Chris Lu
f9311a3422
s3api: fix static IAM policy enforcement after reload (#8532)
* s3api: honor attached IAM policies over legacy actions
* s3api: hydrate IAM policy docs during config reload
* s3api: use policy-aware auth when listing buckets
* credential: propagate context through filer_etc policy reads
* credential: make legacy policy deletes durable
* s3api: exercise managed policy runtime loader
* s3api: allow static IAM users without session tokens
* iam: deny unmatched attached policies under default allow
* iam: load embedded policy files from filer store
* s3api: require session tokens for IAM presigning
* s3api: sync runtime policies into zero-config IAM
* credential: respect context in policy file loads
* credential: serialize legacy policy deletes
* iam: align filer policy store naming
* s3api: use authenticated principals for presigning
* iam: deep copy policy conditions
* s3api: require request creation in policy tests
* filer: keep ReadInsideFiler as the context-aware API
* iam: harden filer policy store writes
* credential: strengthen legacy policy serialization test
* credential: forward runtime policy loaders through wrapper
* s3api: harden runtime policy merging
* iam: require typed already-exists errors
2026-03-06 12:35:08 -08:00
..
2025-10-13 18:05:17 -07:00
2026-03-06 12:35:08 -08:00
2025-10-13 18:05:17 -07:00
2025-10-27 23:04:55 -07:00