maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix: allow service accounts for root credentials (#13412)

Browse source 
fixes #13407
This commit is contained in:
Harshavardhana 2021-10-11 13:40:13 -07:00 committed by GitHub
parent 02c24a860d
commit c19b1a143e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cmd/iam.go
View file

@ -2228,6 +2228,12 @@ func (sys *IAMSys) policyDBGet(name string, isGroup bool) (policies []string, er
mp, ok := sys.iamUserPolicyMap[name]
if !ok {
// Service accounts with root credentials, inherit parent permissions
if parentName == globalActiveCred.AccessKey && u.IsServiceAccount() {
// even if this is set, the claims present in the service
// accounts apply the final permissions if any.
return []string{"consoleAdmin"}, nil
}
if parentName != "" {
mp = sys.iamUserPolicyMap[parentName]
}