Fixes#977
Changes the `GetUserAccount` method implementation in isma single user mode to return the root account, if the root user account is requested and ErrAdminUserNotFound otherwise. In result the `ChangeBucketOwner` admin api behavior is changed for the root user to be able to change the bucket owner to root in iam single user mode.
Fixes#524. The iam single needs to return ErrNoSuchUser instead of
ErrNotSupported in GetUserAccount to return the correct error
when the client access is not done by the single user account.
This fixes the internal error when accessing the gateway in
iam single user mode with incorrect access keys.
The local IAM accounts were being cached in memory for improved
performance, but this can be moved up a layer so that the cache
can benefit any configured IAM service.
This adds options to disable and tune TTL for cache. The balance
for the TTL is that a longer life will send requests to the IAM
service less frequently, but could be out of date with the service
accounts for that duration.
This moves the internal iam service from the posix backend so
that we can start implementing new iam services right in the auth
module.
The internal iam service has same behavior as before, but now
must be enabled with the --iam-dir cli option.
New single user service is the default when no other iam service
is selected. This just runs the gateway in single user mode with
just the root account.
