iam: add input validation and persist groups during migration

- Validate nil/empty group name in CreateGroup and UpdateGroup - Save groups in migrateToMultiFile so they survive legacy migration
3 days ago · 5012a1b716
2 changed files with 14 additions and 1 deletions
--- a/weed/credential/filer_etc/filer_etc_group.go
+++ b/weed/credential/filer_etc/filer_etc_group.go
@ -93,6 +93,9 @@ func (store *FilerEtcStore) deleteGroupFile(ctx context.Context, groupName strin
 }

 func (store *FilerEtcStore) CreateGroup(ctx context.Context, group *iam_pb.Group) error {
+	if group == nil || group.Name == "" {
+		return fmt.Errorf("group name is required")
+	}
 	existing, err := store.GetGroup(ctx, group.Name)
 	if err != nil {
 		if !errors.Is(err, credential.ErrGroupNotFound) {
@ -151,6 +154,9 @@ func (store *FilerEtcStore) ListGroups(ctx context.Context) ([]string, error) {
 }

 func (store *FilerEtcStore) UpdateGroup(ctx context.Context, group *iam_pb.Group) error {
+	if group == nil || group.Name == "" {
+		return fmt.Errorf("group name is required")
+	}
 	if _, err := store.GetGroup(ctx, group.Name); err != nil {
 		return err
 	}
--- a/weed/credential/filer_etc/filer_etc_identity.go
+++ b/weed/credential/filer_etc/filer_etc_identity.go
@ -149,7 +149,14 @@ func (store *FilerEtcStore) migrateToMultiFile(ctx context.Context, s3cfg *iam_p
 		}
 	}

-	// 3. Rename legacy file
+	// 3. Save all groups
+	for _, g := range s3cfg.Groups {
+		if err := store.saveGroup(ctx, g); err != nil {
+			return err
+		}
+	}
+
+	// 4. Rename legacy file
 	return store.withFilerClient(func(client filer_pb.SeaweedFilerClient) error {
 		_, err := client.AtomicRenameEntry(ctx, &filer_pb.AtomicRenameEntryRequest{
 			OldDirectory: filer.IamConfigDirectory,