fix: remove policy mapping file when empty (#18828)

On a policy detach operation, if there are no policies remaining
attached to the user/group, remove the policy mapping file, instead of
leaving a file containing an empty list of policies.
This commit is contained in:
Aditya Manthramurthy 2024-01-19 10:31:40 -08:00 committed by GitHub
parent c66c5828ea
commit cc960adbee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1017,18 +1017,37 @@ func (store *IAMStoreSys) PolicyDBUpdate(ctx context.Context, name string, isGro
newPolicyMapping.UpdatedAt = UTCNow()
addedOrRemoved = policiesToUpdate.ToSlice()
if err = store.saveMappedPolicy(ctx, name, userType, isGroup, newPolicyMapping); err != nil {
return
}
if !isGroup {
if userType == stsUser {
cache.iamSTSPolicyMap[name] = newPolicyMapping
// In case of detach operation, it is possible that no policies are mapped -
// in this case, we delete the mapping from the store.
if len(newPolicies) == 0 {
if err = store.deleteMappedPolicy(ctx, name, userType, isGroup); err != nil && !errors.Is(err, errNoSuchPolicy) {
return
}
if !isGroup {
if userType == stsUser {
delete(cache.iamSTSPolicyMap, name)
} else {
delete(cache.iamUserPolicyMap, name)
}
} else {
cache.iamUserPolicyMap[name] = newPolicyMapping
delete(cache.iamGroupPolicyMap, name)
}
} else {
cache.iamGroupPolicyMap[name] = newPolicyMapping
if err = store.saveMappedPolicy(ctx, name, userType, isGroup, newPolicyMapping); err != nil {
return
}
if !isGroup {
if userType == stsUser {
cache.iamSTSPolicyMap[name] = newPolicyMapping
} else {
cache.iamUserPolicyMap[name] = newPolicyMapping
}
} else {
cache.iamGroupPolicyMap[name] = newPolicyMapping
}
}
cache.updatedAt = UTCNow()
return cache.updatedAt, addedOrRemoved, newPolicies, nil
}