fix: rollback inline policies on UpdateUser PutPolicies failure

If PutPolicies fails after moving inline policies to the new username, restore both the identity name and the inline policies map to their original state to avoid a partial-write window.
2 days ago · e98e2231b0
1 changed files with 4 additions and 0 deletions
--- a/weed/iamapi/iamapi_management_handlers.go
+++ b/weed/iamapi/iamapi_management_handlers.go
@ -279,6 +279,10 @@ func (iama *IamApiServer) UpdateUser(s3cfg *iam_pb.S3ApiConfiguration, values ur
 						delete(policies.InlinePolicies, userName)
 						policies.InlinePolicies[newUserName] = userPolicies
 						if pErr := iama.s3ApiConfig.PutPolicies(&policies); pErr != nil {
+							// Rollback: restore identity name and inline policies
+							ident.Name = userName
+							delete(policies.InlinePolicies, newUserName)
+							policies.InlinePolicies[userName] = userPolicies
 							return resp, &IamError{Code: iam.ErrCodeServiceFailureException, Error: pErr}
 						}
 					}