gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3tables: improve principal extraction using identity context

Browse Source
This commit is contained in:
Chris Lu
2026-01-28 12:30:29 -08:00
parent 5cea00ff07
commit 6d01e42cef
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
weed/s3api/s3tables/handler.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/seaweedfs/seaweedfs/weed/glog" "github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
) )
const ( const (
@@ -141,14 +142,18 @@ func (h *S3TablesHandler) HandleRequest(w http.ResponseWriter, r *http.Request,
// Principal/authorization helpers // Principal/authorization helpers
func (h *S3TablesHandler) getPrincipalFromRequest(r *http.Request) string { func (h *S3TablesHandler) getPrincipalFromRequest(r *http.Request) string {
// Extract principal from request headers // Prioritize identity from context (set by IAM middleware)
// This can be extended to parse AWS credentials, client certificates, etc. if identityName := s3_constants.GetIdentityNameFromContext(r); identityName != "" {
return identityName
}
// Fallback to request header (e.g., for testing or legacy clients)
principal := r.Header.Get("X-Amz-Principal") principal := r.Header.Get("X-Amz-Principal")
if principal != "" { if principal != "" {
return principal return principal
} }
// Default to account ID // Default to account ID (owner)
return h.accountID return h.accountID
} }