Move last remaining IAM notification calls into IAMSys methods (#13941)

This commit is contained in:
Aditya Manthramurthy 2021-12-21 02:16:50 -08:00 committed by GitHub
parent e35709a99e
commit 6fbf4f96b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 30 deletions

View File

@ -58,18 +58,10 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) {
return return
} }
if err := globalIAMSys.DeleteUser(ctx, accessKey); err != nil { if err := globalIAMSys.DeleteUser(ctx, accessKey, true); err != nil {
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
return return
} }
// Notify all other MinIO peers to delete user.
for _, nerr := range globalNotificationSys.DeleteUser(accessKey) {
if nerr.Err != nil {
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
logger.LogIf(ctx, nerr.Err)
}
}
} }
// ListUsers - GET /minio/admin/v3/list-users?bucket={bucket} // ListUsers - GET /minio/admin/v3/list-users?bucket={bucket}
@ -978,17 +970,11 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re
return return
} }
err = globalIAMSys.DeleteServiceAccount(ctx, serviceAccount) err = globalIAMSys.DeleteServiceAccount(ctx, serviceAccount, true)
if err != nil { if err != nil {
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
return return
} }
for _, nerr := range globalNotificationSys.DeleteServiceAccount(serviceAccount) {
if nerr.Err != nil {
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
logger.LogIf(ctx, nerr.Err)
}
}
// Call site replication hook. Only LDAP accounts are supported for // Call site replication hook. Only LDAP accounts are supported for
// replication operations. // replication operations.

View File

@ -536,12 +536,26 @@ func (sys *IAMSys) SetPolicy(ctx context.Context, policyName string, p iampolicy
} }
// DeleteUser - delete user (only for long-term users not STS users). // DeleteUser - delete user (only for long-term users not STS users).
func (sys *IAMSys) DeleteUser(ctx context.Context, accessKey string) error { func (sys *IAMSys) DeleteUser(ctx context.Context, accessKey string, notifyPeers bool) error {
if !sys.Initialized() { if !sys.Initialized() {
return errServerNotInitialized return errServerNotInitialized
} }
return sys.store.DeleteUser(ctx, accessKey, regUser) if err := sys.store.DeleteUser(ctx, accessKey, regUser); err != nil {
return err
}
// Notify all other MinIO peers to delete user.
if notifyPeers && !sys.HasWatcher() {
for _, nerr := range sys.notificationSys.DeleteUser(accessKey) {
if nerr.Err != nil {
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
logger.LogIf(ctx, nerr.Err)
}
}
}
return nil
} }
// CurrentPolicies - returns comma separated policy string, from // CurrentPolicies - returns comma separated policy string, from
@ -912,7 +926,7 @@ func (sys *IAMSys) GetClaimsForSvcAcc(ctx context.Context, accessKey string) (ma
} }
// DeleteServiceAccount - delete a service account // DeleteServiceAccount - delete a service account
func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) error { func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string, notifyPeers bool) error {
if !sys.Initialized() { if !sys.Initialized() {
return errServerNotInitialized return errServerNotInitialized
} }
@ -922,7 +936,20 @@ func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) e
return nil return nil
} }
return sys.store.DeleteUser(ctx, accessKey, svcUser) if err := sys.store.DeleteUser(ctx, accessKey, svcUser); err != nil {
return err
}
if notifyPeers && !sys.HasWatcher() {
for _, nerr := range sys.notificationSys.DeleteServiceAccount(accessKey) {
if nerr.Err != nil {
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
logger.LogIf(ctx, nerr.Err)
}
}
}
return nil
} }
// CreateUser - create new user credentials and policy, if user already exists // CreateUser - create new user credentials and policy, if user already exists

View File

@ -157,7 +157,7 @@ func (s *peerRESTServer) DeleteServiceAccountHandler(w http.ResponseWriter, r *h
return return
} }
if err := globalIAMSys.DeleteServiceAccount(r.Context(), accessKey); err != nil { if err := globalIAMSys.DeleteServiceAccount(r.Context(), accessKey, false); err != nil {
s.writeErrorResponse(w, err) s.writeErrorResponse(w, err)
return return
} }
@ -209,7 +209,7 @@ func (s *peerRESTServer) DeleteUserHandler(w http.ResponseWriter, r *http.Reques
return return
} }
if err := globalIAMSys.DeleteUser(r.Context(), accessKey); err != nil { if err := globalIAMSys.DeleteUser(r.Context(), accessKey, false); err != nil {
s.writeErrorResponse(w, err) s.writeErrorResponse(w, err)
return return
} }

View File

@ -1080,18 +1080,11 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
} }
case change.Delete != nil: case change.Delete != nil:
err := globalIAMSys.DeleteServiceAccount(ctx, change.Delete.AccessKey) err := globalIAMSys.DeleteServiceAccount(ctx, change.Delete.AccessKey, true)
if err != nil { if err != nil {
return wrapSRErr(err) return wrapSRErr(err)
} }
for _, nerr := range globalNotificationSys.DeleteServiceAccount(change.Delete.AccessKey) {
if nerr.Err != nil {
logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
logger.LogIf(ctx, nerr.Err)
}
}
} }
return nil return nil