fix: allow delayed etcd updates to have fallbacks (#11151)

fixes #11149
2025-10-29 15:55:00 -04:00 · 2021-01-19 10:05:41 -08:00 · 2021-01-19 10:05:41 -08:00 · a5e23a40ff
commit a5e23a40ff
parent 1ad2b7b699
1 changed files with 22 additions and 5 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@ -1162,10 +1162,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
 		return cred, false
 	}

-	sys.store.rlock()
-	fallback := sys.storeFallback
-	sys.store.runlock()
-	if fallback {
+	reloadUser := func() {
 		sys.store.lock()
 		// If user is already found proceed.
 		if _, found := sys.iamUsersMap[accessKey]; !found {
@ -1204,9 +1201,29 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
 	}

 	sys.store.rlock()
+	fallback := sys.storeFallback
+	sys.store.runlock()
+	if fallback {
+		reloadUser()
+	}
+
+	sys.store.rlock()
+	cred, ok = sys.iamUsersMap[accessKey]
+	if !ok && !fallback {
+		sys.store.runlock()
+		// accessKey not found, also
+		// IAM store is not in fallback mode
+		// we can try to reload again from
+		// the IAM store and see if credential
+		// exists now. If it doesn't proceed to
+		// fail.
+		reloadUser()
+
+		sys.store.rlock()
+		cred, ok = sys.iamUsersMap[accessKey]
+	}
 	defer sys.store.runlock()

-	cred, ok = sys.iamUsersMap[accessKey]
 	if ok && cred.IsValid() {
 		if cred.ParentUser != "" && sys.usersSysType == MinIOUsersSysType {
 			_, ok = sys.iamUsersMap[cred.ParentUser]