Cannot list access keys for users created by openid on server configured as `mode-server-xl-single`

[drew-viles]

Expected behavior

Running the below would show all access keys no matter the installation type.

mc idp openid accesskey list ALIAS

Actual behavior

Running the above on a single server, deployed using the operator/tenant pattern in Kuberentes returns:

mc: <ERROR> Unable to list access keys. This 'admin' API is not supported by server in 'mode-server-xl-single'.

Steps to reproduce the behavior

Install minio using the operator/tenant helm charts with a single pool.

mc --version

• (paste output of mc --version)

mc version RELEASE.2025-05-21T01-59-54Z (commit-id=f71ad84bcf0fd4369691952af5d925347837dcec)
Runtime: go1.24.3 linux/amd64
Copyright (c) 2015-2025 MinIO, Inc.
License GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>

Additional Information

this is a bit of a security risk as far as I can see becuase not being able to revoke keys by users that have left the org means that with a valid access key, they can still access things the key grants access to. It'd be useful to revoke the key or at least get a lis of parent users that has been create via openid which can then be used to list access keys.

[drew-viles]

actually this might be a mc client server mismatch. Let me check and if so I'll close this.

[drew-viles]

Nope, it's not unfortunately. So is it possible to enable this on this deployment type? Seems strange it's limited to certain types of deployment since they all support the openID method.