From e6b90c96577933c0f1370d0e9d15a5cc0658b1e1 Mon Sep 17 00:00:00 2001
From: Ingo Oppermann <ingo@datarhei.com>
Date: Wed, 9 Jul 2025 14:57:25 +0200
Subject: [PATCH] Fix leaking slices

---
 cluster/iam/adapter/policy.go | 20 +++++++-------------
 cluster/store/policy.go       |  9 +++++++--
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/cluster/iam/adapter/policy.go b/cluster/iam/adapter/policy.go
index 7df2d203..3d584dd0 100644
--- a/cluster/iam/adapter/policy.go
+++ b/cluster/iam/adapter/policy.go
@@ -29,23 +29,17 @@ func (a *policyAdapter) LoadPolicy(model policy.Model) error {
 	domains := map[string]struct{}{}
 
 	for _, p := range storePolicies.Policies {
-		if len(p.Domain) == 0 {
-			p.Domain = "$none"
+		policy := p.Clone()
+
+		if len(policy.Domain) == 0 {
+			policy.Domain = "$none"
 		}
 
-		if len(p.Types) == 0 {
-			p.Types = []string{"$none"}
+		if len(policy.Types) == 0 {
+			policy.Types = []string{"$none"}
 		}
 
-		policy := policy.Policy{
-			Name:     p.Name,
-			Domain:   p.Domain,
-			Types:    p.Types,
-			Resource: p.Resource,
-			Actions:  p.Actions,
-		}
-
-		domains[p.Domain] = struct{}{}
+		domains[policy.Domain] = struct{}{}
 
 		policies = append(policies, policy)
 	}
diff --git a/cluster/store/policy.go b/cluster/store/policy.go
index 04ded03a..ae9b950f 100644
--- a/cluster/store/policy.go
+++ b/cluster/store/policy.go
@@ -54,7 +54,9 @@ func (s *store) IAMPolicyList() Policies {
 	}
 
 	for _, policies := range s.data.Policies.Policies {
-		p.Policies = append(p.Policies, policies...)
+		for _, pol := range policies {
+			p.Policies = append(p.Policies, pol.Clone())
+		}
 	}
 
 	return p
@@ -74,7 +76,10 @@ func (s *store) IAMIdentityPolicyList(name string) Policies {
 	}
 
 	p.UpdatedAt = user.UpdatedAt
-	p.Policies = append(p.Policies, s.data.Policies.Policies[user.Name]...)
+
+	for _, pol := range s.data.Policies.Policies[user.Name] {
+		p.Policies = append(p.Policies, pol.Clone())
+	}
 
 	return p
 }