mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
service accounts are allowed to have no expiration (#17397)
This commit is contained in:
parent
43468f4d47
commit
c9e87f0548
@ -2343,11 +2343,17 @@ func extractJWTClaims(u UserIdentity) (*jwt.MapClaims, error) {
|
||||
}
|
||||
|
||||
func validateSvcExpirationInUTC(expirationInUTC time.Time) error {
|
||||
if expirationInUTC.IsZero() || expirationInUTC.Equal(timeSentinel) {
|
||||
// Service accounts might not have expiration in older releases.
|
||||
return nil
|
||||
}
|
||||
|
||||
currentTime := time.Now().UTC()
|
||||
minExpiration := currentTime.Add(minServiceAccountExpiry)
|
||||
maxExpiration := currentTime.Add(maxServiceAccountExpiry)
|
||||
if expirationInUTC.Before(minExpiration) || expirationInUTC.After(maxExpiration) {
|
||||
return errInvalidSvcAcctExpiration
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user