FIx unexpected behavior when creating service account (#19036)

This commit is contained in:
Taran Pelkey 2024-02-13 10:31:43 +00:00 committed by GitHub
parent 6b63123ca9
commit 4d94609c44
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 35 additions and 7 deletions

View File

@ -433,6 +433,9 @@ const (
// New Codes for GetObjectAttributes and GetObjectVersionAttributes // New Codes for GetObjectAttributes and GetObjectVersionAttributes
ErrInvalidAttributeName ErrInvalidAttributeName
ErrAdminNoAccessKey
ErrAdminNoSecretKey
apiErrCodeEnd // This is used only for the testing code apiErrCodeEnd // This is used only for the testing code
) )
@ -1359,6 +1362,16 @@ var errorCodes = errorCodeMap{
Description: "The secret key is invalid.", Description: "The secret key is invalid.",
HTTPStatusCode: http.StatusBadRequest, HTTPStatusCode: http.StatusBadRequest,
}, },
ErrAdminNoAccessKey: {
Code: "XMinioAdminNoAccessKey",
Description: "No access key was provided.",
HTTPStatusCode: http.StatusBadRequest,
},
ErrAdminNoSecretKey: {
Code: "XMinioAdminNoSecretKey",
Description: "No secret key was provided.",
HTTPStatusCode: http.StatusBadRequest,
},
ErrAdminConfigNoQuorum: { ErrAdminConfigNoQuorum: {
Code: "XMinioAdminConfigNoQuorum", Code: "XMinioAdminConfigNoQuorum",
Description: "Configuration update failed because server quorum was not met", Description: "Configuration update failed because server quorum was not met",
@ -2124,6 +2137,10 @@ func toAPIErrorCode(ctx context.Context, err error) (apiErr APIErrorCode) {
apiErr = ErrAdminInvalidAccessKey apiErr = ErrAdminInvalidAccessKey
case auth.ErrInvalidSecretKeyLength: case auth.ErrInvalidSecretKeyLength:
apiErr = ErrAdminInvalidSecretKey apiErr = ErrAdminInvalidSecretKey
case auth.ErrNoAccessKeyWithSecretKey:
apiErr = ErrAdminNoAccessKey
case auth.ErrNoSecretKeyWithAccessKey:
apiErr = ErrAdminNoSecretKey
case errInvalidStorageClass: case errInvalidStorageClass:
apiErr = ErrInvalidStorageClass apiErr = ErrInvalidStorageClass
case errErasureReadQuorum: case errErasureReadQuorum:

File diff suppressed because one or more lines are too long

View File

@ -940,6 +940,13 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
return auth.Credentials{}, time.Time{}, errInvalidArgument return auth.Credentials{}, time.Time{}, errInvalidArgument
} }
if len(opts.accessKey) > 0 && len(opts.secretKey) == 0 {
return auth.Credentials{}, time.Time{}, auth.ErrNoSecretKeyWithAccessKey
}
if len(opts.secretKey) > 0 && len(opts.accessKey) == 0 {
return auth.Credentials{}, time.Time{}, auth.ErrNoAccessKeyWithSecretKey
}
var policyBuf []byte var policyBuf []byte
if opts.sessionPolicy != nil { if opts.sessionPolicy != nil {
err := opts.sessionPolicy.Validate() err := opts.sessionPolicy.Validate()
@ -983,7 +990,7 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
var accessKey, secretKey string var accessKey, secretKey string
var err error var err error
if len(opts.accessKey) > 0 { if len(opts.accessKey) > 0 || len(opts.secretKey) > 0 {
accessKey, secretKey = opts.accessKey, opts.secretKey accessKey, secretKey = opts.accessKey, opts.secretKey
} else { } else {
accessKey, secretKey, err = auth.GenerateCredentials() accessKey, secretKey, err = auth.GenerateCredentials()

View File

@ -57,8 +57,10 @@ const (
// Common errors generated for access and secret key validation. // Common errors generated for access and secret key validation.
var ( var (
ErrInvalidAccessKeyLength = fmt.Errorf("access key length should be between %d and %d", accessKeyMinLen, accessKeyMaxLen) ErrInvalidAccessKeyLength = fmt.Errorf("access key length should be between %d and %d", accessKeyMinLen, accessKeyMaxLen)
ErrInvalidSecretKeyLength = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen) ErrInvalidSecretKeyLength = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen)
ErrNoAccessKeyWithSecretKey = fmt.Errorf("access key must be specified if secret key is specified")
ErrNoSecretKeyWithAccessKey = fmt.Errorf("secret key must be specified if access key is specified")
) )
// AnonymousCredentials simply points to empty credentials // AnonymousCredentials simply points to empty credentials