seaweedFS

Files

Chris Lu 25b0f86bda s3tables: Fix ownership consistency across handlers

Address three related ownership consistency issues:

1. CreateNamespace now sets OwnerAccountID to bucketMetadata.OwnerAccountID
   instead of request principal. This prevents namespaces created by
   delegated callers (via bucket policy) from becoming unmanageable, since
   ListNamespaces filters by bucket owner.

2. CreateTable now:
   - Fetches bucket metadata to use correct owner for bucket policy evaluation
   - Uses namespaceMetadata.OwnerAccountID for namespace policy checks
   - Uses bucketMetadata.OwnerAccountID for bucket policy checks
   - Sets table OwnerAccountID to namespaceMetadata.OwnerAccountID (inherited)

3. GetTable now:
   - Fetches bucket metadata to use correct owner for bucket policy evaluation
   - Uses metadata.OwnerAccountID for table policy checks
   - Uses bucketMetadata.OwnerAccountID for bucket policy checks

This ensures:
- Bucket owner retains implicit "owner always allowed" behavior even when
  evaluating bucket policies
- Ownership hierarchy is consistent (namespace owned by bucket, table owned by namespace)
- Cross-principal delegation via policies doesn't break ownership chains

2026-01-28 18:03:47 -08:00

filer_ops.go

S3 Tables: use os.ModeDir constant in filer_ops.go

2026-01-28 12:13:35 -08:00

handler_bucket_create.go

s3tables: Generate ARNs using resource owner account ID

2026-01-28 17:38:22 -08:00

handler_bucket_get_list_delete.go

s3tables: Fix remaining policy error handling in namespace and bucket handlers

2026-01-28 17:39:44 -08:00

handler_namespace.go

s3tables: Fix ownership consistency across handlers