From e98e2231b08d62a547afd52705314ca5af1db913 Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Sun, 8 Mar 2026 20:12:26 -0700
Subject: [PATCH] fix: rollback inline policies on UpdateUser PutPolicies
 failure

If PutPolicies fails after moving inline policies to the new username,
restore both the identity name and the inline policies map to their
original state to avoid a partial-write window.
---
 weed/iamapi/iamapi_management_handlers.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/weed/iamapi/iamapi_management_handlers.go b/weed/iamapi/iamapi_management_handlers.go
index bbe6065bd..54c06f47b 100644
--- a/weed/iamapi/iamapi_management_handlers.go
+++ b/weed/iamapi/iamapi_management_handlers.go
@@ -279,6 +279,10 @@ func (iama *IamApiServer) UpdateUser(s3cfg *iam_pb.S3ApiConfiguration, values ur
 						delete(policies.InlinePolicies, userName)
 						policies.InlinePolicies[newUserName] = userPolicies
 						if pErr := iama.s3ApiConfig.PutPolicies(&policies); pErr != nil {
+							// Rollback: restore identity name and inline policies
+							ident.Name = userName
+							delete(policies.InlinePolicies, newUserName)
+							policies.InlinePolicies[userName] = userPolicies
 							return resp, &IamError{Code: iam.ErrCodeServiceFailureException, Error: pErr}
 						}
 					}