oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix IAM users migration regression in etcd (#8029)

Browse Source 
PR #8008 did not migrate user data stored in etcd.
This PR fixes that.
master
kannappanr 5 years ago committed by GitHub
parent e6d8e272ce
commit 930943f058
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 36
      cmd/iam.go
  2. 3
      go.mod
  3. 4
      go.sum

36
cmd/iam.go
Unescape View File

@ -302,7 +302,9 @@ func loadUser(objectAPI ObjectLayer, user string, isSTS bool,
}
// In some cases access key may not be set, so we set it explicitly.
u.Credentials.AccessKey = user
if u.Credentials.AccessKey == "" {
u.Credentials.AccessKey = user
}
m[user] = u.Credentials
return nil
}
@ -370,9 +372,14 @@ func loadMappedPolicy(objectAPI ObjectLayer, name string, isSTS, isGroup bool,
func loadMappedPolicies(objectAPI ObjectLayer, isSTS, isGroup bool, m map[string]MappedPolicy) error {
doneCh := make(chan struct{})
defer close(doneCh)
basePath := iamConfigPolicyDBUsersPrefix
if isSTS {
var basePath string
switch {
case isSTS:
basePath = iamConfigPolicyDBSTSUsersPrefix
case isGroup:
basePath = iamConfigPolicyDBGroupsPrefix
default:
basePath = iamConfigPolicyDBUsersPrefix
}
for item := range listIAMConfigItems(objectAPI, basePath, false, doneCh) {
if item.Err != nil {
@ -778,6 +785,7 @@ func migrateUsersConfigEtcdToV1(isSTS bool) error {
// Found a id file in old format. Copy value
// into new format and save it.
cred.AccessKey = user
u := newUserIdentity(cred)
if err := saveIAMConfigItemEtcd(ctx, u, identityPath); err != nil {
logger.LogIf(context.Background(), err)
@ -1742,16 +1750,21 @@ func loadEtcdMappedPolicy(ctx context.Context, name string, isSTS, isGroup bool,
func loadEtcdMappedPolicies(isSTS, isGroup bool, m map[string]MappedPolicy) error {
ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
defer cancel()
basePrefix := iamConfigPolicyDBUsersPrefix
if isSTS {
basePrefix = iamConfigPolicyDBSTSUsersPrefix
var basePath string
switch {
case isSTS:
basePath = iamConfigPolicyDBSTSUsersPrefix
case isGroup:
basePath = iamConfigPolicyDBGroupsPrefix
default:
basePath = iamConfigPolicyDBUsersPrefix
}
r, err := globalEtcdClient.Get(ctx, basePrefix, etcd.WithPrefix(), etcd.WithKeysOnly())
r, err := globalEtcdClient.Get(ctx, basePath, etcd.WithPrefix(), etcd.WithKeysOnly())
if err != nil {
return err
}
users := etcdKvsToSetPolicyDB(basePrefix, r.Kvs)
users := etcdKvsToSetPolicyDB(basePath, r.Kvs)
// Reload config and policies for all users.
for _, user := range users.ToSlice() {
@ -1776,6 +1789,9 @@ func loadEtcdUser(ctx context.Context, user string, isSTS bool, m map[string]aut
return nil
}
if u.Credentials.AccessKey == "" {
u.Credentials.AccessKey = user
}
m[user] = u.Credentials
return nil
}
@ -1900,6 +1916,7 @@ func (sys *IAMSys) refreshEtcd() error {
return err
}
// load policies mapped for long-term users
if err := loadEtcdMappedPolicies(false, false, iamUserPolicyMap); err != nil {
return err
}
@ -1949,6 +1966,7 @@ func (sys *IAMSys) refresh(objAPI ObjectLayer) error {
return err
}
// load policies mapped for long-term users
if err := loadMappedPolicies(objAPI, false, false, iamUserPolicyMap); err != nil {
return err
}
@ -1957,7 +1975,7 @@ func (sys *IAMSys) refresh(objAPI ObjectLayer) error {
return err
}
// load policies mapped to groups
if err := loadMappedPolicies(objAPI, false, false, iamGroupPolicyMap); err != nil {
if err := loadMappedPolicies(objAPI, false, true, iamGroupPolicyMap); err != nil {
return err
}

3
go.mod
Unescape View File

@ -102,3 +102,6 @@ require (
gopkg.in/olivere/elastic.v5 v5.0.80
gopkg.in/yaml.v2 v2.2.2
)
// Added for go1.13 migration https://github.com/golang/go/issues/32805
replace github.com/gorilla/rpc v1.2.0+incompatible => github.com/gorilla/rpc v1.2.0

4
go.sum
Unescape View File

@ -222,8 +222,8 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/rpc v0.0.0-20160517062331-bd3317b8f670/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
github.com/gorilla/rpc v1.2.0+incompatible h1:V3Dz9mWwCvHKm0N+mVM2A/hShV+hLUMUdzoyHQjr1NA=
github.com/gorilla/rpc v1.2.0+incompatible/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
github.com/gorilla/rpc v1.2.0 h1:WvvdC2lNeT1SP32zrIce5l0ECBfbAlmrmSBsuc57wfk=
github.com/gorilla/rpc v1.2.0/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=

Write Preview
Loading…
Cancel
Save