Fix listing of service and sts accounts (#14977)

Now returns user does not exist error if the user is not known to the system
This commit is contained in:
Aditya Manthramurthy 2022-05-25 15:28:54 -07:00 committed by GitHub
parent dea8220eee
commit 5aae7178ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1795,15 +1795,30 @@ func (store *IAMStoreSys) ListTempAccounts(ctx context.Context, accessKey string
cache := store.rlock()
defer store.runlock()
userExists := false
var tempAccounts []auth.Credentials
for _, v := range cache.iamUsersMap {
if v.IsTemp() && v.ParentUser == accessKey {
isDerived := false
if v.IsServiceAccount() || v.IsTemp() {
isDerived = true
}
if !isDerived && v.AccessKey == accessKey {
userExists = true
} else if isDerived && v.ParentUser == accessKey {
userExists = true
if v.IsTemp() {
// Hide secret key & session key here
v.SecretKey = ""
v.SessionToken = ""
tempAccounts = append(tempAccounts, v)
}
}
}
if !userExists {
return nil, errNoSuchUser
}
return tempAccounts, nil
}
@ -1813,15 +1828,30 @@ func (store *IAMStoreSys) ListServiceAccounts(ctx context.Context, accessKey str
cache := store.rlock()
defer store.runlock()
userExists := false
var serviceAccounts []auth.Credentials
for _, v := range cache.iamUsersMap {
if v.IsServiceAccount() && v.ParentUser == accessKey {
isDerived := false
if v.IsServiceAccount() || v.IsTemp() {
isDerived = true
}
if !isDerived && v.AccessKey == accessKey {
userExists = true
} else if isDerived && v.ParentUser == accessKey {
userExists = true
if v.IsServiceAccount() {
// Hide secret key & session key here
v.SecretKey = ""
v.SessionToken = ""
serviceAccounts = append(serviceAccounts, v)
}
}
}
if !userExists {
return nil, errNoSuchUser
}
return serviceAccounts, nil
}