|
|
@ -461,7 +461,12 @@ func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Req |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
serviceAccounts, err := globalIAMSys.ListServiceAccounts(ctx, cred.AccessKey) |
|
|
|
parentUser := cred.AccessKey |
|
|
|
|
|
|
|
if cred.ParentUser != "" { |
|
|
|
|
|
|
|
parentUser = cred.ParentUser |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
serviceAccounts, err := globalIAMSys.ListServiceAccounts(ctx, parentUser) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) |
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) |
|
|
|
return |
|
|
|
return |
|
|
@ -521,8 +526,15 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if cred.AccessKey != user || cred.ParentUser != user { |
|
|
|
parentUser := cred.AccessKey |
|
|
|
// The service account belongs to another user but return not found error to mitigate brute force attacks.
|
|
|
|
if cred.ParentUser != "" { |
|
|
|
|
|
|
|
parentUser = cred.ParentUser |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if parentUser != user || user == "" { |
|
|
|
|
|
|
|
// The service account belongs to another user but return not
|
|
|
|
|
|
|
|
// found error to mitigate brute force attacks. or the
|
|
|
|
|
|
|
|
// serviceAccount doesn't exist.
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServiceAccountNotFound), r.URL) |
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServiceAccountNotFound), r.URL) |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|