MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

service accounts are allowed to have no expiration (#17397)

This commit is contained in:
Harshavardhana 2023-06-11 10:34:59 -07:00 committed by GitHub
parent 43468f4d47
commit c9e87f0548
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/iam-store.go
View File

@ -2343,11 +2343,17 @@ func extractJWTClaims(u UserIdentity) (*jwt.MapClaims, error) {
} }
func validateSvcExpirationInUTC(expirationInUTC time.Time) error { func validateSvcExpirationInUTC(expirationInUTC time.Time) error {
if expirationInUTC.IsZero() || expirationInUTC.Equal(timeSentinel) {
// Service accounts might not have expiration in older releases.
return nil
}
currentTime := time.Now().UTC() currentTime := time.Now().UTC()
minExpiration := currentTime.Add(minServiceAccountExpiry) minExpiration := currentTime.Add(minServiceAccountExpiry)
maxExpiration := currentTime.Add(maxServiceAccountExpiry) maxExpiration := currentTime.Add(maxServiceAccountExpiry)
if expirationInUTC.Before(minExpiration) || expirationInUTC.After(maxExpiration) { if expirationInUTC.Before(minExpiration) || expirationInUTC.After(maxExpiration) {
return errInvalidSvcAcctExpiration return errInvalidSvcAcctExpiration
} }
return nil return nil
} }