seaweedFS/weed at 3dcaee56aad3056d133f42eb8acb13f00075a793 - seaweedFS - Gitea: Git with a cup of tea

gsh-digital-services/seaweedFS

Files

History

Chris Lu 21584e4ac8 s3tables: Add resource ARN validation to policy evaluation

Implement resource-specific policy validation to prevent over-broad
permission grants. Add matchesResource and matchesResourcePattern functions
to validate statement Resource fields against specific resource ARNs.

Add new CheckPermissionWithResource function that includes resource ARN
validation, while keeping CheckPermission unchanged for backward compatibility.

This enables policies to grant access to specific resources only:
- statements with Resource: "arn:aws:s3tables:...:bucket/specific-bucket/*"
  will only match when accessing that specific bucket
- statements without Resource field match all resources (implicit *)
- resource patterns support wildcards (* for any sequence, ? for single char)

For future use: Handlers can call CheckPermissionWithResource with the
target resource ARN to enforce resource-level access control.

2026-01-28 17:41:22 -08:00

..

Fix jwt error in admin UI (#8140 )

2026-01-27 17:27:02 -08:00

go fmt

2026-01-28 14:34:07 -08:00

command: fix stale error variable logging in filer serving goroutines

2026-01-28 11:27:18 -08:00

Implement IAM propagation to S3 servers (#8130 )

2026-01-26 22:59:43 -08:00

Fix S3 Gateway Read Failover #8076 (#8087 )

2026-01-22 14:07:24 -08:00

Clean up logs and deprecated functions (#7339 )

2025-10-17 22:11:50 -07:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

iam: support ForAnyValue and ForAllValues condition set operators (#8105 )

2026-01-24 13:34:49 -08:00

Refactor Admin UI to use unified IAM storage and add MultipleFileStore (#8101 )

2026-01-23 20:12:59 -08:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

S3 API: Add integration with KMS providers (#7152 )

2025-08-22 22:10:30 -07:00

mount: apply UID/GID mapping in lookupEntry for cache misses (#8144 )

2026-01-27 18:41:37 -08:00

cast i to int64 first, ensuring the calculation happens in 64-bit space

2026-01-22 14:05:45 -08:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

Implement IAM propagation to S3 servers (#8130 )

2026-01-26 22:59:43 -08:00

fix: comprehensive go vet error fixes and add CI enforcement (#7861 )

2025-12-23 14:48:50 -08:00

fix(gcs): resolve credential conflict in remote storage mount (#8013 )

2026-01-12 12:22:42 -08:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

s3tables: Add resource ARN validation to policy evaluation

2026-01-28 17:41:22 -08:00

feat: Optional path-prefix and method scoping for Filer HTTP JWT (#8014 )

2026-01-12 13:21:48 -08:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

Implement IAM propagation to S3 servers (#8130 )

2026-01-26 22:59:43 -08:00

SFTP: support reloading user store on HUP signal (#7651 )

2025-12-08 01:24:42 -08:00

feat(shell): add Object Lock management commands (#8141 )

2026-01-27 10:50:16 -08:00

Fix Broken Links (#5287 )

2024-02-14 08:26:38 -08:00

chore: execute goimports to format the code (#7983 )

2026-01-07 13:06:08 -08:00

Update store_ec_recovery_test.go

2026-01-23 16:38:36 -08:00

Prevent split-brain: Persistent ClusterID and Join Validation (#8022 )

2026-01-18 14:02:34 -08:00

Prevent split-brain: Persistent ClusterID and Join Validation (#8022 )

2026-01-18 14:02:34 -08:00

4.07

2026-01-18 15:48:09 -08:00

Fix S3 Gateway Read Failover #8076 (#8087 )

2026-01-22 14:07:24 -08:00

Update detection.go

2026-01-23 21:38:51 -08:00

Makefile

Update README and weed/Makefile (#7571 )

2025-11-29 11:36:22 -08:00

weed.go

Fix the issue where fuse command on a node cannot specify multiple configuration directory paths (#7874 )

2025-12-25 11:36:38 -08:00