diff --git a/cmd/iam.go b/cmd/iam.go index 33572aa96..9249047b5 100644 --- a/cmd/iam.go +++ b/cmd/iam.go @@ -1191,7 +1191,7 @@ func (sys *IAMSys) PolicyDBSet(ctx context.Context, name, policy string, isGroup err := sys.store.PolicyDBSet(ctx, name, policy, userType, isGroup) if err != nil { - return nil + return err } // Notify all other MinIO peers to reload policy diff --git a/cmd/sts-handlers_test.go b/cmd/sts-handlers_test.go index 9790623e5..47c3dfba5 100644 --- a/cmd/sts-handlers_test.go +++ b/cmd/sts-handlers_test.go @@ -277,7 +277,13 @@ func (s *TestSuiteIAM) TestLDAPSTS(c *check) { c.Fatalf("Expected to fail to create STS cred with no associated policy!") } + // Attempting to set a non-existent policy should fail. userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" + err = s.adm.SetPolicy(ctx, policy+"x", userDN, false) + if err == nil { + c.Fatalf("should not be able to set non-existent policy") + } + err = s.adm.SetPolicy(ctx, policy, userDN, false) if err != nil { c.Fatalf("Unable to set policy: %v", err)