mirror of https://github.com/minio/minio.git
repl: Fix removal of replicator svc when keycloak is configured (#120)
When Keycloak vendor is set, the code will start to clean up service accounts that parents do not exist anymore. However, the code will also look for the parent user of site-replicator-0, MINIO_ROOT_USER, which obviously does not exist in Keycloak. Therefore, the site-replicator-0 will be removed automatically. This commit will avoid cleaning up service accounts generated from the root user.
This commit is contained in:
Anis Eleuch
Harshavardhana
parent
a14e19ec54
commit
3da7c9cce3
|
|
@ -2009,7 +2009,8 @@ type ParentUserInfo struct {
|
||||||
// GetAllParentUsers - returns all distinct "parent-users" associated with STS
|
// GetAllParentUsers - returns all distinct "parent-users" associated with STS
|
||||||
// or service credentials, mapped to all distinct roleARNs associated with the
|
// or service credentials, mapped to all distinct roleARNs associated with the
|
||||||
// parent user. The dummy role ARN is associated with parent users from
|
// parent user. The dummy role ARN is associated with parent users from
|
||||||
// policy-claim based OpenID providers.
|
// policy-claim based OpenID providers. The root credential as a parent
|
||||||
|
// user is not included in the result.
|
||||||
func (store *IAMStoreSys) GetAllParentUsers() map[string]ParentUserInfo {
|
func (store *IAMStoreSys) GetAllParentUsers() map[string]ParentUserInfo {
|
||||||
cache := store.rlock()
|
cache := store.rlock()
|
||||||
defer store.runlock()
|
defer store.runlock()
|
||||||
|
|
@ -2048,7 +2049,7 @@ func (store *IAMStoreSys) getParentUsers(cache *iamCache) map[string]ParentUserI
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if cred.ParentUser == "" {
|
if cred.ParentUser == "" || cred.ParentUser == globalActiveCred.AccessKey {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue