iam: Use 'on' for enabled accounts for consistency (#11913)

This commit does not fix any bug, just ensure consistency.
This commit is contained in:
Anis Elleuch 2021-03-29 17:32:36 +01:00 committed by GitHub
parent d93c6cb9c7
commit f5831174e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 7 deletions

View File

@ -30,7 +30,6 @@ import (
humanize "github.com/dustin/go-humanize" humanize "github.com/dustin/go-humanize"
"github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio-go/v7/pkg/set"
"github.com/minio/minio/cmd/config"
"github.com/minio/minio/cmd/logger" "github.com/minio/minio/cmd/logger"
"github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/auth"
iampolicy "github.com/minio/minio/pkg/iam/policy" iampolicy "github.com/minio/minio/pkg/iam/policy"
@ -1046,9 +1045,9 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
SecretKey: cred.SecretKey, SecretKey: cred.SecretKey,
Status: func() string { Status: func() string {
if status == madmin.AccountEnabled { if status == madmin.AccountEnabled {
return config.EnableOn return auth.AccountOn
} }
return config.EnableOff return auth.AccountOff
}(), }(),
}) })
@ -1231,7 +1230,12 @@ func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
u := newUserIdentity(auth.Credentials{ u := newUserIdentity(auth.Credentials{
AccessKey: accessKey, AccessKey: accessKey,
SecretKey: uinfo.SecretKey, SecretKey: uinfo.SecretKey,
Status: string(uinfo.Status), Status: func() string {
if uinfo.Status == madmin.AccountEnabled {
return auth.AccountOn
}
return auth.AccountOff
}(),
}) })
if err := sys.store.saveUserIdentity(context.Background(), accessKey, regularUser, u); err != nil { if err := sys.store.saveUserIdentity(context.Background(), accessKey, regularUser, u); err != nil {

View File

@ -83,6 +83,13 @@ var (
} }
) )
const (
// AccountOn indicates that credentials are enabled
AccountOn = "on"
// AccountOff indicates that credentials are disabled
AccountOff = "off"
)
// Credentials holds access and secret keys. // Credentials holds access and secret keys.
type Credentials struct { type Credentials struct {
AccessKey string `xml:"AccessKeyId" json:"accessKey,omitempty"` AccessKey string `xml:"AccessKeyId" json:"accessKey,omitempty"`
@ -132,7 +139,7 @@ func (cred Credentials) IsServiceAccount() bool {
// IsValid - returns whether credential is valid or not. // IsValid - returns whether credential is valid or not.
func (cred Credentials) IsValid() bool { func (cred Credentials) IsValid() bool {
// Verify credentials if its enabled or not set. // Verify credentials if its enabled or not set.
if cred.Status == "off" { if cred.Status == AccountOff {
return false return false
} }
return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired() return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
@ -212,7 +219,8 @@ func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string)
} }
cred.SecretKey = strings.Replace(string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]), cred.SecretKey = strings.Replace(string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]),
"/", "+", -1) "/", "+", -1)
cred.Status = "on"
cred.Status = AccountOn
if tokenSecret == "" { if tokenSecret == "" {
cred.Expiration = timeSentinel cred.Expiration = timeSentinel
@ -253,6 +261,6 @@ func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error
cred.AccessKey = accessKey cred.AccessKey = accessKey
cred.SecretKey = secretKey cred.SecretKey = secretKey
cred.Expiration = timeSentinel cred.Expiration = timeSentinel
cred.Status = "on" cred.Status = AccountOn
return cred, nil return cred, nil
} }