Added support for second access key s3 access

aayushchouhan09 · aayushchouhan09 · commit c3bf10b7b18c · 2025-11-21T13:43:02.000+05:30
Signed-off-by: Aayush Chouhan &lt;achouhan@redhat.com&gt;
diff --git a/src/server/common_services/auth_server.js b/src/server/common_services/auth_server.js
@@ -187,18 +187,25 @@ function create_access_key_auth(req) {
     }
 
     const account = _.find(system_store.data.accounts, function(acc) {
-        if (acc.access_keys) {
-            return acc.access_keys[0].access_key.unwrap().toString() === access_key.toString();
-        } else {
-            return false;
-        }
+        return acc.access_keys && acc.access_keys.length > 0 &&
+            acc.access_keys.some(key =>
+                key.access_key.unwrap().toString() === access_key.toString()
+            );
     });
 
     if (!account || account.deleted) {
         throw new RpcError('UNAUTHORIZED', 'account not found');
     }
 
-    const secret = account.access_keys[0].secret_key.unwrap().toString();
+    const key_pair = account.access_keys.find(key =>
+        key.access_key.unwrap().toString() === access_key.toString()
+    );
+
+    if (key_pair.deactivated) {
+        throw new RpcError('UNAUTHORIZED', 'access key is deactivated');
+    }
+
+    const secret = key_pair.secret_key.unwrap().toString();
     const signature_test = signature_utils.get_signature_from_auth_token({ string_to_sign: string_to_sign }, secret);
     if (signature_test !== signature) {
         throw new RpcError('UNAUTHORIZED', 'signature error');
@@ -316,14 +323,24 @@ function _authorize_signature_token(req) {
     const auth_token_obj = req.auth_token;
 
     const account = _.find(system_store.data.accounts, function(acc) {
-        return acc.access_keys &&
-            acc.access_keys[0].access_key.unwrap() ===
-            auth_token_obj.access_key;
+        return acc.access_keys && acc.access_keys.length > 0 &&
+            acc.access_keys.some(key =>
+                key.access_key.unwrap() === auth_token_obj.access_key
+            );
     });
     if (!account || account.deleted) {
         throw new RpcError('UNAUTHORIZED', 'account not found');
     }
-    const secret_key = account.access_keys[0].secret_key;
+
+    const key_pair = account.access_keys.find(key =>
+        key.access_key.unwrap() === auth_token_obj.access_key
+    );
+
+    if (key_pair.deactivated) {
+        throw new RpcError('UNAUTHORIZED', 'access key is deactivated');
+    }
+
+    const secret_key = key_pair.secret_key;
 
     const role = _.find(system_store.data.roles, function(r) {
         return r.account._id.toString() === account._id.toString();
diff --git a/src/server/system_services/account_server.js b/src/server/system_services/account_server.js
@@ -133,7 +133,8 @@ function read_account(req) {
 function read_account_by_access_key(req) {
     const { access_key } = req.rpc_params;
     const account = _.find(system_store.data.accounts, acc =>
-        acc.access_keys && acc.access_keys.length > 0 && acc.access_keys[0].access_key.unwrap() === access_key.unwrap()
+        acc.access_keys && acc.access_keys.length > 0 &&
+        acc.access_keys.some(key => key.access_key.unwrap() === access_key.unwrap())
     );
 
     if (!account) throw new RpcError('NO_SUCH_ACCOUNT', 'No such account with credentials: ' + access_key);
diff --git a/src/util/account_util.js b/src/util/account_util.js
@@ -283,11 +283,11 @@ function create_access_key_auth(req, account, is_iam) {
             account.access_keys = access_keys;
         }
         decrypted_access_keys = _.cloneDeep(account.access_keys);
-        account.access_keys[0] = {
-            access_key: account.access_keys[0].access_key,
+        account.access_keys = account.access_keys.map(key => ({
+            access_key: key.access_key,
             secret_key: system_store.master_key_manager.encrypt_sensitive_string_with_master_key_id(
-                account.access_keys[0].secret_key, account_mkey._id)
-        };
+                key.secret_key, account_mkey._id)
+        }));
     }
 
     return {
