gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Embed role policies in AssumeRole STS tokens (#8421)

Browse Source 
* Embed role policies in AssumeRole STS tokens

* Log STS policy lookup failures

* Use IAMManager provider

* Guard policy embedding role lookup
This commit is contained in:
Chris Lu
2026-02-23 22:59:53 -08:00
committed by GitHub
parent 3f58e3bf8f
commit 2d65d7f499
4 changed files with 148 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
weed/s3api/s3_iam_middleware.go
View File

@@ -47,6 +47,11 @@ type IAMIntegration interface {
DefaultAllow() bool
}
// IAMManagerProvider exposes the IAMManager backing an IAM integration.
type IAMManagerProvider interface {
GetIAMManager() *integration.IAMManager
}
// S3IAMIntegration provides IAM integration for S3 API
type S3IAMIntegration struct {
iamManager *integration.IAMManager
@@ -70,6 +75,11 @@ func NewS3IAMIntegration(iamManager *integration.IAMManager, filerAddress string
}
}
// GetIAMManager returns the IAMManager backing this integration.
func (s3iam *S3IAMIntegration) GetIAMManager() *integration.IAMManager {
return s3iam.iamManager
}
// AuthenticateJWT authenticates JWT tokens using our STS service
func (s3iam *S3IAMIntegration) AuthenticateJWT(ctx context.Context, r *http.Request) (*IAMIdentity, s3err.ErrorCode) {