gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3tables: align getPrincipalFromRequest with account ID for IAM compatibility

Browse Source
This commit is contained in:
Chris Lu
2026-01-28 14:04:08 -08:00
parent d4ebafbacd
commit a689c1e052
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
weed/s3api/s3tables/handler.go
View File

@@ -154,17 +154,14 @@ func (h *S3TablesHandler) HandleRequest(w http.ResponseWriter, r *http.Request,
// Principal/authorization helpers // Principal/authorization helpers
func (h *S3TablesHandler) getPrincipalFromRequest(r *http.Request) string { func (h *S3TablesHandler) getPrincipalFromRequest(r *http.Request) string {
// Prioritize identity from context (set by IAM middleware) // Prefer the authenticated account ID from the request header. This is the same
if identityName := s3_constants.GetIdentityNameFromContext(r); identityName != "" { // identifier used as the "owner" in permission checks, so keeping them aligned
return identityName // avoids mismatches (e.g. username vs. account ID) when IAM is enabled.
}
// Fallback to the authenticated account ID
if accountID := r.Header.Get(s3_constants.AmzAccountId); accountID != "" { if accountID := r.Header.Get(s3_constants.AmzAccountId); accountID != "" {
return accountID return accountID
} }
// Default to handler's default account ID // Default to handler's configured account ID
return h.accountID return h.accountID
} }