From 526b829a09d1a21545491c8bdcb464b0a43ddc70 Mon Sep 17 00:00:00 2001 From: Poorna Date: Wed, 21 Feb 2024 02:09:33 -0800 Subject: [PATCH] site replication: Disallow removal of site-replicator account (#19092) --- cmd/admin-handlers-users.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index 457334216..7409307c7 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -1072,6 +1072,10 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re return } + if serviceAccount == siteReplicatorSvcAcc && globalSiteReplicationSys.isEnabled() { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidArgument), r.URL) + return + } // We do not care if service account is readable or not at this point, // since this is a delete call we shall allow it to be deleted if possible. svcAccount, _, err := globalIAMSys.GetServiceAccount(ctx, serviceAccount)