run IAM purge routines deterministically every hr (minio#20587)

Existing implementation runs IAM purge routines for expired LDAP and OIDC accounts with a probability of 0.25 after every IAM refresh. This change ensures that they are run once in each hour.
Loongson-Cloud-Community · Oct 29, 2024 · c4239ce · c4239ce
1 parent f85c28e
commit c4239ce
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/cmd/iam.go b/cmd/iam.go
@@ -406,6 +406,7 @@ func (sys *IAMSys) periodicRoutines(ctx context.Context, baseInterval time.Durat
 	timer := time.NewTimer(waitInterval())
 	defer timer.Stop()
 
+	lastPurgeHour := -1
 	for {
 		select {
 		case <-timer.C:
@@ -421,9 +422,9 @@ func (sys *IAMSys) periodicRoutines(ctx context.Context, baseInterval time.Durat
 				}
 			}
 
-			// The following actions are performed about once in 4 times that
-			// IAM is refreshed:
-			if r.Intn(4) == 0 {
+			// Run purge routines once in each hour.
+			if refreshStart.Hour() != lastPurgeHour {
+				lastPurgeHour = refreshStart.Hour()
 				// Poll and remove accounts for those users who were removed
 				// from LDAP/OpenID.
 				if sys.LDAPConfig.Enabled() {