fix: site replication issues and add tests (#13861)

- deleting policies was deleting all LDAP user mapping, this was a regression introduced in #13567 - deleting of policies is properly sent across all sites. - remove unexpected errors instead embed the real errors as part of the 500 error response.
2025-11-07 21:02:58 -05:00 · 2021-12-08 11:50:15 -08:00
parent 92fdcafb66
commit e82a5c5c54
7 changed files with 215 additions and 49 deletions
--- a/cmd/iam-store.go
+++ b/cmd/iam-store.go
@@ -846,12 +846,14 @@ func (store *IAMStoreSys) PolicyNotificationHandler(ctx context.Context, policy
 			if !pset.Contains(policy) {
 				continue
 			}
-			_, ok := cache.iamUsersMap[u]
-			if !ok {
-				// happens when account is deleted or
-				// expired.
-				delete(cache.iamUserPolicyMap, u)
-				continue
+			if store.getUsersSysType() == MinIOUsersSysType {
+				_, ok := cache.iamUsersMap[u]
+				if !ok {
+					// happens when account is deleted or
+					// expired.
+					delete(cache.iamUserPolicyMap, u)
+					continue
+				}
 			}
 			pset.Remove(policy)
 			cache.iamUserPolicyMap[u] = newMappedPolicy(strings.Join(pset.ToSlice(), ","))
@@ -886,11 +888,13 @@ func (store *IAMStoreSys) DeletePolicy(ctx context.Context, policy string) error
 	groups := []string{}
 	for u, mp := range cache.iamUserPolicyMap {
 		pset := mp.policySet()
-		if _, ok := cache.iamUsersMap[u]; !ok {
-			// This case can happen when a temporary account is
-			// deleted or expired - remove it from userPolicyMap.
-			delete(cache.iamUserPolicyMap, u)
-			continue
+		if store.getUsersSysType() == MinIOUsersSysType {
+			if _, ok := cache.iamUsersMap[u]; !ok {
+				// This case can happen when a temporary account is
+				// deleted or expired - remove it from userPolicyMap.
+				delete(cache.iamUserPolicyMap, u)
+				continue
+			}
 		}
 		if pset.Contains(policy) {
 			users = append(users, u)