gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f64ce759e03052c1a87c5cc8a15dbe7bfb189dec
seaweedFS/weed/s3api/s3api_embedded_iam.go
Chris Lu f64ce759e0 feat(iam): add SetUserStatus and UpdateAccessKey actions (#7750) 
feat(iam): add SetUserStatus and UpdateAccessKey actions (#7745)

Add ability to enable/disable users and access keys without deleting them.

## Changes

### Protocol Buffer Updates
- Add `disabled` field (bool) to Identity message for user status
  - false (default) = enabled, true = disabled
  - No backward compatibility hack needed since zero value is correct
- Add `status` field (string: Active/Inactive) to Credential message

### New IAM Actions
- SetUserStatus: Enable or disable a user (requires admin)
- UpdateAccessKey: Change access key status (self-service or admin)

### Behavior
- Disabled users: All API requests return AccessDenied
- Inactive access keys: Signature validation fails
- Status check happens early in auth flow for performance
- Backward compatible: existing configs default to enabled (disabled=false)

### Use Cases
1. Temporary suspension: Disable user access during investigation
2. Key rotation: Deactivate old key before deletion
3. Offboarding: Disable rather than delete for audit purposes
4. Emergency response: Quickly disable compromised credentials

Fixes #7745
2025-12-14 18:48:39 -08:00

30 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink