ReloadPolicies()
+	}
+
+	if err != nil {
+		m.logger.Error().WithError(err).WithField("operation", string(op)).Log("")
 	}
 }
 
diff --git a/iam/identity/identity.go b/iam/identity/identity.go
index 8453b774..8272e3e0 100644
--- a/iam/identity/identity.go
+++ b/iam/identity/identity.go
@@ -607,7 +607,7 @@ func (im *identityManager) Reload() error {
 		}
 
 		if err := u.Validate(); err != nil {
-			continue
+			return fmt.Errorf("invalid user from adapter: %s, %w", u.Name, err)
 		}
 
 		identity, err := im.create(u)