MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow service accounts for root credentials (#13412)

Browse Source 
fixes #13407
This commit is contained in:
Harshavardhana 2021-10-11 13:40:13 -07:00 committed by GitHub
parent 02c24a860d
commit c19b1a143e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/iam.go
View File

@ -2228,6 +2228,12 @@ func (sys *IAMSys) policyDBGet(name string, isGroup bool) (policies []string, er
mp, ok := sys.iamUserPolicyMap[name] mp, ok := sys.iamUserPolicyMap[name]
if !ok { if !ok {
// Service accounts with root credentials, inherit parent permissions
if parentName == globalActiveCred.AccessKey && u.IsServiceAccount() {
// even if this is set, the claims present in the service
// accounts apply the final permissions if any.
return []string{"consoleAdmin"}, nil
}
if parentName != "" { if parentName != "" {
mp = sys.iamUserPolicyMap[parentName] mp = sys.iamUserPolicyMap[parentName]
} }