mirror of https://github.com/minio/minio.git
add thread context in surrounding function into IAM functions (#13658)
This commit is contained in:
parent
7752cdbfaf
commit
07c5e72cdb
|
@ -58,7 +58,7 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.DeleteUser(accessKey); err != nil {
|
if err := globalIAMSys.DeleteUser(ctx, accessKey); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -191,7 +191,7 @@ func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
userInfo, err := globalIAMSys.GetUserInfo(name)
|
userInfo, err := globalIAMSys.GetUserInfo(ctx, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
|
@ -231,9 +231,9 @@ func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Requ
|
||||||
}
|
}
|
||||||
|
|
||||||
if updReq.IsRemove {
|
if updReq.IsRemove {
|
||||||
err = globalIAMSys.RemoveUsersFromGroup(updReq.Group, updReq.Members)
|
err = globalIAMSys.RemoveUsersFromGroup(ctx, updReq.Group, updReq.Members)
|
||||||
} else {
|
} else {
|
||||||
err = globalIAMSys.AddUsersToGroup(updReq.Group, updReq.Members)
|
err = globalIAMSys.AddUsersToGroup(ctx, updReq.Group, updReq.Members)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -292,7 +292,7 @@ func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
groups, err := globalIAMSys.ListGroups()
|
groups, err := globalIAMSys.ListGroups(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
|
@ -324,9 +324,9 @@ func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request)
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
if status == statusEnabled {
|
if status == statusEnabled {
|
||||||
err = globalIAMSys.SetGroupStatus(group, true)
|
err = globalIAMSys.SetGroupStatus(ctx, group, true)
|
||||||
} else if status == statusDisabled {
|
} else if status == statusDisabled {
|
||||||
err = globalIAMSys.SetGroupStatus(group, false)
|
err = globalIAMSys.SetGroupStatus(ctx, group, false)
|
||||||
} else {
|
} else {
|
||||||
err = errInvalidArgument
|
err = errInvalidArgument
|
||||||
}
|
}
|
||||||
|
@ -367,7 +367,7 @@ func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.SetUserStatus(accessKey, madmin.AccountStatus(status)); err != nil {
|
if err := globalIAMSys.SetUserStatus(ctx, accessKey, madmin.AccountStatus(status)); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -477,7 +477,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = globalIAMSys.CreateUser(accessKey, uinfo); err != nil {
|
if err = globalIAMSys.CreateUser(ctx, accessKey, uinfo); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1304,7 +1304,7 @@ func (a adminAPIHandlers) ListBucketPolicies(w http.ResponseWriter, r *http.Requ
|
||||||
}
|
}
|
||||||
|
|
||||||
bucket := mux.Vars(r)["bucket"]
|
bucket := mux.Vars(r)["bucket"]
|
||||||
policies, err := globalIAMSys.ListPolicies(bucket)
|
policies, err := globalIAMSys.ListPolicies(ctx, bucket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
|
@ -1336,7 +1336,7 @@ func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Requ
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
policies, err := globalIAMSys.ListPolicies("")
|
policies, err := globalIAMSys.ListPolicies(ctx, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
|
@ -1371,7 +1371,7 @@ func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Requ
|
||||||
vars := mux.Vars(r)
|
vars := mux.Vars(r)
|
||||||
policyName := vars["name"]
|
policyName := vars["name"]
|
||||||
|
|
||||||
if err := globalIAMSys.DeletePolicy(policyName); err != nil {
|
if err := globalIAMSys.DeletePolicy(ctx, policyName); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1439,7 +1439,7 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = globalIAMSys.SetPolicy(policyName, *iamPolicy); err != nil {
|
if err = globalIAMSys.SetPolicy(ctx, policyName, *iamPolicy); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1494,7 +1494,7 @@ func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.PolicyDBSet(entityName, policyName, isGroup); err != nil {
|
if err := globalIAMSys.PolicyDBSet(ctx, entityName, policyName, isGroup); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -1353,7 +1353,7 @@ func (store *IAMStoreSys) SetTempUser(ctx context.Context, accessKey string, cre
|
||||||
}
|
}
|
||||||
|
|
||||||
u := newUserIdentity(cred)
|
u := newUserIdentity(cred)
|
||||||
err := store.saveUserIdentity(context.Background(), accessKey, stsUser, u, options{ttl: ttl})
|
err := store.saveUserIdentity(ctx, accessKey, stsUser, u, options{ttl: ttl})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
90
cmd/iam.go
90
cmd/iam.go
|
@ -87,26 +87,26 @@ const (
|
||||||
// storage, it is removed from in-memory maps as well - this
|
// storage, it is removed from in-memory maps as well - this
|
||||||
// simplifies the implementation for group removal. This is called
|
// simplifies the implementation for group removal. This is called
|
||||||
// only via IAM notifications.
|
// only via IAM notifications.
|
||||||
func (sys *IAMSys) LoadGroup(objAPI ObjectLayer, group string) error {
|
func (sys *IAMSys) LoadGroup(ctx context.Context, objAPI ObjectLayer, group string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.GroupNotificationHandler(context.Background(), group)
|
return sys.store.GroupNotificationHandler(ctx, group)
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadPolicy - reloads a specific canned policy from backend disks or etcd.
|
// LoadPolicy - reloads a specific canned policy from backend disks or etcd.
|
||||||
func (sys *IAMSys) LoadPolicy(objAPI ObjectLayer, policyName string) error {
|
func (sys *IAMSys) LoadPolicy(ctx context.Context, objAPI ObjectLayer, policyName string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.PolicyNotificationHandler(context.Background(), policyName)
|
return sys.store.PolicyNotificationHandler(ctx, policyName)
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadPolicyMapping - loads the mapped policy for a user or group
|
// LoadPolicyMapping - loads the mapped policy for a user or group
|
||||||
// from storage into server memory.
|
// from storage into server memory.
|
||||||
func (sys *IAMSys) LoadPolicyMapping(objAPI ObjectLayer, userOrGroup string, isGroup bool) error {
|
func (sys *IAMSys) LoadPolicyMapping(ctx context.Context, objAPI ObjectLayer, userOrGroup string, isGroup bool) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -117,25 +117,25 @@ func (sys *IAMSys) LoadPolicyMapping(objAPI ObjectLayer, userOrGroup string, isG
|
||||||
userType = stsUser
|
userType = stsUser
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.PolicyMappingNotificationHandler(context.Background(), userOrGroup, isGroup, userType)
|
return sys.store.PolicyMappingNotificationHandler(ctx, userOrGroup, isGroup, userType)
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadUser - reloads a specific user from backend disks or etcd.
|
// LoadUser - reloads a specific user from backend disks or etcd.
|
||||||
func (sys *IAMSys) LoadUser(objAPI ObjectLayer, accessKey string, userType IAMUserType) error {
|
func (sys *IAMSys) LoadUser(ctx context.Context, objAPI ObjectLayer, accessKey string, userType IAMUserType) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.UserNotificationHandler(context.Background(), accessKey, userType)
|
return sys.store.UserNotificationHandler(ctx, accessKey, userType)
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadServiceAccount - reloads a specific service account from backend disks or etcd.
|
// LoadServiceAccount - reloads a specific service account from backend disks or etcd.
|
||||||
func (sys *IAMSys) LoadServiceAccount(accessKey string) error {
|
func (sys *IAMSys) LoadServiceAccount(ctx context.Context, accessKey string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.UserNotificationHandler(context.Background(), accessKey, svcUser)
|
return sys.store.UserNotificationHandler(ctx, accessKey, svcUser)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Perform IAM configuration migration.
|
// Perform IAM configuration migration.
|
||||||
|
@ -338,7 +338,7 @@ func (sys *IAMSys) watch(ctx context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (sys *IAMSys) loadWatchedEvent(outerCtx context.Context, event iamWatchEvent) (err error) {
|
func (sys *IAMSys) loadWatchedEvent(ctx context.Context, event iamWatchEvent) (err error) {
|
||||||
usersPrefix := strings.HasPrefix(event.keyPath, iamConfigUsersPrefix)
|
usersPrefix := strings.HasPrefix(event.keyPath, iamConfigUsersPrefix)
|
||||||
groupsPrefix := strings.HasPrefix(event.keyPath, iamConfigGroupsPrefix)
|
groupsPrefix := strings.HasPrefix(event.keyPath, iamConfigGroupsPrefix)
|
||||||
stsPrefix := strings.HasPrefix(event.keyPath, iamConfigSTSPrefix)
|
stsPrefix := strings.HasPrefix(event.keyPath, iamConfigSTSPrefix)
|
||||||
|
@ -348,7 +348,7 @@ func (sys *IAMSys) loadWatchedEvent(outerCtx context.Context, event iamWatchEven
|
||||||
policyDBSTSUsersPrefix := strings.HasPrefix(event.keyPath, iamConfigPolicyDBSTSUsersPrefix)
|
policyDBSTSUsersPrefix := strings.HasPrefix(event.keyPath, iamConfigPolicyDBSTSUsersPrefix)
|
||||||
policyDBGroupsPrefix := strings.HasPrefix(event.keyPath, iamConfigPolicyDBGroupsPrefix)
|
policyDBGroupsPrefix := strings.HasPrefix(event.keyPath, iamConfigPolicyDBGroupsPrefix)
|
||||||
|
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
|
ctx, cancel := context.WithTimeout(ctx, defaultContextTimeout)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
if event.isCreated {
|
if event.isCreated {
|
||||||
|
@ -417,12 +417,12 @@ func (sys *IAMSys) loadWatchedEvent(outerCtx context.Context, event iamWatchEven
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeletePolicy - deletes a canned policy from backend or etcd.
|
// DeletePolicy - deletes a canned policy from backend or etcd.
|
||||||
func (sys *IAMSys) DeletePolicy(policyName string) error {
|
func (sys *IAMSys) DeletePolicy(ctx context.Context, policyName string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.DeletePolicy(context.Background(), policyName)
|
return sys.store.DeletePolicy(ctx, policyName)
|
||||||
}
|
}
|
||||||
|
|
||||||
// InfoPolicy - expands the canned policy into its JSON structure.
|
// InfoPolicy - expands the canned policy into its JSON structure.
|
||||||
|
@ -435,32 +435,32 @@ func (sys *IAMSys) InfoPolicy(policyName string) (iampolicy.Policy, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListPolicies - lists all canned policies.
|
// ListPolicies - lists all canned policies.
|
||||||
func (sys *IAMSys) ListPolicies(bucketName string) (map[string]iampolicy.Policy, error) {
|
func (sys *IAMSys) ListPolicies(ctx context.Context, bucketName string) (map[string]iampolicy.Policy, error) {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return nil, errServerNotInitialized
|
return nil, errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
<-sys.configLoaded
|
<-sys.configLoaded
|
||||||
|
|
||||||
return sys.store.ListPolicies(context.Background(), bucketName)
|
return sys.store.ListPolicies(ctx, bucketName)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetPolicy - sets a new named policy.
|
// SetPolicy - sets a new named policy.
|
||||||
func (sys *IAMSys) SetPolicy(policyName string, p iampolicy.Policy) error {
|
func (sys *IAMSys) SetPolicy(ctx context.Context, policyName string, p iampolicy.Policy) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.SetPolicy(context.Background(), policyName, p)
|
return sys.store.SetPolicy(ctx, policyName, p)
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeleteUser - delete user (only for long-term users not STS users).
|
// DeleteUser - delete user (only for long-term users not STS users).
|
||||||
func (sys *IAMSys) DeleteUser(accessKey string) error {
|
func (sys *IAMSys) DeleteUser(ctx context.Context, accessKey string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.DeleteUser(context.Background(), accessKey, regUser)
|
return sys.store.DeleteUser(ctx, accessKey, regUser)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CurrentPolicies - returns comma separated policy string, from
|
// CurrentPolicies - returns comma separated policy string, from
|
||||||
|
@ -476,7 +476,7 @@ func (sys *IAMSys) CurrentPolicies(policyName string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetTempUser - set temporary user credentials, these credentials have an expiry.
|
// SetTempUser - set temporary user credentials, these credentials have an expiry.
|
||||||
func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials, policyName string) error {
|
func (sys *IAMSys) SetTempUser(ctx context.Context, accessKey string, cred auth.Credentials, policyName string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -486,7 +486,7 @@ func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials, policyNa
|
||||||
policyName = ""
|
policyName = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.SetTempUser(context.Background(), accessKey, cred, policyName)
|
return sys.store.SetTempUser(ctx, accessKey, cred, policyName)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListBucketUsers - list all users who can access this 'bucket'
|
// ListBucketUsers - list all users who can access this 'bucket'
|
||||||
|
@ -548,7 +548,7 @@ func (sys *IAMSys) IsServiceAccount(name string) (bool, string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetUserInfo - get info on a user.
|
// GetUserInfo - get info on a user.
|
||||||
func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
|
func (sys *IAMSys) GetUserInfo(ctx context.Context, name string) (u madmin.UserInfo, err error) {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return u, errServerNotInitialized
|
return u, errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -556,14 +556,14 @@ func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
|
||||||
select {
|
select {
|
||||||
case <-sys.configLoaded:
|
case <-sys.configLoaded:
|
||||||
default:
|
default:
|
||||||
sys.store.LoadUser(context.Background(), name)
|
sys.store.LoadUser(ctx, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.GetUserInfo(name)
|
return sys.store.GetUserInfo(name)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetUserStatus - sets current user status, supports disabled or enabled.
|
// SetUserStatus - sets current user status, supports disabled or enabled.
|
||||||
func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus) error {
|
func (sys *IAMSys) SetUserStatus(ctx context.Context, accessKey string, status madmin.AccountStatus) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -572,7 +572,7 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
|
||||||
return errIAMActionNotAllowed
|
return errIAMActionNotAllowed
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.SetUserStatus(context.Background(), accessKey, status)
|
return sys.store.SetUserStatus(ctx, accessKey, status)
|
||||||
}
|
}
|
||||||
|
|
||||||
type newServiceAccountOpts struct {
|
type newServiceAccountOpts struct {
|
||||||
|
@ -756,7 +756,7 @@ func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) e
|
||||||
|
|
||||||
// CreateUser - create new user credentials and policy, if user already exists
|
// CreateUser - create new user credentials and policy, if user already exists
|
||||||
// they shall be rewritten with new inputs.
|
// they shall be rewritten with new inputs.
|
||||||
func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
|
func (sys *IAMSys) CreateUser(ctx context.Context, accessKey string, uinfo madmin.UserInfo) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -773,11 +773,11 @@ func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
|
||||||
return auth.ErrInvalidSecretKeyLength
|
return auth.ErrInvalidSecretKeyLength
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.AddUser(context.Background(), accessKey, uinfo)
|
return sys.store.AddUser(ctx, accessKey, uinfo)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetUserSecretKey - sets user secret key
|
// SetUserSecretKey - sets user secret key
|
||||||
func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
|
func (sys *IAMSys) SetUserSecretKey(ctx context.Context, accessKey string, secretKey string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -794,7 +794,7 @@ func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
|
||||||
return auth.ErrInvalidSecretKeyLength
|
return auth.ErrInvalidSecretKeyLength
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.UpdateUserSecretKey(context.Background(), accessKey, secretKey)
|
return sys.store.UpdateUserSecretKey(ctx, accessKey, secretKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
// purgeExpiredCredentialsForExternalSSO - validates if local credentials are still valid
|
// purgeExpiredCredentialsForExternalSSO - validates if local credentials are still valid
|
||||||
|
@ -919,7 +919,7 @@ func (sys *IAMSys) updateGroupMembershipsForLDAP(ctx context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetUser - get user credentials
|
// GetUser - get user credentials
|
||||||
func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
func (sys *IAMSys) GetUser(ctx context.Context, accessKey string) (cred auth.Credentials, ok bool) {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return cred, false
|
return cred, false
|
||||||
}
|
}
|
||||||
|
@ -928,7 +928,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||||
select {
|
select {
|
||||||
case <-sys.configLoaded:
|
case <-sys.configLoaded:
|
||||||
default:
|
default:
|
||||||
sys.store.LoadUser(context.Background(), accessKey)
|
sys.store.LoadUser(ctx, accessKey)
|
||||||
fallback = true
|
fallback = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -940,7 +940,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||||
// the IAM store and see if credential
|
// the IAM store and see if credential
|
||||||
// exists now. If it doesn't proceed to
|
// exists now. If it doesn't proceed to
|
||||||
// fail.
|
// fail.
|
||||||
sys.store.LoadUser(context.Background(), accessKey)
|
sys.store.LoadUser(ctx, accessKey)
|
||||||
cred, ok = sys.store.GetUser(accessKey)
|
cred, ok = sys.store.GetUser(accessKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -949,14 +949,14 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||||
policies, err := sys.store.PolicyDBGet(cred.AccessKey, false)
|
policies, err := sys.store.PolicyDBGet(cred.AccessKey, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// Reject if the policy map for user doesn't exist anymore.
|
// Reject if the policy map for user doesn't exist anymore.
|
||||||
logger.LogIf(context.Background(), fmt.Errorf("'%s' user does not have a policy present", cred.ParentUser))
|
logger.LogIf(ctx, fmt.Errorf("'%s' user does not have a policy present", cred.ParentUser))
|
||||||
return auth.Credentials{}, false
|
return auth.Credentials{}, false
|
||||||
}
|
}
|
||||||
for _, group := range cred.Groups {
|
for _, group := range cred.Groups {
|
||||||
ps, err := sys.store.PolicyDBGet(group, true)
|
ps, err := sys.store.PolicyDBGet(group, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// Reject if the policy map for group doesn't exist anymore.
|
// Reject if the policy map for group doesn't exist anymore.
|
||||||
logger.LogIf(context.Background(), fmt.Errorf("'%s' group does not have a policy present", group))
|
logger.LogIf(ctx, fmt.Errorf("'%s' group does not have a policy present", group))
|
||||||
return auth.Credentials{}, false
|
return auth.Credentials{}, false
|
||||||
}
|
}
|
||||||
policies = append(policies, ps...)
|
policies = append(policies, ps...)
|
||||||
|
@ -969,7 +969,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||||
|
|
||||||
// AddUsersToGroup - adds users to a group, creating the group if
|
// AddUsersToGroup - adds users to a group, creating the group if
|
||||||
// needed. No error if user(s) already are in the group.
|
// needed. No error if user(s) already are in the group.
|
||||||
func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
|
func (sys *IAMSys) AddUsersToGroup(ctx context.Context, group string, members []string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -978,12 +978,12 @@ func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
|
||||||
return errIAMActionNotAllowed
|
return errIAMActionNotAllowed
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.AddUsersToGroup(context.Background(), group, members)
|
return sys.store.AddUsersToGroup(ctx, group, members)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveUsersFromGroup - remove users from group. If no users are
|
// RemoveUsersFromGroup - remove users from group. If no users are
|
||||||
// given, and the group is empty, deletes the group as well.
|
// given, and the group is empty, deletes the group as well.
|
||||||
func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
|
func (sys *IAMSys) RemoveUsersFromGroup(ctx context.Context, group string, members []string) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -992,11 +992,11 @@ func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
|
||||||
return errIAMActionNotAllowed
|
return errIAMActionNotAllowed
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.RemoveUsersFromGroup(context.Background(), group, members)
|
return sys.store.RemoveUsersFromGroup(ctx, group, members)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetGroupStatus - enable/disabled a group
|
// SetGroupStatus - enable/disabled a group
|
||||||
func (sys *IAMSys) SetGroupStatus(group string, enabled bool) error {
|
func (sys *IAMSys) SetGroupStatus(ctx context.Context, group string, enabled bool) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -1005,7 +1005,7 @@ func (sys *IAMSys) SetGroupStatus(group string, enabled bool) error {
|
||||||
return errIAMActionNotAllowed
|
return errIAMActionNotAllowed
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.SetGroupStatus(context.Background(), group, enabled)
|
return sys.store.SetGroupStatus(ctx, group, enabled)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetGroupDescription - builds up group description
|
// GetGroupDescription - builds up group description
|
||||||
|
@ -1018,18 +1018,18 @@ func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err e
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListGroups - lists groups.
|
// ListGroups - lists groups.
|
||||||
func (sys *IAMSys) ListGroups() (r []string, err error) {
|
func (sys *IAMSys) ListGroups(ctx context.Context) (r []string, err error) {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return r, errServerNotInitialized
|
return r, errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
<-sys.configLoaded
|
<-sys.configLoaded
|
||||||
|
|
||||||
return sys.store.ListGroups(context.Background())
|
return sys.store.ListGroups(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
// PolicyDBSet - sets a policy for a user or group in the PolicyDB.
|
// PolicyDBSet - sets a policy for a user or group in the PolicyDB.
|
||||||
func (sys *IAMSys) PolicyDBSet(name, policy string, isGroup bool) error {
|
func (sys *IAMSys) PolicyDBSet(ctx context.Context, name, policy string, isGroup bool) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
@ -1040,7 +1040,7 @@ func (sys *IAMSys) PolicyDBSet(name, policy string, isGroup bool) error {
|
||||||
userType = stsUser
|
userType = stsUser
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.PolicyDBSet(context.Background(), name, policy, userType, isGroup)
|
return sys.store.PolicyDBSet(ctx, name, policy, userType, isGroup)
|
||||||
}
|
}
|
||||||
|
|
||||||
// PolicyDBGet - gets policy set on a user or group. If a list of groups is
|
// PolicyDBGet - gets policy set on a user or group. If a list of groups is
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
@ -62,7 +63,7 @@ func authenticateJWTUsersWithCredentials(credentials auth.Credentials, expiresAt
|
||||||
serverCred := globalActiveCred
|
serverCred := globalActiveCred
|
||||||
if serverCred.AccessKey != credentials.AccessKey {
|
if serverCred.AccessKey != credentials.AccessKey {
|
||||||
var ok bool
|
var ok bool
|
||||||
serverCred, ok = globalIAMSys.GetUser(credentials.AccessKey)
|
serverCred, ok = globalIAMSys.GetUser(context.TODO(), credentials.AccessKey)
|
||||||
if !ok {
|
if !ok {
|
||||||
return "", errInvalidAccessKeyID
|
return "", errInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
@ -114,7 +115,7 @@ func webRequestAuthenticate(req *http.Request) (*xjwt.MapClaims, bool, error) {
|
||||||
if claims.AccessKey == globalActiveCred.AccessKey {
|
if claims.AccessKey == globalActiveCred.AccessKey {
|
||||||
return []byte(globalActiveCred.SecretKey), nil
|
return []byte(globalActiveCred.SecretKey), nil
|
||||||
}
|
}
|
||||||
cred, ok := globalIAMSys.GetUser(claims.AccessKey)
|
cred, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, errInvalidAccessKeyID
|
return nil, errInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
@ -125,7 +126,7 @@ func webRequestAuthenticate(req *http.Request) (*xjwt.MapClaims, bool, error) {
|
||||||
owner := true
|
owner := true
|
||||||
if globalActiveCred.AccessKey != claims.AccessKey {
|
if globalActiveCred.AccessKey != claims.AccessKey {
|
||||||
// Check if the access key is part of users credentials.
|
// Check if the access key is part of users credentials.
|
||||||
ucred, ok := globalIAMSys.GetUser(claims.AccessKey)
|
ucred, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, false, errInvalidAccessKeyID
|
return nil, false, errInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,7 +77,7 @@ func (s *peerRESTServer) DeletePolicyHandler(w http.ResponseWriter, r *http.Requ
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.DeletePolicy(policyName); err != nil {
|
if err := globalIAMSys.DeletePolicy(r.Context(), policyName); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -103,7 +103,7 @@ func (s *peerRESTServer) LoadPolicyHandler(w http.ResponseWriter, r *http.Reques
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.LoadPolicy(objAPI, policyName); err != nil {
|
if err := globalIAMSys.LoadPolicy(r.Context(), objAPI, policyName); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -130,7 +130,7 @@ func (s *peerRESTServer) LoadPolicyMappingHandler(w http.ResponseWriter, r *http
|
||||||
}
|
}
|
||||||
|
|
||||||
_, isGroup := r.Form[peerRESTIsGroup]
|
_, isGroup := r.Form[peerRESTIsGroup]
|
||||||
if err := globalIAMSys.LoadPolicyMapping(objAPI, userOrGroup, isGroup); err != nil {
|
if err := globalIAMSys.LoadPolicyMapping(r.Context(), objAPI, userOrGroup, isGroup); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -182,7 +182,7 @@ func (s *peerRESTServer) LoadServiceAccountHandler(w http.ResponseWriter, r *htt
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.LoadServiceAccount(accessKey); err != nil {
|
if err := globalIAMSys.LoadServiceAccount(r.Context(), accessKey); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -208,7 +208,7 @@ func (s *peerRESTServer) DeleteUserHandler(w http.ResponseWriter, r *http.Reques
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.DeleteUser(accessKey); err != nil {
|
if err := globalIAMSys.DeleteUser(r.Context(), accessKey); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -245,7 +245,7 @@ func (s *peerRESTServer) LoadUserHandler(w http.ResponseWriter, r *http.Request)
|
||||||
userType = stsUser
|
userType = stsUser
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = globalIAMSys.LoadUser(objAPI, accessKey, userType); err != nil {
|
if err = globalIAMSys.LoadUser(r.Context(), objAPI, accessKey, userType); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -266,7 +266,7 @@ func (s *peerRESTServer) LoadGroupHandler(w http.ResponseWriter, r *http.Request
|
||||||
|
|
||||||
vars := mux.Vars(r)
|
vars := mux.Vars(r)
|
||||||
group := vars[peerRESTGroup]
|
group := vars[peerRESTGroup]
|
||||||
err := globalIAMSys.LoadGroup(objAPI, group)
|
err := globalIAMSys.LoadGroup(r.Context(), objAPI, group)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -152,7 +152,7 @@ func checkKeyValid(r *http.Request, accessKey string) (auth.Credentials, bool, A
|
||||||
cred := globalActiveCred
|
cred := globalActiveCred
|
||||||
if cred.AccessKey != accessKey {
|
if cred.AccessKey != accessKey {
|
||||||
// Check if the access key is part of users credentials.
|
// Check if the access key is part of users credentials.
|
||||||
ucred, ok := globalIAMSys.GetUser(accessKey)
|
ucred, ok := globalIAMSys.GetUser(r.Context(), accessKey)
|
||||||
if !ok {
|
if !ok {
|
||||||
return cred, false, ErrInvalidAccessKeyID
|
return cred, false, ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,7 +76,7 @@ func TestCheckValid(t *testing.T) {
|
||||||
t.Fatalf("unable create credential, %s", err)
|
t.Fatalf("unable create credential, %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
globalIAMSys.CreateUser(ucreds.AccessKey, madmin.UserInfo{
|
globalIAMSys.CreateUser(ctx, ucreds.AccessKey, madmin.UserInfo{
|
||||||
SecretKey: ucreds.SecretKey,
|
SecretKey: ucreds.SecretKey,
|
||||||
Status: madmin.AccountEnabled,
|
Status: madmin.AccountEnabled,
|
||||||
})
|
})
|
||||||
|
|
|
@ -947,9 +947,9 @@ func (c *SiteReplicationSys) IAMChangeHook(ctx context.Context, item madmin.SRIA
|
||||||
func (c *SiteReplicationSys) PeerAddPolicyHandler(ctx context.Context, policyName string, p *iampolicy.Policy) error {
|
func (c *SiteReplicationSys) PeerAddPolicyHandler(ctx context.Context, policyName string, p *iampolicy.Policy) error {
|
||||||
var err error
|
var err error
|
||||||
if p == nil {
|
if p == nil {
|
||||||
err = globalIAMSys.DeletePolicy(policyName)
|
err = globalIAMSys.DeletePolicy(ctx, policyName)
|
||||||
} else {
|
} else {
|
||||||
err = globalIAMSys.SetPolicy(policyName, *p)
|
err = globalIAMSys.SetPolicy(ctx, policyName, *p)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return wrapSRErr(err)
|
return wrapSRErr(err)
|
||||||
|
@ -1061,7 +1061,7 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
|
||||||
|
|
||||||
// PeerPolicyMappingHandler - copies policy mapping to local.
|
// PeerPolicyMappingHandler - copies policy mapping to local.
|
||||||
func (c *SiteReplicationSys) PeerPolicyMappingHandler(ctx context.Context, mapping madmin.SRPolicyMapping) error {
|
func (c *SiteReplicationSys) PeerPolicyMappingHandler(ctx context.Context, mapping madmin.SRPolicyMapping) error {
|
||||||
err := globalIAMSys.PolicyDBSet(mapping.UserOrGroup, mapping.Policy, mapping.IsGroup)
|
err := globalIAMSys.PolicyDBSet(ctx, mapping.UserOrGroup, mapping.Policy, mapping.IsGroup)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return wrapSRErr(err)
|
return wrapSRErr(err)
|
||||||
}
|
}
|
||||||
|
@ -1116,7 +1116,7 @@ func (c *SiteReplicationSys) PeerSTSAccHandler(ctx context.Context, stsCred madm
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set these credentials to IAM.
|
// Set these credentials to IAM.
|
||||||
if err := globalIAMSys.SetTempUser(cred.AccessKey, cred, ""); err != nil {
|
if err := globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, ""); err != nil {
|
||||||
return fmt.Errorf("unable to save STS credential: %v", err)
|
return fmt.Errorf("unable to save STS credential: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1404,7 +1404,7 @@ func (c *SiteReplicationSys) syncLocalToPeers(ctx context.Context) SRError {
|
||||||
|
|
||||||
{
|
{
|
||||||
// Replicate IAM policies on local to all peers.
|
// Replicate IAM policies on local to all peers.
|
||||||
allPolicies, err := globalIAMSys.ListPolicies("")
|
allPolicies, err := globalIAMSys.ListPolicies(ctx, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errSRBackendIssue(err)
|
return errSRBackendIssue(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -273,7 +273,7 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
|
||||||
cred.ParentUser = user.AccessKey
|
cred.ParentUser = user.AccessKey
|
||||||
|
|
||||||
// Set the newly generated credentials.
|
// Set the newly generated credentials.
|
||||||
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, policyName); err != nil {
|
if err = globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, policyName); err != nil {
|
||||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -479,7 +479,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
|
||||||
cred.ParentUser = "openid:" + subFromToken + ":" + issFromToken
|
cred.ParentUser = "openid:" + subFromToken + ":" + issFromToken
|
||||||
|
|
||||||
// Set the newly generated credentials.
|
// Set the newly generated credentials.
|
||||||
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, policyName); err != nil {
|
if err = globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, policyName); err != nil {
|
||||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -645,7 +645,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
|
||||||
// Set the newly generated credentials, policyName is empty on purpose
|
// Set the newly generated credentials, policyName is empty on purpose
|
||||||
// LDAP policies are applied automatically using their ldapUser, ldapGroups
|
// LDAP policies are applied automatically using their ldapUser, ldapGroups
|
||||||
// mapping.
|
// mapping.
|
||||||
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, ""); err != nil {
|
if err = globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, ""); err != nil {
|
||||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -813,7 +813,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCertificate(w http.ResponseWriter, r *h
|
||||||
}
|
}
|
||||||
|
|
||||||
tmpCredentials.ParentUser = parentUser
|
tmpCredentials.ParentUser = parentUser
|
||||||
err = globalIAMSys.SetTempUser(tmpCredentials.AccessKey, tmpCredentials, certificate.Subject.CommonName)
|
err = globalIAMSys.SetTempUser(ctx, tmpCredentials.AccessKey, tmpCredentials, certificate.Subject.CommonName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in New Issue