diff options
| author | chrislu <chris.lu@gmail.com> | 2022-08-30 09:37:52 -0700 |
|---|---|---|
| committer | chrislu <chris.lu@gmail.com> | 2022-08-30 09:37:52 -0700 |
| commit | d81db3c703d44fae2a797cf704ccfdf9c688a067 (patch) | |
| tree | 54a6d71e85cab12fc91e42e4726bfc09381d7aee | |
| parent | ade94b0d0a71db7db117454c075dc93f839e1c9c (diff) | |
| download | seaweedfs-d81db3c703d44fae2a797cf704ccfdf9c688a067.tar.xz seaweedfs-d81db3c703d44fae2a797cf704ccfdf9c688a067.zip | |
s3: fix configuring IAM for the same user
hi, how can I add bucket permission to a user now?
Previously, if I needed to add permission to an existing credential, I simply repeated the s3.configure command with a different bucket name.
Now I am getting error:
duplicate accessKey[ХХХХ], already configured in user[YYYY]
s3.configure -access_key key -actions Read,Write,List -buckets bucket1 -secret_key secr -user user1
s3.configure -access_key key -actions Read,Write,List -buckets bucket2 -secret_key secr -user user1
| -rw-r--r-- | weed/filer/s3iam_conf.go | 2 | ||||
| -rw-r--r-- | weed/filer/s3iam_conf_test.go | 35 |
2 files changed, 36 insertions, 1 deletions
diff --git a/weed/filer/s3iam_conf.go b/weed/filer/s3iam_conf.go index 24ed46be5..ce662b969 100644 --- a/weed/filer/s3iam_conf.go +++ b/weed/filer/s3iam_conf.go @@ -43,7 +43,7 @@ func CheckDuplicateAccessKey(s3cfg *iam_pb.S3ApiConfiguration) error { for _, cred := range ident.Credentials { if userName, found := accessKeySet[cred.AccessKey]; !found { accessKeySet[cred.AccessKey] = ident.Name - } else { + } else if userName != ident.Name { return fmt.Errorf("duplicate accessKey[%s], already configured in user[%s]", cred.AccessKey, userName) } } diff --git a/weed/filer/s3iam_conf_test.go b/weed/filer/s3iam_conf_test.go index 66944aa44..ab1af4bc1 100644 --- a/weed/filer/s3iam_conf_test.go +++ b/weed/filer/s3iam_conf_test.go @@ -115,6 +115,41 @@ func TestCheckDuplicateAccessKey(t *testing.T) { }, }, { + Name: "some_name", + Credentials: []*iam_pb.Credential{ + { + AccessKey: "some_access_key1", + SecretKey: "some_secret_key1", + }, + }, + Actions: []string{ + ACTION_READ, + ACTION_TAGGING, + ACTION_LIST, + }, + }, + }, + }, + "", + }, + { + &iam_pb.S3ApiConfiguration{ + Identities: []*iam_pb.Identity{ + { + Name: "some_name", + Credentials: []*iam_pb.Credential{ + { + AccessKey: "some_access_key1", + SecretKey: "some_secret_key1", + }, + }, + Actions: []string{ + ACTION_ADMIN, + ACTION_READ, + ACTION_WRITE, + }, + }, + { Name: "some_read_only_user", Credentials: []*iam_pb.Credential{ { |