From 929b9e164ed8fc7912c324305adc97d1f5c5964d Mon Sep 17 00:00:00 2001 From: Poorna Date: Mon, 29 Aug 2022 11:19:51 -0700 Subject: [PATCH] site replication: Avoid returning root svcacct info in sr metadata (#15608) Service accounts of root users should not be replicated. --- cmd/site-replication.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cmd/site-replication.go b/cmd/site-replication.go index 898508530..5c3512be8 100644 --- a/cmd/site-replication.go +++ b/cmd/site-replication.go @@ -3322,8 +3322,11 @@ func (c *SiteReplicationSys) SiteReplicationMetaInfo(ctx context.Context, objAPI return info, errSRBackendIssue(err) } for _, svcAcct := range svcAccts { - info.UserInfoMap[svcAcct.AccessKey] = madmin.UserInfo{ - Status: madmin.AccountStatus(svcAcct.Status), + // report all non-root user accounts for syncing + if svcAcct.ParentUser != "" && svcAcct.ParentUser != globalActiveCred.AccessKey { + info.UserInfoMap[svcAcct.AccessKey] = madmin.UserInfo{ + Status: madmin.AccountStatus(svcAcct.Status), + } } } tempAccts, err := globalIAMSys.ListTempAccounts(ctx, user)