Fix IAM users migration regression in etcd (#8029)

PR #8008 did not migrate user data stored in etcd.
This PR fixes that.
master
kannappanr 5 years ago committed by GitHub
parent e6d8e272ce
commit 930943f058
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 34
      cmd/iam.go
  2. 3
      go.mod
  3. 4
      go.sum

@ -302,7 +302,9 @@ func loadUser(objectAPI ObjectLayer, user string, isSTS bool,
} }
// In some cases access key may not be set, so we set it explicitly. // In some cases access key may not be set, so we set it explicitly.
if u.Credentials.AccessKey == "" {
u.Credentials.AccessKey = user u.Credentials.AccessKey = user
}
m[user] = u.Credentials m[user] = u.Credentials
return nil return nil
} }
@ -370,9 +372,14 @@ func loadMappedPolicy(objectAPI ObjectLayer, name string, isSTS, isGroup bool,
func loadMappedPolicies(objectAPI ObjectLayer, isSTS, isGroup bool, m map[string]MappedPolicy) error { func loadMappedPolicies(objectAPI ObjectLayer, isSTS, isGroup bool, m map[string]MappedPolicy) error {
doneCh := make(chan struct{}) doneCh := make(chan struct{})
defer close(doneCh) defer close(doneCh)
basePath := iamConfigPolicyDBUsersPrefix var basePath string
if isSTS { switch {
case isSTS:
basePath = iamConfigPolicyDBSTSUsersPrefix basePath = iamConfigPolicyDBSTSUsersPrefix
case isGroup:
basePath = iamConfigPolicyDBGroupsPrefix
default:
basePath = iamConfigPolicyDBUsersPrefix
} }
for item := range listIAMConfigItems(objectAPI, basePath, false, doneCh) { for item := range listIAMConfigItems(objectAPI, basePath, false, doneCh) {
if item.Err != nil { if item.Err != nil {
@ -778,6 +785,7 @@ func migrateUsersConfigEtcdToV1(isSTS bool) error {
// Found a id file in old format. Copy value // Found a id file in old format. Copy value
// into new format and save it. // into new format and save it.
cred.AccessKey = user
u := newUserIdentity(cred) u := newUserIdentity(cred)
if err := saveIAMConfigItemEtcd(ctx, u, identityPath); err != nil { if err := saveIAMConfigItemEtcd(ctx, u, identityPath); err != nil {
logger.LogIf(context.Background(), err) logger.LogIf(context.Background(), err)
@ -1742,16 +1750,21 @@ func loadEtcdMappedPolicy(ctx context.Context, name string, isSTS, isGroup bool,
func loadEtcdMappedPolicies(isSTS, isGroup bool, m map[string]MappedPolicy) error { func loadEtcdMappedPolicies(isSTS, isGroup bool, m map[string]MappedPolicy) error {
ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
defer cancel() defer cancel()
basePrefix := iamConfigPolicyDBUsersPrefix var basePath string
if isSTS { switch {
basePrefix = iamConfigPolicyDBSTSUsersPrefix case isSTS:
basePath = iamConfigPolicyDBSTSUsersPrefix
case isGroup:
basePath = iamConfigPolicyDBGroupsPrefix
default:
basePath = iamConfigPolicyDBUsersPrefix
} }
r, err := globalEtcdClient.Get(ctx, basePrefix, etcd.WithPrefix(), etcd.WithKeysOnly()) r, err := globalEtcdClient.Get(ctx, basePath, etcd.WithPrefix(), etcd.WithKeysOnly())
if err != nil { if err != nil {
return err return err
} }
users := etcdKvsToSetPolicyDB(basePrefix, r.Kvs) users := etcdKvsToSetPolicyDB(basePath, r.Kvs)
// Reload config and policies for all users. // Reload config and policies for all users.
for _, user := range users.ToSlice() { for _, user := range users.ToSlice() {
@ -1776,6 +1789,9 @@ func loadEtcdUser(ctx context.Context, user string, isSTS bool, m map[string]aut
return nil return nil
} }
if u.Credentials.AccessKey == "" {
u.Credentials.AccessKey = user
}
m[user] = u.Credentials m[user] = u.Credentials
return nil return nil
} }
@ -1900,6 +1916,7 @@ func (sys *IAMSys) refreshEtcd() error {
return err return err
} }
// load policies mapped for long-term users
if err := loadEtcdMappedPolicies(false, false, iamUserPolicyMap); err != nil { if err := loadEtcdMappedPolicies(false, false, iamUserPolicyMap); err != nil {
return err return err
} }
@ -1949,6 +1966,7 @@ func (sys *IAMSys) refresh(objAPI ObjectLayer) error {
return err return err
} }
// load policies mapped for long-term users
if err := loadMappedPolicies(objAPI, false, false, iamUserPolicyMap); err != nil { if err := loadMappedPolicies(objAPI, false, false, iamUserPolicyMap); err != nil {
return err return err
} }
@ -1957,7 +1975,7 @@ func (sys *IAMSys) refresh(objAPI ObjectLayer) error {
return err return err
} }
// load policies mapped to groups // load policies mapped to groups
if err := loadMappedPolicies(objAPI, false, false, iamGroupPolicyMap); err != nil { if err := loadMappedPolicies(objAPI, false, true, iamGroupPolicyMap); err != nil {
return err return err
} }

@ -102,3 +102,6 @@ require (
gopkg.in/olivere/elastic.v5 v5.0.80 gopkg.in/olivere/elastic.v5 v5.0.80
gopkg.in/yaml.v2 v2.2.2 gopkg.in/yaml.v2 v2.2.2
) )
// Added for go1.13 migration https://github.com/golang/go/issues/32805
replace github.com/gorilla/rpc v1.2.0+incompatible => github.com/gorilla/rpc v1.2.0

@ -222,8 +222,8 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U= github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/rpc v0.0.0-20160517062331-bd3317b8f670/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ= github.com/gorilla/rpc v0.0.0-20160517062331-bd3317b8f670/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
github.com/gorilla/rpc v1.2.0+incompatible h1:V3Dz9mWwCvHKm0N+mVM2A/hShV+hLUMUdzoyHQjr1NA= github.com/gorilla/rpc v1.2.0 h1:WvvdC2lNeT1SP32zrIce5l0ECBfbAlmrmSBsuc57wfk=
github.com/gorilla/rpc v1.2.0+incompatible/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ= github.com/gorilla/rpc v1.2.0/go.mod h1:V4h9r+4sF5HnzqbwIez0fKSpANP0zlYd3qR7p36jkTQ=
github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q= github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=

Loading…
Cancel
Save