Allow setting non-existent policy on a user/group (#13898)

This commit is contained in:
Aditya Manthramurthy 2021-12-13 15:55:52 -08:00 committed by GitHub
parent 8144a125ce
commit de400f3473
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions

View File

@ -1191,7 +1191,7 @@ func (sys *IAMSys) PolicyDBSet(ctx context.Context, name, policy string, isGroup
err := sys.store.PolicyDBSet(ctx, name, policy, userType, isGroup) err := sys.store.PolicyDBSet(ctx, name, policy, userType, isGroup)
if err != nil { if err != nil {
return nil return err
} }
// Notify all other MinIO peers to reload policy // Notify all other MinIO peers to reload policy

View File

@ -277,7 +277,13 @@ func (s *TestSuiteIAM) TestLDAPSTS(c *check) {
c.Fatalf("Expected to fail to create STS cred with no associated policy!") c.Fatalf("Expected to fail to create STS cred with no associated policy!")
} }
// Attempting to set a non-existent policy should fail.
userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io" userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
err = s.adm.SetPolicy(ctx, policy+"x", userDN, false)
if err == nil {
c.Fatalf("should not be able to set non-existent policy")
}
err = s.adm.SetPolicy(ctx, policy, userDN, false) err = s.adm.SetPolicy(ctx, policy, userDN, false)
if err != nil { if err != nil {
c.Fatalf("Unable to set policy: %v", err) c.Fatalf("Unable to set policy: %v", err)