goto / guardian

Summary
Currently, when the identity service config is specified in the policy, the appeal creation would failed when the identity service returns an error or the user is not found. In a case where user details not found is allowed, the appeal won't be created unless the user exists in the identity service.

Proposed solution
Add a configuration option to make appeal creation not depending on identity service fetch. Appeal would still got created regardless the result from identity service.

guardian/core/appeal/service.go

Lines 1074 to 1077 in 2f1b5bf

    
           userDetails, err := iamClient.GetUser(a.CreatedBy) 
        
           if err != nil { 
        
           	return fmt.Errorf("fetching creator's user iam: %w", err) 
        
           }

Change the code above to log the error and return nil when there's an error from GetUser fetch

	userDetails, err := iamClient.GetUser(a.CreatedBy)
	if err != nil {
	return fmt.Errorf("fetching creator's user iam: %w", err)
	}

Make appeal creator details fetch to external identity service non-blocking