Add policy engine (#6970)

weed/s3api/s3_constants/extend_key.go

@@ -12,6 +12,9 @@ const (
 	ExtLatestVersionIdKey       = "Seaweed-X-Amz-Latest-Version-Id"
 	ExtLatestVersionFileNameKey = "Seaweed-X-Amz-Latest-Version-File-Name"
 
+	// Bucket Policy
+	ExtBucketPolicyKey = "Seaweed-X-Amz-Bucket-Policy"
+
 	// Object Retention and Legal Hold
 	ExtObjectLockModeKey     = "Seaweed-X-Amz-Object-Lock-Mode"
 	ExtRetentionUntilDateKey = "Seaweed-X-Amz-Retention-Until-Date"

weed/s3api/s3_constants/header.go

@@ -65,7 +65,6 @@ const (
 	AmzIdentityId = "s3-identity-id"
 	AmzAccountId  = "s3-account-id"
 	AmzAuthType   = "s3-auth-type"
-	AmzIsAdmin    = "s3-is-admin" // only set to http request header as a context
 )
 
 func GetBucketAndObject(r *http.Request) (bucket, object string) {

weed/s3api/s3_constants/s3_actions.go

@@ -1,14 +1,15 @@
 package s3_constants
 
 const (
-	ACTION_READ          = "Read"
-	ACTION_READ_ACP      = "ReadAcp"
-	ACTION_WRITE         = "Write"
-	ACTION_WRITE_ACP     = "WriteAcp"
-	ACTION_ADMIN         = "Admin"
-	ACTION_TAGGING       = "Tagging"
-	ACTION_LIST          = "List"
-	ACTION_DELETE_BUCKET = "DeleteBucket"
+	ACTION_READ                        = "Read"
+	ACTION_READ_ACP                    = "ReadAcp"
+	ACTION_WRITE                       = "Write"
+	ACTION_WRITE_ACP                   = "WriteAcp"
+	ACTION_ADMIN                       = "Admin"
+	ACTION_TAGGING                     = "Tagging"
+	ACTION_LIST                        = "List"
+	ACTION_DELETE_BUCKET               = "DeleteBucket"
+	ACTION_BYPASS_GOVERNANCE_RETENTION = "BypassGovernanceRetention"
 
 	SeaweedStorageDestinationHeader = "x-seaweedfs-destination"
 	MultipartUploadsFolder          = ".uploads"