mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
fix: Remove User should fail for a service account (#20677)
The RemoveUser API only removes internal users, and it reports success when it didnt find the internal user account for deletion. When provided with a service account, it should not report success as that is misleading.
This commit is contained in:
parent
7e0c1c9413
commit
9a39f8ad4d
@ -65,6 +65,17 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// This API only supports removal of internal users not service accounts.
|
||||
ok, _, err = globalIAMSys.IsServiceAccount(accessKey)
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
if ok {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errIAMActionNotAllowed), r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
// When the user is root credential you are not allowed to
|
||||
// remove the root user. Also you cannot delete yourself.
|
||||
if accessKey == globalActiveCred.AccessKey || accessKey == cred.AccessKey {
|
||||
|
Loading…
Reference in New Issue
Block a user