From f5831174e6daf2acd7ff17747d18c9aee1c288f8 Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@users.noreply.github.com>
Date: Mon, 29 Mar 2021 17:32:36 +0100
Subject: [PATCH] iam: Use 'on' for enabled accounts for consistency (#11913)

This commit does not fix any bug, just ensure consistency.
---
 cmd/iam.go              | 12 ++++++++----
 pkg/auth/credentials.go | 14 +++++++++++---
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/cmd/iam.go b/cmd/iam.go
index c0b3620f1..0c0680f85 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -30,7 +30,6 @@ import (
 
 	humanize "github.com/dustin/go-humanize"
 	"github.com/minio/minio-go/v7/pkg/set"
-	"github.com/minio/minio/cmd/config"
 	"github.com/minio/minio/cmd/logger"
 	"github.com/minio/minio/pkg/auth"
 	iampolicy "github.com/minio/minio/pkg/iam/policy"
@@ -1046,9 +1045,9 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
 		SecretKey: cred.SecretKey,
 		Status: func() string {
 			if status == madmin.AccountEnabled {
-				return config.EnableOn
+				return auth.AccountOn
 			}
-			return config.EnableOff
+			return auth.AccountOff
 		}(),
 	})
 
@@ -1231,7 +1230,12 @@ func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
 	u := newUserIdentity(auth.Credentials{
 		AccessKey: accessKey,
 		SecretKey: uinfo.SecretKey,
-		Status:    string(uinfo.Status),
+		Status: func() string {
+			if uinfo.Status == madmin.AccountEnabled {
+				return auth.AccountOn
+			}
+			return auth.AccountOff
+		}(),
 	})
 
 	if err := sys.store.saveUserIdentity(context.Background(), accessKey, regularUser, u); err != nil {
diff --git a/pkg/auth/credentials.go b/pkg/auth/credentials.go
index ea3a33987..4fd135e1e 100644
--- a/pkg/auth/credentials.go
+++ b/pkg/auth/credentials.go
@@ -83,6 +83,13 @@ var (
 	}
 )
 
+const (
+	// AccountOn indicates that credentials are enabled
+	AccountOn = "on"
+	// AccountOff indicates that credentials are disabled
+	AccountOff = "off"
+)
+
 // Credentials holds access and secret keys.
 type Credentials struct {
 	AccessKey    string    `xml:"AccessKeyId" json:"accessKey,omitempty"`
@@ -132,7 +139,7 @@ func (cred Credentials) IsServiceAccount() bool {
 // IsValid - returns whether credential is valid or not.
 func (cred Credentials) IsValid() bool {
 	// Verify credentials if its enabled or not set.
-	if cred.Status == "off" {
+	if cred.Status == AccountOff {
 		return false
 	}
 	return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
@@ -212,7 +219,8 @@ func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string)
 	}
 	cred.SecretKey = strings.Replace(string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]),
 		"/", "+", -1)
-	cred.Status = "on"
+
+	cred.Status = AccountOn
 
 	if tokenSecret == "" {
 		cred.Expiration = timeSentinel
@@ -253,6 +261,6 @@ func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error
 	cred.AccessKey = accessKey
 	cred.SecretKey = secretKey
 	cred.Expiration = timeSentinel
-	cred.Status = "on"
+	cred.Status = AccountOn
 	return cred, nil
 }