mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
Move last remaining IAM notification calls into IAMSys methods (#13941)
This commit is contained in:
parent
e35709a99e
commit
6fbf4f96b6
@ -58,18 +58,10 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.DeleteUser(ctx, accessKey); err != nil {
|
if err := globalIAMSys.DeleteUser(ctx, accessKey, true); err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Notify all other MinIO peers to delete user.
|
|
||||||
for _, nerr := range globalNotificationSys.DeleteUser(accessKey) {
|
|
||||||
if nerr.Err != nil {
|
|
||||||
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
|
|
||||||
logger.LogIf(ctx, nerr.Err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListUsers - GET /minio/admin/v3/list-users?bucket={bucket}
|
// ListUsers - GET /minio/admin/v3/list-users?bucket={bucket}
|
||||||
@ -978,17 +970,11 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
err = globalIAMSys.DeleteServiceAccount(ctx, serviceAccount)
|
err = globalIAMSys.DeleteServiceAccount(ctx, serviceAccount, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
for _, nerr := range globalNotificationSys.DeleteServiceAccount(serviceAccount) {
|
|
||||||
if nerr.Err != nil {
|
|
||||||
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
|
|
||||||
logger.LogIf(ctx, nerr.Err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Call site replication hook. Only LDAP accounts are supported for
|
// Call site replication hook. Only LDAP accounts are supported for
|
||||||
// replication operations.
|
// replication operations.
|
||||||
|
35
cmd/iam.go
35
cmd/iam.go
@ -536,12 +536,26 @@ func (sys *IAMSys) SetPolicy(ctx context.Context, policyName string, p iampolicy
|
|||||||
}
|
}
|
||||||
|
|
||||||
// DeleteUser - delete user (only for long-term users not STS users).
|
// DeleteUser - delete user (only for long-term users not STS users).
|
||||||
func (sys *IAMSys) DeleteUser(ctx context.Context, accessKey string) error {
|
func (sys *IAMSys) DeleteUser(ctx context.Context, accessKey string, notifyPeers bool) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.DeleteUser(ctx, accessKey, regUser)
|
if err := sys.store.DeleteUser(ctx, accessKey, regUser); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Notify all other MinIO peers to delete user.
|
||||||
|
if notifyPeers && !sys.HasWatcher() {
|
||||||
|
for _, nerr := range sys.notificationSys.DeleteUser(accessKey) {
|
||||||
|
if nerr.Err != nil {
|
||||||
|
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
|
||||||
|
logger.LogIf(ctx, nerr.Err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CurrentPolicies - returns comma separated policy string, from
|
// CurrentPolicies - returns comma separated policy string, from
|
||||||
@ -912,7 +926,7 @@ func (sys *IAMSys) GetClaimsForSvcAcc(ctx context.Context, accessKey string) (ma
|
|||||||
}
|
}
|
||||||
|
|
||||||
// DeleteServiceAccount - delete a service account
|
// DeleteServiceAccount - delete a service account
|
||||||
func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) error {
|
func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string, notifyPeers bool) error {
|
||||||
if !sys.Initialized() {
|
if !sys.Initialized() {
|
||||||
return errServerNotInitialized
|
return errServerNotInitialized
|
||||||
}
|
}
|
||||||
@ -922,7 +936,20 @@ func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) e
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return sys.store.DeleteUser(ctx, accessKey, svcUser)
|
if err := sys.store.DeleteUser(ctx, accessKey, svcUser); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if notifyPeers && !sys.HasWatcher() {
|
||||||
|
for _, nerr := range sys.notificationSys.DeleteServiceAccount(accessKey) {
|
||||||
|
if nerr.Err != nil {
|
||||||
|
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
|
||||||
|
logger.LogIf(ctx, nerr.Err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateUser - create new user credentials and policy, if user already exists
|
// CreateUser - create new user credentials and policy, if user already exists
|
||||||
|
@ -157,7 +157,7 @@ func (s *peerRESTServer) DeleteServiceAccountHandler(w http.ResponseWriter, r *h
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.DeleteServiceAccount(r.Context(), accessKey); err != nil {
|
if err := globalIAMSys.DeleteServiceAccount(r.Context(), accessKey, false); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -209,7 +209,7 @@ func (s *peerRESTServer) DeleteUserHandler(w http.ResponseWriter, r *http.Reques
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := globalIAMSys.DeleteUser(r.Context(), accessKey); err != nil {
|
if err := globalIAMSys.DeleteUser(r.Context(), accessKey, false); err != nil {
|
||||||
s.writeErrorResponse(w, err)
|
s.writeErrorResponse(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1080,18 +1080,11 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
|
|||||||
}
|
}
|
||||||
|
|
||||||
case change.Delete != nil:
|
case change.Delete != nil:
|
||||||
err := globalIAMSys.DeleteServiceAccount(ctx, change.Delete.AccessKey)
|
err := globalIAMSys.DeleteServiceAccount(ctx, change.Delete.AccessKey, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return wrapSRErr(err)
|
return wrapSRErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, nerr := range globalNotificationSys.DeleteServiceAccount(change.Delete.AccessKey) {
|
|
||||||
if nerr.Err != nil {
|
|
||||||
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
|
|
||||||
logger.LogIf(ctx, nerr.Err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
Loading…
Reference in New Issue
Block a user