site replication: Avoid returning root svcacct info in sr metadata (#15608)

Service accounts of root users should not be replicated.
This commit is contained in:
Poorna 2022-08-29 11:19:51 -07:00 committed by GitHub
parent 97376f6e8f
commit 929b9e164e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -3322,8 +3322,11 @@ func (c *SiteReplicationSys) SiteReplicationMetaInfo(ctx context.Context, objAPI
return info, errSRBackendIssue(err)
}
for _, svcAcct := range svcAccts {
info.UserInfoMap[svcAcct.AccessKey] = madmin.UserInfo{
Status: madmin.AccountStatus(svcAcct.Status),
// report all non-root user accounts for syncing
if svcAcct.ParentUser != "" && svcAcct.ParentUser != globalActiveCred.AccessKey {
info.UserInfoMap[svcAcct.AccessKey] = madmin.UserInfo{
Status: madmin.AccountStatus(svcAcct.Status),
}
}
}
tempAccts, err := globalIAMSys.ListTempAccounts(ctx, user)