fix: seed mergedGroups from existing groups in MergeS3ApiConfiguration

Previously the merge started with empty group maps, dropping any static-file groups. Now seeds from existing iam.groups before overlaying dynamic config, and builds the reverse index after merging to avoid stale entries from overridden groups.
5 days ago · cdff00d832
1 changed files with 12 additions and 2 deletions
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@ -761,6 +761,10 @@ func (iam *IdentityAccessManagement) MergeS3ApiConfiguration(config *iam_pb.S3Ap
 	for k, v := range iam.staticIdentityNames {
 		staticNames[k] = v
 	}
+	existingGroups := make(map[string]*iam_pb.Group)
+	for k, v := range iam.groups {
+		existingGroups[k] = v
+	}
 	iam.m.RUnlock()

 	// Process accounts from dynamic config (can add new accounts)
@ -925,11 +929,17 @@ func (iam *IdentityAccessManagement) MergeS3ApiConfiguration(config *iam_pb.S3Ap
 		policies[policy.Name] = policy
 	}

-	// Process groups from dynamic config
+	// Process groups: seed from existing (static) groups, then overlay dynamic config
 	mergedGroups := make(map[string]*iam_pb.Group)
-	mergedUserGroups := make(map[string][]string)
+	for k, v := range existingGroups {
+		mergedGroups[k] = v
+	}
 	for _, g := range config.Groups {
 		mergedGroups[g.Name] = g
+	}
+	// Build reverse index from final merged groups
+	mergedUserGroups := make(map[string][]string)
+	for _, g := range mergedGroups {
 		if !g.Disabled {
 			for _, member := range g.Members {
 				mergedUserGroups[member] = append(mergedUserGroups[member], g.Name)