MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Support adding service accounts with expiration (#16430)

Browse Source 
Co-authored-by: Harshavardhana <harsha@minio.io>
This commit is contained in:
Praveen raj Mani
2023-02-27 23:40:22 +05:30
committed by GitHub
parent 4d7c8e3bb8
commit 4d708cebe9
10 changed files with 134 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/auth/credentials.go
View File

@@ -88,6 +88,9 @@ var (
}
)
// claim key found in credentials which are service accounts
const iamPolicyClaimNameSA = "sa-policy"
const (
// AccountOn indicates that credentials are enabled
AccountOn = "on"
@@ -140,7 +143,8 @@ func (cred Credentials) IsTemp() bool {
// IsServiceAccount - returns whether credential is a service account or not
func (cred Credentials) IsServiceAccount() bool {
return cred.ParentUser != "" && (cred.Expiration.IsZero() || cred.Expiration.Equal(timeSentinel))
_, ok := cred.Claims[iamPolicyClaimNameSA]
return cred.ParentUser != "" && ok
}
// IsValid - returns whether credential is valid or not.