From cb0b36f8c2c0d779bae51418738d0473e2e0d24f Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@users.noreply.github.com>
Date: Fri, 7 May 2021 17:13:30 +0100
Subject: [PATCH] svcacct: Fix updating service account and add missing check
 (#12251)

UpdateServiceAccount ignores updating fields when not passed from upper
layer, such as empty policy, empty account status, and empty secret key.

This PR will check for a secret key only if it is empty and add more
check on the value of the account status.

Signed-off-by: Anis Elleuch <anis@min.io>
---
 cmd/iam.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/cmd/iam.go b/cmd/iam.go
index ac50d2cfe..de2864043 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -1203,16 +1203,21 @@ func (sys *IAMSys) UpdateServiceAccount(ctx context.Context, accessKey string, o
 		return errNoSuchServiceAccount
 	}
 
-	if !auth.IsSecretKeyValid(opts.secretKey) {
-		return auth.ErrInvalidSecretKeyLength
-	}
-
 	if opts.secretKey != "" {
+		if !auth.IsSecretKeyValid(opts.secretKey) {
+			return auth.ErrInvalidSecretKeyLength
+		}
 		cr.SecretKey = opts.secretKey
 	}
 
-	if opts.status != "" {
+	switch opts.status {
+	// The caller did not ask to update status account, do nothing
+	case "":
+	// Update account status
+	case auth.AccountOn, auth.AccountOff:
 		cr.Status = opts.status
+	default:
+		return errors.New("unknown account status value")
 	}
 
 	if opts.sessionPolicy != nil {