From 930943f058f01f37cfbc2265d5f80ea7026ec55d Mon Sep 17 00:00:00 2001
From: kannappanr <30541348+kannappanr@users.noreply.github.com>
Date: Tue, 6 Aug 2019 17:06:31 -0700
Subject: [PATCH] Fix IAM users migration regression in etcd (#8029)

PR #8008 did not migrate user data stored in etcd.
This PR fixes that.
---
 cmd/iam.go | 36 +++++++++++++++++++++++++++---------
 go.mod     |  3 +++
 go.sum     |  4 ++--
 3 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/cmd/iam.go b/cmd/iam.go
index 40462bcb0..993f905c6 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -302,7 +302,9 @@ func loadUser(objectAPI ObjectLayer, user string, isSTS bool,
 	}
 
 	// In some cases access key may not be set, so we set it explicitly.
-	u.Credentials.AccessKey = user
+	if u.Credentials.AccessKey == "" {
+		u.Credentials.AccessKey = user
+	}
 	m[user] = u.Credentials
 	return nil
 }
@@ -370,9 +372,14 @@ func loadMappedPolicy(objectAPI ObjectLayer, name string, isSTS, isGroup bool,
 func loadMappedPolicies(objectAPI ObjectLayer, isSTS, isGroup bool, m map[string]MappedPolicy) error {
 	doneCh := make(chan struct{})
 	defer close(doneCh)
-	basePath := iamConfigPolicyDBUsersPrefix
-	if isSTS {
+	var basePath string
+	switch {
+	case isSTS:
 		basePath = iamConfigPolicyDBSTSUsersPrefix
+	case isGroup:
+		basePath = iamConfigPolicyDBGroupsPrefix
+	default:
+		basePath = iamConfigPolicyDBUsersPrefix
 	}
 	for item := range listIAMConfigItems(objectAPI, basePath, false, doneCh) {
 		if item.Err != nil {
@@ -778,6 +785,7 @@ func migrateUsersConfigEtcdToV1(isSTS bool) error {
 
 		// Found a id file in old format. Copy value
 		// into new format and save it.
+		cred.AccessKey = user
 		u := newUserIdentity(cred)
 		if err := saveIAMConfigItemEtcd(ctx, u, identityPath); err != nil {
 			logger.LogIf(context.Background(), err)
@@ -1742,16 +1750,21 @@ func loadEtcdMappedPolicy(ctx context.Context, name string, isSTS, isGroup bool,
 func loadEtcdMappedPolicies(isSTS, isGroup bool, m map[string]MappedPolicy) error {
 	ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
 	defer cancel()
-	basePrefix := iamConfigPolicyDBUsersPrefix
-	if isSTS {
-		basePrefix = iamConfigPolicyDBSTSUsersPrefix
+	var basePath string
+	switch {
+	case isSTS:
+		basePath = iamConfigPolicyDBSTSUsersPrefix
+	case isGroup:
+		basePath = iamConfigPolicyDBGroupsPrefix
+	default:
+		basePath = iamConfigPolicyDBUsersPrefix
 	}
-	r, err := globalEtcdClient.Get(ctx, basePrefix, etcd.WithPrefix(), etcd.WithKeysOnly())
+	r, err := globalEtcdClient.Get(ctx, basePath, etcd.WithPrefix(), etcd.WithKeysOnly())
 	if err != nil {
 		return err
 	}
 
-	users := etcdKvsToSetPolicyDB(basePrefix, r.Kvs)
+	users := etcdKvsToSetPolicyDB(basePath, r.Kvs)
 
 	// Reload config and policies for all users.
 	for _, user := range users.ToSlice() {
@@ -1776,6 +1789,9 @@ func loadEtcdUser(ctx context.Context, user string, isSTS bool, m map[string]aut
 		return nil
 	}
 
+	if u.Credentials.AccessKey == "" {
+		u.Credentials.AccessKey = user
+	}
 	m[user] = u.Credentials
 	return nil
 }
@@ -1900,6 +1916,7 @@ func (sys *IAMSys) refreshEtcd() error {
 		return err
 	}
 
+	// load policies mapped for long-term users
 	if err := loadEtcdMappedPolicies(false, false, iamUserPolicyMap); err != nil {
 		return err
 	}
@@ -1949,6 +1966,7 @@ func (sys *IAMSys) refresh(objAPI ObjectLayer) error {
 		return err
 	}
 
+	// load policies mapped for long-term users
 	if err := loadMappedPolicies(objAPI, false, false, iamUserPolicyMap); err != nil {
 		return err
 	}
@@ -1957,7 +1975,7 @@ func (sys *IAMSys) refresh(objAPI ObjectLayer) error {
 		return err
 	}
 	// load policies mapped to groups
-	if err := loadMappedPolicies(objAPI, false, false, iamGroupPolicyMap); err != nil {
+	if err := loadMappedPolicies(objAPI, false, true, iamGroupPolicyMap); err != nil {
 		return err
 	}
 
diff --git a/go.mod b/go.mod
index 8e9e14877..b17c6bdaa 100644
--- a/go.mod
+++ b/go.mod
@@ -102,3 +102,6 @@ require (
 	gopkg.in/olivere/elastic.v5 v5.0.80
 	gopkg.in/yaml.v2 v2.2.2
 )
+
+// Added for go1.13 migration https://github.com/golang/go/issues/32805
+replace github.com/gorilla/rpc v1.2.0+incompatible => github.com/gorilla/rpc v1.2.0
diff --git a/go.sum b/go.sum
index fb971d65c..8080fb826 100644
--- a/go.sum
+++ b/go.sum
@@ -222,8 +222,8 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
 github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/rpc v0.0.0-20160517062331-bd3317b8f670/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
-github.com/gorilla/rpc v1.2.0+incompatible h1:V3Dz9mWwCvHKm0N+mVM2A/hShV+hLUMUdzoyHQjr1NA=
-github.com/gorilla/rpc v1.2.0+incompatible/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
+github.com/gorilla/rpc v1.2.0 h1:WvvdC2lNeT1SP32zrIce5l0ECBfbAlmrmSBsuc57wfk=
+github.com/gorilla/rpc v1.2.0/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
 github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=