mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
FIx unexpected behavior when creating service account (#19036)
This commit is contained in:
parent
6b63123ca9
commit
4d94609c44
@ -433,6 +433,9 @@ const (
|
|||||||
// New Codes for GetObjectAttributes and GetObjectVersionAttributes
|
// New Codes for GetObjectAttributes and GetObjectVersionAttributes
|
||||||
ErrInvalidAttributeName
|
ErrInvalidAttributeName
|
||||||
|
|
||||||
|
ErrAdminNoAccessKey
|
||||||
|
ErrAdminNoSecretKey
|
||||||
|
|
||||||
apiErrCodeEnd // This is used only for the testing code
|
apiErrCodeEnd // This is used only for the testing code
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -1359,6 +1362,16 @@ var errorCodes = errorCodeMap{
|
|||||||
Description: "The secret key is invalid.",
|
Description: "The secret key is invalid.",
|
||||||
HTTPStatusCode: http.StatusBadRequest,
|
HTTPStatusCode: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
|
ErrAdminNoAccessKey: {
|
||||||
|
Code: "XMinioAdminNoAccessKey",
|
||||||
|
Description: "No access key was provided.",
|
||||||
|
HTTPStatusCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
ErrAdminNoSecretKey: {
|
||||||
|
Code: "XMinioAdminNoSecretKey",
|
||||||
|
Description: "No secret key was provided.",
|
||||||
|
HTTPStatusCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
ErrAdminConfigNoQuorum: {
|
ErrAdminConfigNoQuorum: {
|
||||||
Code: "XMinioAdminConfigNoQuorum",
|
Code: "XMinioAdminConfigNoQuorum",
|
||||||
Description: "Configuration update failed because server quorum was not met",
|
Description: "Configuration update failed because server quorum was not met",
|
||||||
@ -2124,6 +2137,10 @@ func toAPIErrorCode(ctx context.Context, err error) (apiErr APIErrorCode) {
|
|||||||
apiErr = ErrAdminInvalidAccessKey
|
apiErr = ErrAdminInvalidAccessKey
|
||||||
case auth.ErrInvalidSecretKeyLength:
|
case auth.ErrInvalidSecretKeyLength:
|
||||||
apiErr = ErrAdminInvalidSecretKey
|
apiErr = ErrAdminInvalidSecretKey
|
||||||
|
case auth.ErrNoAccessKeyWithSecretKey:
|
||||||
|
apiErr = ErrAdminNoAccessKey
|
||||||
|
case auth.ErrNoSecretKeyWithAccessKey:
|
||||||
|
apiErr = ErrAdminNoSecretKey
|
||||||
case errInvalidStorageClass:
|
case errInvalidStorageClass:
|
||||||
apiErr = ErrInvalidStorageClass
|
apiErr = ErrInvalidStorageClass
|
||||||
case errErasureReadQuorum:
|
case errErasureReadQuorum:
|
||||||
|
File diff suppressed because one or more lines are too long
@ -940,6 +940,13 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
|
|||||||
return auth.Credentials{}, time.Time{}, errInvalidArgument
|
return auth.Credentials{}, time.Time{}, errInvalidArgument
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(opts.accessKey) > 0 && len(opts.secretKey) == 0 {
|
||||||
|
return auth.Credentials{}, time.Time{}, auth.ErrNoSecretKeyWithAccessKey
|
||||||
|
}
|
||||||
|
if len(opts.secretKey) > 0 && len(opts.accessKey) == 0 {
|
||||||
|
return auth.Credentials{}, time.Time{}, auth.ErrNoAccessKeyWithSecretKey
|
||||||
|
}
|
||||||
|
|
||||||
var policyBuf []byte
|
var policyBuf []byte
|
||||||
if opts.sessionPolicy != nil {
|
if opts.sessionPolicy != nil {
|
||||||
err := opts.sessionPolicy.Validate()
|
err := opts.sessionPolicy.Validate()
|
||||||
@ -983,7 +990,7 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
|
|||||||
|
|
||||||
var accessKey, secretKey string
|
var accessKey, secretKey string
|
||||||
var err error
|
var err error
|
||||||
if len(opts.accessKey) > 0 {
|
if len(opts.accessKey) > 0 || len(opts.secretKey) > 0 {
|
||||||
accessKey, secretKey = opts.accessKey, opts.secretKey
|
accessKey, secretKey = opts.accessKey, opts.secretKey
|
||||||
} else {
|
} else {
|
||||||
accessKey, secretKey, err = auth.GenerateCredentials()
|
accessKey, secretKey, err = auth.GenerateCredentials()
|
||||||
|
@ -57,8 +57,10 @@ const (
|
|||||||
|
|
||||||
// Common errors generated for access and secret key validation.
|
// Common errors generated for access and secret key validation.
|
||||||
var (
|
var (
|
||||||
ErrInvalidAccessKeyLength = fmt.Errorf("access key length should be between %d and %d", accessKeyMinLen, accessKeyMaxLen)
|
ErrInvalidAccessKeyLength = fmt.Errorf("access key length should be between %d and %d", accessKeyMinLen, accessKeyMaxLen)
|
||||||
ErrInvalidSecretKeyLength = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen)
|
ErrInvalidSecretKeyLength = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen)
|
||||||
|
ErrNoAccessKeyWithSecretKey = fmt.Errorf("access key must be specified if secret key is specified")
|
||||||
|
ErrNoSecretKeyWithAccessKey = fmt.Errorf("secret key must be specified if access key is specified")
|
||||||
)
|
)
|
||||||
|
|
||||||
// AnonymousCredentials simply points to empty credentials
|
// AnonymousCredentials simply points to empty credentials
|
||||||
|
Loading…
Reference in New Issue
Block a user