s3: fix configuring IAM for the same user

hi, how can I add bucket permission to a user now?
Previously, if I needed to add permission to an existing credential, I simply repeated the s3.configure command with a different bucket name.
Now I am getting error:
duplicate accessKey[ХХХХ], already configured in user[YYYY]

s3.configure -access_key key -actions Read,Write,List -buckets bucket1 -secret_key secr -user user1
s3.configure -access_key key -actions Read,Write,List -buckets bucket2 -secret_key secr -user user1
This commit is contained in:
chrislu 2022-08-30 09:37:52 -07:00
parent ade94b0d0a
commit d81db3c703
2 changed files with 36 additions and 1 deletions

View file

@ -43,7 +43,7 @@ func CheckDuplicateAccessKey(s3cfg *iam_pb.S3ApiConfiguration) error {
for _, cred := range ident.Credentials { for _, cred := range ident.Credentials {
if userName, found := accessKeySet[cred.AccessKey]; !found { if userName, found := accessKeySet[cred.AccessKey]; !found {
accessKeySet[cred.AccessKey] = ident.Name accessKeySet[cred.AccessKey] = ident.Name
} else { } else if userName != ident.Name {
return fmt.Errorf("duplicate accessKey[%s], already configured in user[%s]", cred.AccessKey, userName) return fmt.Errorf("duplicate accessKey[%s], already configured in user[%s]", cred.AccessKey, userName)
} }
} }

View file

@ -97,6 +97,41 @@ func TestCheckDuplicateAccessKey(t *testing.T) {
}, },
"", "",
}, },
{
&iam_pb.S3ApiConfiguration{
Identities: []*iam_pb.Identity{
{
Name: "some_name",
Credentials: []*iam_pb.Credential{
{
AccessKey: "some_access_key1",
SecretKey: "some_secret_key1",
},
},
Actions: []string{
ACTION_ADMIN,
ACTION_READ,
ACTION_WRITE,
},
},
{
Name: "some_name",
Credentials: []*iam_pb.Credential{
{
AccessKey: "some_access_key1",
SecretKey: "some_secret_key1",
},
},
Actions: []string{
ACTION_READ,
ACTION_TAGGING,
ACTION_LIST,
},
},
},
},
"",
},
{ {
&iam_pb.S3ApiConfiguration{ &iam_pb.S3ApiConfiguration{
Identities: []*iam_pb.Identity{ Identities: []*iam_pb.Identity{