repl: Fix removal of replicator svc when keycloak is configured (#120)

When Keycloak vendor is set, the code will start to clean up service
accounts that parents do not exist anymore. However, the code will also
look for the parent user of site-replicator-0, MINIO_ROOT_USER, which
obviously does not exist in Keycloak. Therefore, the site-replicator-0
will be removed automatically.

This commit will avoid cleaning up service accounts generated from
the root user.
This commit is contained in:
Anis Eleuch 2024-10-14 16:54:46 +01:00 committed by Harshavardhana
parent a14e19ec54
commit 3da7c9cce3

View File

@ -2009,7 +2009,8 @@ type ParentUserInfo struct {
// GetAllParentUsers - returns all distinct "parent-users" associated with STS
// or service credentials, mapped to all distinct roleARNs associated with the
// parent user. The dummy role ARN is associated with parent users from
// policy-claim based OpenID providers.
// policy-claim based OpenID providers. The root credential as a parent
// user is not included in the result.
func (store *IAMStoreSys) GetAllParentUsers() map[string]ParentUserInfo {
cache := store.rlock()
defer store.runlock()
@ -2048,7 +2049,7 @@ func (store *IAMStoreSys) getParentUsers(cache *iamCache) map[string]ParentUserI
if err != nil {
continue
}
if cred.ParentUser == "" {
if cred.ParentUser == "" || cred.ParentUser == globalActiveCred.AccessKey {
continue
}