gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
508d06d9a5c763668ba149a8f1182e8552505c2b
seaweedFS/weed/s3api
History
Chris Lu 508d06d9a5 S3: Enforce bucket policy (#7471) 
* evaluate policies during authorization

* cache bucket policy

* refactor

* matching with regex special characters

* Case Sensitivity, pattern cache, Dead Code Removal

* Fixed Typo, Restored []string Case, Added Cache Size Limit

* hook up with policy engine

* remove old implementation

* action mapping

* validate

* if not specified, fall through to IAM checks

* fmt

* Fail-close on policy evaluation errors

* Explicit `Allow` bypasses IAM checks

* fix error message

* arn:seaweed => arn:aws

* remove legacy support

* fix tests

* Clean up bucket policy after this test

* fix for tests

* address comments

* security fixes

* fix tests

* temp comment out
2025-11-12 22:14:50 -08:00
..
cors
S3: add fallback for CORS (#7404)
2025-10-29 13:43:27 -07:00
policy
fix
2024-10-03 09:03:17 -07:00
policy_engine
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_constants
do delete expired entries on s3 list request (#7426)
2025-11-05 22:05:54 -08:00
s3bucket
adjust fix
2025-02-01 14:11:57 -08:00
s3err
s3: combine all signature verification checks into a single function (#7330)
2025-10-25 01:11:45 -07:00
AmazonS3.xsd
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
auth_credentials_subscribe.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
auth_credentials_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
auth_credentials.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
auth_signature_v2.go
S3: Signature verification should not check permissions (#7335)
2025-10-15 11:27:39 -07:00
auth_signature_v4_test.go
Fix IPv6 host header formatting to match AWS SDK behavior (#7414)
2025-10-30 21:06:00 -07:00
auth_signature_v4.go
Fix IPv6 host header formatting to match AWS SDK behavior (#7414)
2025-10-30 21:06:00 -07:00
auto_signature_v4_test.go
S3: prevent deleting buckets with object locking (#7434)
2025-11-03 15:27:20 -08:00
bucket_metadata_test.go
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859)
2023-09-25 08:34:12 -07:00
bucket_metadata.go
added context to filer_client method calls (#6808)
2025-05-22 09:46:49 -07:00
chunked_bug_reproduction_test.go
S3 API: unsigned streaming (no cred) but chunks contain signatures (#7118)
2025-08-11 10:31:01 -07:00
chunked_reader_v4_test.go
S3: fix TestSignedStreamingUploadInvalidSignature test (#7421)
2025-10-31 20:59:44 -07:00
chunked_reader_v4.go
S3: fix TestSignedStreamingUploadInvalidSignature test (#7421)
2025-10-31 20:59:44 -07:00
custom_types.go
S3: Perf related (#7463)
2025-11-10 20:30:21 -08:00
filer_multipart_test.go
[s3] fix s3 test_multipart_resend_first_finishes_last (#5471)
2024-04-06 10:56:39 -07:00
filer_multipart.go
do delete expired entries on s3 list request (#7426)
2025-11-05 22:05:54 -08:00
filer_util_tags.go
added context to filer_client method calls (#6808)
2025-05-22 09:46:49 -07:00
filer_util.go
do delete expired entries on s3 list request (#7426)
2025-11-05 22:05:54 -08:00
object_lock_utils.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
README.txt
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
s3_bucket_encryption.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_end_to_end_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_error_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_granular_action_security_test.go
Add Kafka Gateway (#7231)
2025-10-13 18:05:17 -07:00
s3_iam_middleware.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_iam_role_selection_test.go
S3 API: Advanced IAM System (#7160)
2025-08-30 11:15:48 -07:00
s3_iam_simple_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_jwt_auth_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_list_parts_action_test.go
Migrate from deprecated azure-storage-blob-go to modern Azure SDK (#7310)
2025-10-08 23:12:03 -07:00
s3_multipart_iam_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_multipart_iam.go
S3 API: Advanced IAM System (#7160)
2025-08-30 11:15:48 -07:00
s3_policy_templates_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_policy_templates.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_presigned_url_iam_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_presigned_url_iam.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_sse_bucket_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_c_range_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_c_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_c.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_copy_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_error_test.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_http_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_kms_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_kms_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_kms.go
Clean up logs and deprecated functions (#7339)
2025-10-17 22:11:50 -07:00
s3_sse_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_metadata.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_multipart_test.go
Migrate from deprecated azure-storage-blob-go to modern Azure SDK (#7310)
2025-10-08 23:12:03 -07:00
s3_sse_s3_integration_test.go
go fmt
2025-10-27 23:04:55 -07:00
s3_sse_s3_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_s3.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_test_utils_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_token_differentiation_test.go
S3 API: Advanced IAM System (#7160)
2025-08-30 11:15:48 -07:00
s3_validation_utils.go
go fmt
2025-10-27 23:04:55 -07:00
s3api_acl_helper_test.go
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859)
2023-09-25 08:34:12 -07:00
s3api_acl_helper.go
Add Kafka Gateway (#7231)
2025-10-13 18:05:17 -07:00
s3api_acp.go
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859)
2023-09-25 08:34:12 -07:00
s3api_auth.go
fix listing objects (#7008)
2025-07-22 01:07:15 -07:00
s3api_bucket_config.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3api_bucket_cors_handlers.go
S3: add fallback for CORS (#7404)
2025-10-29 13:43:27 -07:00
s3api_bucket_handlers_object_lock_config.go
S3: load bucket object locking configuration if not found in cache (#7422)
2025-10-31 22:35:09 -07:00
s3api_bucket_handlers_test.go
fix ListAllMyBucketsResult xmlns
2025-08-14 20:38:03 -07:00
s3api_bucket_handlers.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3api_bucket_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_bucket_policy_arn_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3api_bucket_policy_engine.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3api_bucket_policy_handlers.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3api_bucket_tagging_handlers.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_circuit_breaker_test.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_circuit_breaker.go
Clean up logs and deprecated functions (#7339)
2025-10-17 22:11:50 -07:00
s3api_conditional_headers_test.go
s3: fix if-match error (#7277)
2025-10-29 12:27:25 -07:00
s3api_copy_size_calculation.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3api_copy_validation.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_domain_test.go
fix: Use a mixed of virtual and path styles within a single subdomain (#7357)
2025-10-24 01:45:22 -07:00
s3api_governance_permissions_test.go
Add policy engine (#6970)
2025-07-13 16:21:36 -07:00
s3api_handlers.go
Set allowed origins in config (#5109)
2023-12-20 16:21:11 -08:00
s3api_key_rotation.go
Clients to volume server requires JWT tokens for all read operations (#7376)
2025-10-24 17:09:58 -07:00
s3api_object_handlers_acl.go
S3: Perf related (#7463)
2025-11-10 20:30:21 -08:00
s3api_object_handlers_copy_test.go
rename files
2024-04-29 05:33:56 -07:00
s3api_object_handlers_copy_unified.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_object_handlers_copy.go
Clients to volume server requires JWT tokens for all read operations (#7376)
2025-10-24 17:09:58 -07:00
s3api_object_handlers_delete.go
do delete expired entries on s3 list request (#7426)
2025-11-05 22:05:54 -08:00
s3api_object_handlers_legal_hold.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
s3api_object_handlers_list_test.go
address List permission
2025-07-28 02:39:41 -07:00
s3api_object_handlers_list.go
S3: prevent deleting buckets with object locking (#7434)
2025-11-03 15:27:20 -08:00
s3api_object_handlers_multipart.go
Clean up logs and deprecated functions (#7339)
2025-10-17 22:11:50 -07:00
s3api_object_handlers_postpolicy.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3api_object_handlers_put_test.go
Fix #7060: Return 400 InvalidRequest instead of 500 for context canceled errors (#7309)
2025-10-08 21:18:41 -07:00
s3api_object_handlers_put.go
S3: Perf related (#7463)
2025-11-10 20:30:21 -08:00
s3api_object_handlers_retention.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
s3api_object_handlers_tagging.go
rename files
2024-04-29 05:33:56 -07:00
s3api_object_handlers_test.go
fix listing objects (#7008)
2025-07-22 01:07:15 -07:00
s3api_object_handlers.go
S3: Perf related (#7463)
2025-11-10 20:30:21 -08:00
s3api_object_lock_fix_test.go
Fix get object lock configuration handler (#6996)
2025-07-18 02:19:50 -07:00
s3api_object_lock_headers_test.go
Test object lock and retention (#6997)
2025-07-18 22:25:58 -07:00
s3api_object_retention_test.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3api_object_retention.go
S3: Perf related (#7463)
2025-11-10 20:30:21 -08:00
s3api_object_versioning.go
S3: prevent deleting buckets with object locking (#7434)
2025-11-03 15:27:20 -08:00
s3api_policy.go
[s3] Put bucket lifecycle configuration (#5510)
2024-04-27 07:39:22 -07:00
s3api_put_handlers.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3api_put_object_helper_test.go
Add credential storage (#6938)
2025-07-02 18:03:17 -07:00
s3api_put_object_helper.go
Fix chunked data reading if iam not enabled (#6898)
2025-06-19 22:58:10 -07:00
s3api_server_grpc.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_server.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3api_status_handlers.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_streaming_copy.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3api_test.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_xsd_generated_helper.go
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
s3api_xsd_generated.go
fix ListAllMyBucketsResult xmlns
2025-08-14 20:38:03 -07:00
stats.go
Populate bucket_traffic_received_bytes_total metric (#7249)
2025-09-17 19:04:51 -07:00
tags_test.go
tag parsing decode url encoded
2025-07-28 02:49:43 -07:00
tags.go
tag parsing decode url encoded
2025-07-28 02:49:43 -07:00

README.txt 

see https://blog.aqwari.net/xml-schema-go/

1. go get aqwari.net/xml/cmd/xsdgen
2. Add EncodingType element for ListBucketResult in AmazonS3.xsd
3. xsdgen -o s3api_xsd_generated.go -pkg s3api AmazonS3.xsd
4. Remove empty Grantee struct in s3api_xsd_generated.go
5. Remove xmlns: sed s'/http:\/\/s3.amazonaws.com\/doc\/2006-03-01\/\ //' s3api_xsd_generated.go
Reference in New Issue View Git Blame Copy Permalink