svc: Display the correct policy of a particular service account (#12064)

For InfoServiceAccount API, calculating the policy before showing it to the user was not correctly done (only UX issue, not a security issue) This commit fixes it.
2025-11-09 21:49:46 -05:00 · 2021-04-15 22:47:58 +01:00
parent 39dd9b6483
commit b6f5785a6d
2 changed files with 9 additions and 6 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -1138,7 +1138,7 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
 	}
 	cred.ParentUser = parentUser
 	cred.Groups = groups
-	cred.Status = string(madmin.AccountEnabled)
+	cred.Status = string(auth.AccountOn)

 	u := newUserIdentity(cred)

@@ -1257,10 +1257,13 @@ func (sys *IAMSys) GetServiceAccount(ctx context.Context, accessKey string) (aut
 		pt, ptok := jwtClaims.Lookup(iamPolicyClaimNameSA())
 		sp, spok := jwtClaims.Lookup(iampolicy.SessionPolicyName)
 		if ptok && spok && pt == "embedded-policy" {
-			p, err := iampolicy.ParseConfig(bytes.NewReader([]byte(sp)))
+			policyBytes, err := base64.StdEncoding.DecodeString(sp)
 			if err == nil {
-				embeddedPolicy = &iampolicy.Policy{}
-				embeddedPolicy.Merge(*p)
+				p, err := iampolicy.ParseConfig(bytes.NewReader(policyBytes))
+				if err == nil {
+					policy := iampolicy.Policy{}.Merge(*p)
+					embeddedPolicy = &policy
+				}
 			}
 		}
 	}