MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2024-12-26 15:15:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: reject service account access key same as root credentials (#19055)

Browse Source
This commit is contained in:
Harshavardhana 2024-02-14 10:37:12 -08:00 committed by GitHub
parent 6fd0b434e2
commit 134db72bb7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/admin-handlers-users.go
View File

@ -621,6 +621,11 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
return return
} }
if createReq.AccessKey == globalActiveCred.AccessKey {
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
return
}
var ( var (
targetGroups []string targetGroups []string
err error err error

2
cmd/api-errors.go
View File

@ -2021,7 +2021,7 @@ var errorCodes = errorCodeMap{
}, },
ErrAddUserInvalidArgument: { ErrAddUserInvalidArgument: {
Code: "XMinioInvalidIAMCredentials", Code: "XMinioInvalidIAMCredentials",
Description: "User is not allowed to be same as admin access key", Description: "Credential is not allowed to be same as admin access key",
HTTPStatusCode: http.StatusForbidden, HTTPStatusCode: http.StatusForbidden,
}, },
ErrAdminResourceInvalidArgument: { ErrAdminResourceInvalidArgument: {