Fix lookupCache to work when idp has more users (#1321)

management/server/account.go

@@ -1082,9 +1082,6 @@ func (am *DefaultAccountManager) loadAccount(_ context.Context, accountID interf
 		if user.IsServiceUser {
 			continue
 		}
-		if user.Issued == UserIssuedIntegration {
-			continue
-		}
 		datum, ok := dataMap[user.Id]
 		if !ok {
 			log.Warnf("user %s not found in IDP", user.Id)
@@ -1191,19 +1188,20 @@ func (am *DefaultAccountManager) lookupCache(accountUsers map[string]struct{}, a
 		userDataMap[datum.ID] = struct{}{}
 	}
 
-	// check whether we need to reload the cache
+	// the accountUsers ID list of non integration users from store, we check if cache has all of them
-	// the accountUsers ID list is the source of truth and all the users should be in the cache
+	// as result of for loop knownUsersCount will have number of users are not presented in the cashed
-	reload := len(accountUsers) != len(data)
+	knownUsersCount := len(accountUsers)
 	for user := range accountUsers {
-		if _, ok := userDataMap[user]; !ok {
+		if _, ok := userDataMap[user]; ok {
-			reload = true
+			knownUsersCount--
-			log.Debugf("idp cache doesn't have user %s", user)
+			continue
-			break
 		}
+		log.Debugf("cache doesn't know about %s user", user)
 	}
 
-	if reload {
+	// if we know users that are not yet in cache more likely cache is outdated
-		log.Debugf("reload cache, len(accountUsers) = %d, len(data) = %d", len(accountUsers), len(data))
+	if knownUsersCount > 0 {
+		log.Debugf("cache doesn't know about %d users from store, reloading", knownUsersCount)
 		// reload cache once avoiding loops
 		data, err = am.refreshCache(accountID)
 		if err != nil {