seaweedFS/weed/s3api/s3_constants/s3_action_strings.go

package s3_constants

// S3 action strings for bucket policy evaluation
// These match the official AWS S3 action format used in IAM and bucket policies
const (
	// Object operations
	S3_ACTION_GET_OBJECT            = "s3:GetObject"
	S3_ACTION_PUT_OBJECT            = "s3:PutObject"
	S3_ACTION_DELETE_OBJECT         = "s3:DeleteObject"
	S3_ACTION_DELETE_OBJECT_VERSION = "s3:DeleteObjectVersion"
	S3_ACTION_GET_OBJECT_VERSION    = "s3:GetObjectVersion"
	S3_ACTION_GET_OBJECT_ATTRIBUTES = "s3:GetObjectAttributes"

	// Object ACL operations
	S3_ACTION_GET_OBJECT_ACL = "s3:GetObjectAcl"
	S3_ACTION_PUT_OBJECT_ACL = "s3:PutObjectAcl"

	// Object tagging operations
	S3_ACTION_GET_OBJECT_TAGGING    = "s3:GetObjectTagging"
	S3_ACTION_PUT_OBJECT_TAGGING    = "s3:PutObjectTagging"
	S3_ACTION_DELETE_OBJECT_TAGGING = "s3:DeleteObjectTagging"

	// Object retention and legal hold
	S3_ACTION_GET_OBJECT_RETENTION  = "s3:GetObjectRetention"
	S3_ACTION_PUT_OBJECT_RETENTION  = "s3:PutObjectRetention"
	S3_ACTION_GET_OBJECT_LEGAL_HOLD = "s3:GetObjectLegalHold"
	S3_ACTION_PUT_OBJECT_LEGAL_HOLD = "s3:PutObjectLegalHold"
	S3_ACTION_BYPASS_GOVERNANCE     = "s3:BypassGovernanceRetention"

	// Multipart upload operations
	S3_ACTION_CREATE_MULTIPART       = "s3:CreateMultipartUpload"
	S3_ACTION_UPLOAD_PART            = "s3:UploadPart"
	S3_ACTION_COMPLETE_MULTIPART     = "s3:CompleteMultipartUpload"
	S3_ACTION_ABORT_MULTIPART        = "s3:AbortMultipartUpload"
	S3_ACTION_LIST_PARTS             = "s3:ListMultipartUploadParts"
	S3_ACTION_LIST_MULTIPART_UPLOADS = "s3:ListBucketMultipartUploads"

	// Bucket operations
	S3_ACTION_CREATE_BUCKET        = "s3:CreateBucket"
	S3_ACTION_DELETE_BUCKET        = "s3:DeleteBucket"
	S3_ACTION_LIST_BUCKET          = "s3:ListBucket"
	S3_ACTION_LIST_BUCKET_VERSIONS = "s3:ListBucketVersions"

	// Bucket ACL operations
	S3_ACTION_GET_BUCKET_ACL = "s3:GetBucketAcl"
	S3_ACTION_PUT_BUCKET_ACL = "s3:PutBucketAcl"

	// Bucket policy operations
	S3_ACTION_GET_BUCKET_POLICY    = "s3:GetBucketPolicy"
	S3_ACTION_PUT_BUCKET_POLICY    = "s3:PutBucketPolicy"
	S3_ACTION_DELETE_BUCKET_POLICY = "s3:DeleteBucketPolicy"

	// Bucket tagging operations
	S3_ACTION_GET_BUCKET_TAGGING    = "s3:GetBucketTagging"
	S3_ACTION_PUT_BUCKET_TAGGING    = "s3:PutBucketTagging"
	S3_ACTION_DELETE_BUCKET_TAGGING = "s3:DeleteBucketTagging"

	// Bucket CORS operations
	S3_ACTION_GET_BUCKET_CORS    = "s3:GetBucketCors"
	S3_ACTION_PUT_BUCKET_CORS    = "s3:PutBucketCors"
	S3_ACTION_DELETE_BUCKET_CORS = "s3:DeleteBucketCors"

	// Bucket lifecycle operations
	// Note: Both PUT and DELETE lifecycle operations use s3:PutLifecycleConfiguration
	S3_ACTION_GET_BUCKET_LIFECYCLE = "s3:GetLifecycleConfiguration"
	S3_ACTION_PUT_BUCKET_LIFECYCLE = "s3:PutLifecycleConfiguration"

	// Bucket versioning operations
	S3_ACTION_GET_BUCKET_VERSIONING = "s3:GetBucketVersioning"
	S3_ACTION_PUT_BUCKET_VERSIONING = "s3:PutBucketVersioning"

	// Bucket location
	S3_ACTION_GET_BUCKET_LOCATION = "s3:GetBucketLocation"

	// Bucket notification
	S3_ACTION_GET_BUCKET_NOTIFICATION = "s3:GetBucketNotification"
	S3_ACTION_PUT_BUCKET_NOTIFICATION = "s3:PutBucketNotification"

	// Bucket object lock operations
	S3_ACTION_GET_BUCKET_OBJECT_LOCK = "s3:GetBucketObjectLockConfiguration"
	S3_ACTION_PUT_BUCKET_OBJECT_LOCK = "s3:PutBucketObjectLockConfiguration"

	// Wildcard for all S3 actions
	S3_ACTION_ALL = "s3:*"
)