MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-03-20 12:34:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

iam reload policy mapping of STS users properly (#19626)

Browse Source
This commit is contained in:
Poorna 2024-04-27 03:04:10 -07:00 committed by GitHub
parent d8e05aca81
commit 9e95703efc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/iam-store.go
View File

@ -1634,6 +1634,8 @@ func (store *IAMStoreSys) PolicyMappingNotificationHandler(ctx context.Context,
switch { switch {
case isGroup: case isGroup:
m = cache.iamGroupPolicyMap m = cache.iamGroupPolicyMap
case userType == stsUser:
m = cache.iamSTSPolicyMap
default: default:
m = cache.iamUserPolicyMap m = cache.iamUserPolicyMap
} }
@ -2108,6 +2110,32 @@ func (store *IAMStoreSys) listPolicyMappings(cache *iamCache, policies []string,
} }
} }
} }
if iamOS, ok := store.IAMStorageAPI.(*IAMEtcdStore); ok {
m := xsync.NewMapOf[string, MappedPolicy]()
err := iamOS.loadMappedPolicies(context.Background(), stsUser, false, m)
if err == nil {
m.Range(func(user string, mappedPolicy MappedPolicy) bool {
if userPredicate != nil && !userPredicate(user) {
return true
}
commonPolicySet := mappedPolicy.policySet()
if !queryPolSet.IsEmpty() {
commonPolicySet = commonPolicySet.Intersection(queryPolSet)
}
for _, policy := range commonPolicySet.ToSlice() {
s, ok := policyToUsersMap[policy]
if !ok {
policyToUsersMap[policy] = set.CreateStringSet(user)
} else {
s.Add(user)
policyToUsersMap[policy] = s
}
}
return true
})
}
}
policyToGroupsMap := make(map[string]set.StringSet) policyToGroupsMap := make(map[string]set.StringSet)
cache.iamGroupPolicyMap.Range(func(group string, mappedPolicy MappedPolicy) bool { cache.iamGroupPolicyMap.Range(func(group string, mappedPolicy MappedPolicy) bool {