MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 23:13:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

Better error when setting up replication with a service account alias (#16472)

Browse Source
This commit is contained in:
Anis Elleuch 2023-01-25 17:20:12 +01:00 committed by GitHub
parent 441babdc41
commit 0a0416b6ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/admin-handler-utils.go
View File

@ -154,15 +154,9 @@ func toAdminAPIErr(ctx context.Context, err error) APIError {
Description: err.Error(), Description: err.Error(),
HTTPStatusCode: http.StatusForbidden, HTTPStatusCode: http.StatusForbidden,
} }
case errors.Is(err, errIAMServiceAccount): case errors.Is(err, errIAMServiceAccountNotAllowed):
apiErr = APIError{ apiErr = APIError{
Code: "XMinioIAMServiceAccount", Code: "XMinioIAMServiceAccountNotAllowed",
Description: err.Error(),
HTTPStatusCode: http.StatusBadRequest,
}
case errors.Is(err, errIAMServiceAccountUsed):
apiErr = APIError{
Code: "XMinioIAMServiceAccountUsed",
Description: err.Error(), Description: err.Error(),
HTTPStatusCode: http.StatusBadRequest, HTTPStatusCode: http.StatusBadRequest,
} }

6
cmd/iam-store.go
View File

@ -2093,14 +2093,14 @@ func (store *IAMStoreSys) AddServiceAccount(ctx context.Context, cred auth.Crede
if su, found := cache.iamUsersMap[accessKey]; found { if su, found := cache.iamUsersMap[accessKey]; found {
scred := su.Credentials scred := su.Credentials
if scred.ParentUser != parentUser { if scred.ParentUser != parentUser {
return updatedAt, errIAMServiceAccountUsed return updatedAt, fmt.Errorf("%w: the service account access key is taken by another user", errIAMServiceAccountNotAllowed)
} }
return updatedAt, errIAMServiceAccount return updatedAt, fmt.Errorf("%w: the service account access key already taken", errIAMServiceAccountNotAllowed)
} }
// Parent user must not be a service account. // Parent user must not be a service account.
if u, found := cache.iamUsersMap[parentUser]; found && u.Credentials.IsServiceAccount() { if u, found := cache.iamUsersMap[parentUser]; found && u.Credentials.IsServiceAccount() {
return updatedAt, errIAMServiceAccount return updatedAt, fmt.Errorf("%w: unable to create a service account for another service account", errIAMServiceAccountNotAllowed)
} }
u := newUserIdentity(cred) u := newUserIdentity(cred)

5
cmd/typed-errors.go
View File

@ -102,10 +102,7 @@ var errTooManyPolicies = errors.New("Only a single policy may be specified here.
var errIAMActionNotAllowed = errors.New("Specified IAM action is not allowed") var errIAMActionNotAllowed = errors.New("Specified IAM action is not allowed")
// error returned in IAM service account // error returned in IAM service account
var errIAMServiceAccount = errors.New("Specified service account cannot be updated in this API call") var errIAMServiceAccountNotAllowed = errors.New("Specified service account action is not allowed")
// error returned in IAM service account is already used.
var errIAMServiceAccountUsed = errors.New("Specified service account is used by another user")
// error returned in IAM subsystem when IAM sub-system is still being initialized. // error returned in IAM subsystem when IAM sub-system is still being initialized.
var errIAMNotInitialized = errors.New("IAM sub-system is being initialized, please try again") var errIAMNotInitialized = errors.New("IAM sub-system is being initialized, please try again")