test(admin): cover list service account authorization (#2650)

Co-authored-by: houseme <housemecn@gmail.com>
2026-05-07 06:37:42 +08:00 · 2026-04-23 21:40:59 +08:00
parent de6fe816c2
commit 39f7de4450
1 changed files with 26 additions and 0 deletions
--- a/rustfs/src/admin/handlers/service_account.rs
+++ b/rustfs/src/admin/handlers/service_account.rs
@@ -1443,6 +1443,32 @@ mod tests {
        assert_eq!(query.list_type, ACCESS_KEY_LIST_ALL);
    }

+    #[test]
+    fn list_service_account_cross_user_uses_list_service_accounts_action() {
+        let src = include_str!("service_account.rs");
+        let list_start = src
+            .find("impl Operation for ListServiceAccount")
+            .expect("ListServiceAccount operation should exist");
+        let list_block = &src[list_start..];
+        let list_end = list_block
+            .find("struct ListAccessKeysQuery")
+            .expect("ListAccessKeysQuery marker should exist");
+        let list_block = &list_block[..list_end];
+
+        assert!(
+            list_block.contains("query.user.as_ref().is_some_and(") && list_block.contains("v != &cred.access_key"),
+            "cross-user ListServiceAccount path should stay explicitly guarded"
+        );
+        assert!(
+            list_block.contains("ListServiceAccountsAdminAction"),
+            "cross-user ListServiceAccount should authorize with ListServiceAccountsAdminAction"
+        );
+        assert!(
+            !list_block.contains("UpdateServiceAccountAdminAction"),
+            "cross-user ListServiceAccount must not require UpdateServiceAccountAdminAction"
+        );
+    }
+
    #[test]
    fn delete_service_account_uses_external_success_status() {
        assert_eq!(