MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 13:39:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: load LDAP users appropriately (#9360)

Browse Source 
This PR also fixes issues when

deletePolicy, deleteUser is idempotent so can lead to
issues when client can prematurely timeout, so a retry
call error response should be ignored when call returns
http.StatusNotFound

Fixes #9347
This commit is contained in:
Harshavardhana
2020-04-16 16:22:34 -07:00
committed by GitHub
parent a51280fd20
commit c82fa2c829
5 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/iam.go
View File

@@ -404,8 +404,7 @@ func (sys *IAMSys) DeletePolicy(policyName string) error {
defer sys.store.unlock()
err := sys.store.deletePolicyDoc(policyName)
switch err.(type) {
case ObjectNotFound:
if err == errNoSuchPolicy {
// Ignore error if policy is already deleted.
err = nil
}
@@ -417,7 +416,6 @@ func (sys *IAMSys) DeletePolicy(policyName string) error {
var usersType []IAMUserType
for u, mp := range sys.iamUserPolicyMap {
if mp.Policy == policyName {
usersToDel = append(usersToDel, u)
cr, ok := sys.iamUsersMap[u]
if !ok {
// This case cannot happen
@@ -429,6 +427,7 @@ func (sys *IAMSys) DeletePolicy(policyName string) error {
} else {
usersType = append(usersType, regularUser)
}
usersToDel = append(usersToDel, u)
}
}
for i, u := range usersToDel {
@@ -538,8 +537,7 @@ func (sys *IAMSys) DeleteUser(accessKey string) error {
// It is ok to ignore deletion error on the mapped policy
sys.store.deleteMappedPolicy(accessKey, regularUser, false)
err := sys.store.deleteUserIdentity(accessKey, regularUser)
switch err.(type) {
case ObjectNotFound:
if err == errNoSuchUser {
// ignore if user is already deleted.
err = nil
}
@@ -1020,14 +1018,11 @@ func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
// len(gi.Members) == 0 here.
// Remove the group from storage. First delete the
// mapped policy.
err := sys.store.deleteMappedPolicy(group, regularUser, true)
// No-mapped-policy case is ignored.
if err != nil && err != errNoSuchPolicy {
// mapped policy. No-mapped-policy case is ignored.
if err := sys.store.deleteMappedPolicy(group, regularUser, true); err != nil && err != errNoSuchPolicy {
return err
}
err = sys.store.deleteGroupInfo(group)
if err != nil {
if err := sys.store.deleteGroupInfo(group); err != nil && err != errNoSuchGroup {
return err
}
@@ -1195,7 +1190,7 @@ func (sys *IAMSys) policyDBSet(name, policy string, userType IAMUserType, isGrou
// Handle policy mapping removal
if policy == "" {
if err := sys.store.deleteMappedPolicy(name, userType, isGroup); err != nil {
if err := sys.store.deleteMappedPolicy(name, userType, isGroup); err != nil && err != errNoSuchPolicy {
return err
}
if !isGroup {