From 39f7de4450879b311539ec4ce2d228d8656ea63b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=89=E6=AD=A3=E8=B6=85?= Date: Thu, 23 Apr 2026 21:40:59 +0800 Subject: [PATCH] test(admin): cover list service account authorization (#2650) Co-authored-by: houseme --- rustfs/src/admin/handlers/service_account.rs | 26 ++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/rustfs/src/admin/handlers/service_account.rs b/rustfs/src/admin/handlers/service_account.rs index cdd7d3188..914a1f2b7 100644 --- a/rustfs/src/admin/handlers/service_account.rs +++ b/rustfs/src/admin/handlers/service_account.rs @@ -1443,6 +1443,32 @@ mod tests { assert_eq!(query.list_type, ACCESS_KEY_LIST_ALL); } + #[test] + fn list_service_account_cross_user_uses_list_service_accounts_action() { + let src = include_str!("service_account.rs"); + let list_start = src + .find("impl Operation for ListServiceAccount") + .expect("ListServiceAccount operation should exist"); + let list_block = &src[list_start..]; + let list_end = list_block + .find("struct ListAccessKeysQuery") + .expect("ListAccessKeysQuery marker should exist"); + let list_block = &list_block[..list_end]; + + assert!( + list_block.contains("query.user.as_ref().is_some_and(") && list_block.contains("v != &cred.access_key"), + "cross-user ListServiceAccount path should stay explicitly guarded" + ); + assert!( + list_block.contains("ListServiceAccountsAdminAction"), + "cross-user ListServiceAccount should authorize with ListServiceAccountsAdminAction" + ); + assert!( + !list_block.contains("UpdateServiceAccountAdminAction"), + "cross-user ListServiceAccount must not require UpdateServiceAccountAdminAction" + ); + } + #[test] fn delete_service_account_uses_external_success_status() { assert_eq!(