diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index c524a5676..31f6f852b 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -1039,8 +1039,13 @@ func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Req for _, svc := range serviceAccounts { expiryTime := svc.Expiration serviceAccountList = append(serviceAccountList, madmin.ServiceAccountInfo{ - AccessKey: svc.AccessKey, - Expiration: &expiryTime, + Description: svc.Description, + ParentUser: svc.ParentUser, + Name: svc.Name, + AccountStatus: svc.Status, + AccessKey: svc.AccessKey, + ImpliedPolicy: svc.IsImpliedPolicy(), + Expiration: &expiryTime, }) } diff --git a/go.mod b/go.mod index 2b1afc07e..9a870bade 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/minio/dperf v0.5.3 github.com/minio/highwayhash v1.0.2 github.com/minio/kms-go/kes v0.3.0 - github.com/minio/madmin-go/v3 v3.0.50 + github.com/minio/madmin-go/v3 v3.0.51 github.com/minio/minio-go/v7 v7.0.70 github.com/minio/mux v1.9.0 github.com/minio/pkg/v2 v2.0.17 diff --git a/go.sum b/go.sum index 1b1fd2b7e..477452789 100644 --- a/go.sum +++ b/go.sum @@ -438,8 +438,8 @@ github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/minio/kms-go/kes v0.3.0 h1:SU8VGVM/Hk9w1OiSby3OatkcojooUqIdDHl6dtM6NkY= github.com/minio/kms-go/kes v0.3.0/go.mod h1:w6DeVT878qEOU3nUrYVy1WOT5H1Ig9hbDIh698NYJKY= -github.com/minio/madmin-go/v3 v3.0.50 h1:+RQMetVFvPQmAOEDN/xmLhwk9+xOzu3rqwnlZEskgvg= -github.com/minio/madmin-go/v3 v3.0.50/go.mod h1:ZDF7kf5fhmxLhbGTqyq5efs4ao0v4eWf7nOuef/ljJs= +github.com/minio/madmin-go/v3 v3.0.51 h1:brGOvDP8KvoHb/bdzCHUPFCbTtrN8o507uPHZpyuinM= +github.com/minio/madmin-go/v3 v3.0.51/go.mod h1:IFAwr0XMrdsLovxAdCcuq/eoL4nRuMVQQv0iubJANQw= github.com/minio/mc v0.0.0-20240425223512-5dfaa31d67be h1:HobtnPBvp53b57oT+yV8VkrRBVICMX2UFhGG/Ch4KTw= github.com/minio/mc v0.0.0-20240425223512-5dfaa31d67be/go.mod h1:aOiBeSNmpfJn1yyz+EujrTM+XmUwkXiM69zSXg12VDM= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= diff --git a/internal/auth/credentials.go b/internal/auth/credentials.go index 35e2dbb8d..48206b606 100644 --- a/internal/auth/credentials.go +++ b/internal/auth/credentials.go @@ -156,6 +156,14 @@ func (cred Credentials) IsServiceAccount() bool { return cred.ParentUser != "" && ok } +// IsImpliedPolicy - returns if the policy is implied via ParentUser or not. +func (cred Credentials) IsImpliedPolicy() bool { + if cred.IsServiceAccount() { + return cred.Claims[iamPolicyClaimNameSA] == "inherited-policy" + } + return false +} + // IsValid - returns whether credential is valid or not. func (cred Credentials) IsValid() bool { // Verify credentials if its enabled or not set.