Revert "Move all IAM storage functionality into iam store type (#13541)"

This reverts commit caadcc3ed8.
2025-01-11 15:03:22 -05:00 · 2021-11-02 13:51:42 -07:00 · 2021-11-02 13:51:42 -07:00 · 091a7ae359
commit 091a7ae359
parent 70160aeab3
10 changed files with 1652 additions and 1977 deletions
--- a/cmd/admin-handler-utils.go
+++ b/cmd/admin-handler-utils.go
@ -103,12 +103,6 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {
 				Description:    err.Error(),
 				HTTPStatusCode: http.StatusServiceUnavailable,
 			}
 		case errors.Is(err, errPolicyInUse):
 			apiErr = APIError{
 				Code:           "XMinioAdminPolicyInUse",
 				Description:    "The policy cannot be removed, as it is in use",
 				HTTPStatusCode: http.StatusBadRequest,
 			}
 		case errors.Is(err, kes.ErrKeyExists):
 			apiErr = APIError{
 				Code:           "XMinioKMSKeyExists",
--- a/cmd/admin-handlers-users_test.go
+++ b/cmd/admin-handlers-users_test.go
@ -258,20 +258,10 @@ func (s *TestSuiteIAM) TestPolicyCreate(c *check) {
 		c.Fatalf("policy was missing!")
 	}
-	// 5. Check that policy cannot be deleted when attached to a user.
+	// 5. Check that policy can be deleted.
 	err = s.adm.RemoveCannedPolicy(ctx, policy)
 	if err == nil {
 		c.Fatalf("policy could be unexpectedly deleted!")
 	}
 	// 6. Delete the user and then delete the policy.
 	err = s.adm.RemoveUser(ctx, accessKey)
 	if err != nil {
 		c.Fatalf("user could not be deleted: %v", err)
 	}
 	err = s.adm.RemoveCannedPolicy(ctx, policy)
 	if err != nil {
-		c.Fatalf("policy del err: %v", err)
+		c.Fatalf("policy delete err: %v", err)
 	}
 }
@ -637,8 +627,7 @@ func (c *check) mustListObjects(ctx context.Context, client *minio.Client, bucke
 	res := client.ListObjects(ctx, bucket, minio.ListObjectsOptions{})
 	v, ok := <-res
 	if ok && v.Err != nil {
-		msg := fmt.Sprintf("user was unable to list: %v", v.Err)
+		c.Fatalf("user was unable to list unexpectedly!")
 		c.Fatalf(msg)
 	}
 }
--- a/cmd/iam-dummy-store.go
+++ b/cmd/iam-dummy-store.go
@ -27,37 +27,22 @@ import (
 type iamDummyStore struct {
 	sync.RWMutex
 	*iamCache
 	usersSysType UsersSysType
 }
-func newIAMDummyStore(usersSysType UsersSysType) *iamDummyStore {
+func (ids *iamDummyStore) lock() {
 	return &iamDummyStore{
 		iamCache:     newIamCache(),
 		usersSysType: usersSysType,
 	}
 }
 func (ids *iamDummyStore) rlock() *iamCache {
 	ids.RLock()
 	return ids.iamCache
 }
 func (ids *iamDummyStore) runlock() {
 	ids.RUnlock()
 }
 func (ids *iamDummyStore) lock() *iamCache {
 	ids.Lock()
 	return ids.iamCache
 }
 func (ids *iamDummyStore) unlock() {
 	ids.Unlock()
 }
-func (ids *iamDummyStore) getUsersSysType() UsersSysType {
+func (ids *iamDummyStore) rlock() {
-	return ids.usersSysType
+	ids.RLock()
 }
 func (ids *iamDummyStore) runlock() {
 	ids.RUnlock()
 }
 func (ids *iamDummyStore) migrateBackendFormat(context.Context) error {
--- a/cmd/iam-etcd-store.go
+++ b/cmd/iam-etcd-store.go
@ -62,37 +62,27 @@ func extractPathPrefixAndSuffix(s string, prefix string, suffix string) string {
 type IAMEtcdStore struct {
 	sync.RWMutex
 	*iamCache
 	usersSysType UsersSysType
 	client *etcd.Client
 }
-func newIAMEtcdStore(client *etcd.Client, usersSysType UsersSysType) *IAMEtcdStore {
+func newIAMEtcdStore(client *etcd.Client) *IAMEtcdStore {
-	return &IAMEtcdStore{client: client, usersSysType: usersSysType}
+	return &IAMEtcdStore{client: client}
 }
-func (ies *IAMEtcdStore) rlock() *iamCache {
+func (ies *IAMEtcdStore) lock() {
 	ies.RLock()
 	return ies.iamCache
 }
 func (ies *IAMEtcdStore) runlock() {
 	ies.RUnlock()
 }
 func (ies *IAMEtcdStore) lock() *iamCache {
 	ies.Lock()
 	return ies.iamCache
 }
 func (ies *IAMEtcdStore) unlock() {
 	ies.Unlock()
 }
-func (ies *IAMEtcdStore) getUsersSysType() UsersSysType {
+func (ies *IAMEtcdStore) rlock() {
-	return ies.usersSysType
+	ies.RLock()
 }
 func (ies *IAMEtcdStore) runlock() {
 	ies.RUnlock()
 }
 func (ies *IAMEtcdStore) saveIAMConfig(ctx context.Context, item interface{}, itemPath string, opts ...options) error {
@ -254,8 +244,6 @@ func (ies *IAMEtcdStore) migrateToV1(ctx context.Context) error {
 // Should be called under config migration lock
 func (ies *IAMEtcdStore) migrateBackendFormat(ctx context.Context) error {
 	ies.Lock()
 	defer ies.Unlock()
 	return ies.migrateToV1(ctx)
 }
@ -272,7 +260,7 @@ func (ies *IAMEtcdStore) loadPolicyDoc(ctx context.Context, policy string, m map
 	return nil
 }
-func (ies *IAMEtcdStore) getPolicyDocKV(ctx context.Context, kvs *mvccpb.KeyValue, m map[string]iampolicy.Policy) error {
+func (ies *IAMEtcdStore) getPolicyDoc(ctx context.Context, kvs *mvccpb.KeyValue, m map[string]iampolicy.Policy) error {
 	var p iampolicy.Policy
 	err := getIAMConfig(&p, kvs.Value, string(kvs.Key))
 	if err != nil {
@ -298,14 +286,14 @@ func (ies *IAMEtcdStore) loadPolicyDocs(ctx context.Context, m map[string]iampol
 	// Parse all values to construct the policies data model.
 	for _, kvs := range r.Kvs {
-		if err = ies.getPolicyDocKV(ctx, kvs, m); err != nil && err != errNoSuchPolicy {
+		if err = ies.getPolicyDoc(ctx, kvs, m); err != nil && err != errNoSuchPolicy {
 			return err
 		}
 	}
 	return nil
 }
-func (ies *IAMEtcdStore) getUserKV(ctx context.Context, userkv *mvccpb.KeyValue, userType IAMUserType, m map[string]auth.Credentials, basePrefix string) error {
+func (ies *IAMEtcdStore) getUser(ctx context.Context, userkv *mvccpb.KeyValue, userType IAMUserType, m map[string]auth.Credentials, basePrefix string) error {
 	var u UserIdentity
 	err := getIAMConfig(&u, userkv.Value, string(userkv.Key))
 	if err != nil {
@ -367,7 +355,7 @@ func (ies *IAMEtcdStore) loadUsers(ctx context.Context, userType IAMUserType, m
 	// Parse all users values to create the proper data model
 	for _, userKv := range r.Kvs {
-		if err = ies.getUserKV(ctx, userKv, userType, m, basePrefix); err != nil && err != errNoSuchUser {
+		if err = ies.getUser(ctx, userKv, userType, m, basePrefix); err != nil && err != errNoSuchUser {
 			return err
 		}
 	}
--- a/cmd/iam-object-store.go
+++ b/cmd/iam-object-store.go
@ -34,44 +34,30 @@ import (
 // IAMObjectStore implements IAMStorageAPI
 type IAMObjectStore struct {
-	// Protect access to storage within the current server.
+	// Protect assignment to objAPI
 	sync.RWMutex
 	*iamCache
 	usersSysType UsersSysType
 	objAPI ObjectLayer
 }
-func newIAMObjectStore(objAPI ObjectLayer, usersSysType UsersSysType) *IAMObjectStore {
+func newIAMObjectStore(objAPI ObjectLayer) *IAMObjectStore {
-	return &IAMObjectStore{
+	return &IAMObjectStore{objAPI: objAPI}
 		iamCache:     newIamCache(),
 		objAPI:       objAPI,
 		usersSysType: usersSysType,
 	}
 }
-func (iamOS *IAMObjectStore) rlock() *iamCache {
+func (iamOS *IAMObjectStore) lock() {
 	iamOS.RLock()
 	return iamOS.iamCache
 }
 func (iamOS *IAMObjectStore) runlock() {
 	iamOS.RUnlock()
 }
 func (iamOS *IAMObjectStore) lock() *iamCache {
 	iamOS.Lock()
 	return iamOS.iamCache
 }
 func (iamOS *IAMObjectStore) unlock() {
 	iamOS.Unlock()
 }
-func (iamOS *IAMObjectStore) getUsersSysType() UsersSysType {
+func (iamOS *IAMObjectStore) rlock() {
-	return iamOS.usersSysType
+	iamOS.RLock()
 }
 func (iamOS *IAMObjectStore) runlock() {
 	iamOS.RUnlock()
 }
 // Migrate users directory in a single scan.
@ -196,8 +182,6 @@ func (iamOS *IAMObjectStore) migrateToV1(ctx context.Context) error {
 // Should be called under config migration lock
 func (iamOS *IAMObjectStore) migrateBackendFormat(ctx context.Context) error {
 	iamOS.Lock()
 	defer iamOS.Unlock()
 	return iamOS.migrateToV1(ctx)
 }
--- a/cmd/iam-store.go
+++ b/cmd/iam-store.go
--- a/cmd/iam.go
+++ b/cmd/iam.go
--- a/cmd/site-replication.go
+++ b/cmd/site-replication.go
@ -1270,7 +1270,9 @@ func (c *SiteReplicationSys) getAdminClient(ctx context.Context, deploymentID st
 }
 func (c *SiteReplicationSys) getPeerCreds() (*auth.Credentials, error) {
-	creds, ok := globalIAMSys.store.GetUser(c.state.ServiceAccountAccessKey)
+	globalIAMSys.store.rlock()
 	defer globalIAMSys.store.runlock()
 	creds, ok := globalIAMSys.iamUsersMap[c.state.ServiceAccountAccessKey]
 	if !ok {
 		return nil, errors.New("site replication service account not found!")
 	}
--- a/cmd/sts-handlers_test.go
+++ b/cmd/sts-handlers_test.go
@ -95,10 +95,6 @@ func (s *TestSuiteIAM) TestSTS(c *check) {
 		c.Fatalf("Unable to set policy: %v", err)
 	}
 	// confirm that the user is able to access the bucket
 	uClient := s.getUserClient(c, accessKey, secretKey, "")
 	c.mustListObjects(ctx, uClient, bucket)
 	assumeRole := cr.STSAssumeRole{
 		Client:      s.TestSuiteCommon.client,
 		STSEndpoint: s.endPoint,
--- a/cmd/typed-errors.go
+++ b/cmd/typed-errors.go
@ -81,9 +81,6 @@ var errGroupNotEmpty = errors.New("Specified group is not empty - cannot remove
 // error returned in IAM subsystem when policy doesn't exist.
 var errNoSuchPolicy = errors.New("Specified canned policy does not exist")
 // error returned when policy to be deleted is in use.
 var errPolicyInUse = errors.New("Specified policy is in use and cannot be deleted.")
 // error returned in IAM subsystem when an external users systems is configured.
 var errIAMActionNotAllowed = errors.New("Specified IAM action is not allowed")