mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
Fix listing of service and sts accounts (#14977)
Now returns user does not exist error if the user is not known to the system
This commit is contained in:
parent
dea8220eee
commit
5aae7178ad
@ -1795,14 +1795,29 @@ func (store *IAMStoreSys) ListTempAccounts(ctx context.Context, accessKey string
|
|||||||
cache := store.rlock()
|
cache := store.rlock()
|
||||||
defer store.runlock()
|
defer store.runlock()
|
||||||
|
|
||||||
|
userExists := false
|
||||||
var tempAccounts []auth.Credentials
|
var tempAccounts []auth.Credentials
|
||||||
for _, v := range cache.iamUsersMap {
|
for _, v := range cache.iamUsersMap {
|
||||||
if v.IsTemp() && v.ParentUser == accessKey {
|
isDerived := false
|
||||||
// Hide secret key & session key here
|
if v.IsServiceAccount() || v.IsTemp() {
|
||||||
v.SecretKey = ""
|
isDerived = true
|
||||||
v.SessionToken = ""
|
|
||||||
tempAccounts = append(tempAccounts, v)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !isDerived && v.AccessKey == accessKey {
|
||||||
|
userExists = true
|
||||||
|
} else if isDerived && v.ParentUser == accessKey {
|
||||||
|
userExists = true
|
||||||
|
if v.IsTemp() {
|
||||||
|
// Hide secret key & session key here
|
||||||
|
v.SecretKey = ""
|
||||||
|
v.SessionToken = ""
|
||||||
|
tempAccounts = append(tempAccounts, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !userExists {
|
||||||
|
return nil, errNoSuchUser
|
||||||
}
|
}
|
||||||
|
|
||||||
return tempAccounts, nil
|
return tempAccounts, nil
|
||||||
@ -1813,14 +1828,29 @@ func (store *IAMStoreSys) ListServiceAccounts(ctx context.Context, accessKey str
|
|||||||
cache := store.rlock()
|
cache := store.rlock()
|
||||||
defer store.runlock()
|
defer store.runlock()
|
||||||
|
|
||||||
|
userExists := false
|
||||||
var serviceAccounts []auth.Credentials
|
var serviceAccounts []auth.Credentials
|
||||||
for _, v := range cache.iamUsersMap {
|
for _, v := range cache.iamUsersMap {
|
||||||
if v.IsServiceAccount() && v.ParentUser == accessKey {
|
isDerived := false
|
||||||
// Hide secret key & session key here
|
if v.IsServiceAccount() || v.IsTemp() {
|
||||||
v.SecretKey = ""
|
isDerived = true
|
||||||
v.SessionToken = ""
|
|
||||||
serviceAccounts = append(serviceAccounts, v)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !isDerived && v.AccessKey == accessKey {
|
||||||
|
userExists = true
|
||||||
|
} else if isDerived && v.ParentUser == accessKey {
|
||||||
|
userExists = true
|
||||||
|
if v.IsServiceAccount() {
|
||||||
|
// Hide secret key & session key here
|
||||||
|
v.SecretKey = ""
|
||||||
|
v.SessionToken = ""
|
||||||
|
serviceAccounts = append(serviceAccounts, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !userExists {
|
||||||
|
return nil, errNoSuchUser
|
||||||
}
|
}
|
||||||
|
|
||||||
return serviceAccounts, nil
|
return serviceAccounts, nil
|
||||||
|
Loading…
Reference in New Issue
Block a user