From 40c3fa501f54c714d6aafe98d49072b77cded1fd Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Wed, 6 Mar 2024 17:43:02 -0500 Subject: [PATCH] rgw/admin: 'user modify' won't change existing account id Signed-off-by: Casey Bodley (cherry picked from commit 750d2d69992fa6fc02d4b7497b5469daa7158ed5) --- src/rgw/driver/rados/rgw_user.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/rgw/driver/rados/rgw_user.cc b/src/rgw/driver/rados/rgw_user.cc index c71eed93767c..d764bd6c181e 100644 --- a/src/rgw/driver/rados/rgw_user.cc +++ b/src/rgw/driver/rados/rgw_user.cc @@ -2133,6 +2133,11 @@ int RGWUser::execute_modify(const DoutPrefixProvider *dpp, RGWUserAdminOpState& return -EINVAL; } if (user_info.account_id != op_state.account_id) { + // allow users to migrate into an account, but don't allow them to leave + if (!user_info.account_id.empty()) { + set_err_msg(err_msg, "users cannot be moved out of their account"); + return -EINVAL; + } user_info.account_id = op_state.account_id; // tenant must match new account.tenant -- 2.47.3