From 39dd9b6483159aa7f39af7dda63cc95f5445464d Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Thu, 15 Apr 2021 08:51:01 -0700
Subject: [PATCH] fix: do not return an error on expired credentials (#12057)

policy might have an associated mapping with an expired
user key, do not return an error during DeletePolicy
for such situations - proceed normally as its an
expected situation.
---
 cmd/iam.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cmd/iam.go b/cmd/iam.go
index b4299b08d..d32e8b30d 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -672,8 +672,10 @@ func (sys *IAMSys) DeletePolicy(policyName string) error {
 		if pset.Contains(policyName) {
 			cr, ok := sys.iamUsersMap[u]
 			if !ok {
-				// This case cannot happen
-				return errNoSuchUser
+				// This case can happen when an temporary account
+				// is deleted or expired, removed it from userPolicyMap.
+				delete(sys.iamUserPolicyMap, u)
+				continue
 			}
 			pset.Remove(policyName)
 			// User is from STS if the cred are temporary