MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 13:39:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: add service account support for AssumeRole/LDAPIdentity creds (#9451)

Browse Source 
allow generating service accounts for temporary credentials
which have a designated parent, currently OpenID is not yet
supported.

added checks to ensure that service account cannot generate
further service accounts for itself, service accounts can
never be a parent to any credential.
This commit is contained in:
Harshavardhana
2020-04-28 12:49:56 -07:00
committed by GitHub
parent a3b266761e
commit 1b122526aa
4 changed files with 65 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/auth/credentials.go
View File

@@ -120,7 +120,7 @@ func (cred Credentials) IsExpired() bool {
// IsTemp - returns whether credential is temporary or not.
func (cred Credentials) IsTemp() bool {
return cred.SessionToken != "" && cred.ParentUser == "" && !cred.Expiration.IsZero() && !cred.Expiration.Equal(timeSentinel)
return cred.SessionToken != "" && !cred.Expiration.IsZero() && !cred.Expiration.Equal(timeSentinel)
}
// IsServiceAccount - returns whether credential is a service account or not