site replication: Avoid returning root svcacct info in sr metadata (#15608)

Service accounts of root users should not be replicated.
This commit is contained in:
Poorna 2022-08-29 11:19:51 -07:00 committed by GitHub
parent 97376f6e8f
commit 929b9e164e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -3322,8 +3322,11 @@ func (c *SiteReplicationSys) SiteReplicationMetaInfo(ctx context.Context, objAPI
return info, errSRBackendIssue(err) return info, errSRBackendIssue(err)
} }
for _, svcAcct := range svcAccts { for _, svcAcct := range svcAccts {
info.UserInfoMap[svcAcct.AccessKey] = madmin.UserInfo{ // report all non-root user accounts for syncing
Status: madmin.AccountStatus(svcAcct.Status), if svcAcct.ParentUser != "" && svcAcct.ParentUser != globalActiveCred.AccessKey {
info.UserInfoMap[svcAcct.AccessKey] = madmin.UserInfo{
Status: madmin.AccountStatus(svcAcct.Status),
}
} }
} }
tempAccts, err := globalIAMSys.ListTempAccounts(ctx, user) tempAccts, err := globalIAMSys.ListTempAccounts(ctx, user)