gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
808205e38f6eb578e36a85d16682370760d26d09
seaweedFS/weed/s3api
History
Chris Lu 808205e38f s3: implement Bucket Owner Enforced for object ownership (#7913) 
* s3: implement Bucket Owner Enforced for object ownership

Objects uploaded by service accounts (or any user) are now owned by
the bucket owner when the bucket has BucketOwnerEnforced ownership
policy (the modern AWS default since April 2023).

This provides a more intuitive ownership model where users expect
objects created by their service accounts to be owned by themselves.

- Modified setObjectOwnerFromRequest to check bucket ObjectOwnership
- When BucketOwnerEnforced: use bucket owner's account ID
- When ObjectWriter: use uploader's account ID (backward compatible)

* s3: add nil check and fix ownership logic hole

- Add nil check for bucketRegistry before calling GetBucketMetadata
- Fix logic hole where objects could be created without owner when
  BucketOwnerEnforced is set but bucket owner is nil
- Refactor to ensure objects always have an owner by falling back
  to uploader when bucket owner is unavailable
- Improve logging to distinguish between different fallback scenarios

Addresses code review feedback from Gemini on PR #7913

* s3: add comprehensive tests for object ownership logic

Add unit tests for setObjectOwnerFromRequest covering:
- BucketOwnerEnforced: uses bucket owner
- ObjectWriter: uses uploader
- BucketOwnerPreferred: uses uploader
- Nil owner fallback scenarios
- Bucket metadata errors
- Nil bucketRegistry
- Empty account ID handling

All 8 test cases pass, verifying correct ownership assignment
in all scenarios including edge cases.
2025-12-29 23:54:00 -08:00
..
cors
fix: CORS wildcard subdomain matching cache race condition (#7736)
2025-12-13 14:33:46 -08:00
policy
fix
2024-10-03 09:03:17 -07:00
policy_engine
fix: resolve inconsistent S3 API authorization for DELETE operations (issue #7864) (#7865)
2025-12-24 10:29:30 -08:00
s3_constants
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3_objectlock
fix: admin UI bucket deletion with filer group configured (#7735)
2025-12-13 19:04:12 -08:00
s3bucket
adjust fix
2025-02-01 14:11:57 -08:00
s3err
Filer, S3: Feature/add concurrent file upload limit (#7554)
2025-11-26 12:07:54 -08:00
AmazonS3.xsd
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
auth_credentials_subscribe.go
s3: fix remote object not caching (#7790)
2025-12-16 12:41:04 -08:00
auth_credentials_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
auth_credentials.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
auth_signature_v2_test.go
fix(s3api): fix AWS Signature V2 format and validation (#7488)
2025-11-26 12:24:02 -08:00
auth_signature_v2.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
auth_signature_v4_test.go
Fix IPv6 host header formatting to match AWS SDK behavior (#7414)
2025-10-30 21:06:00 -07:00
auth_signature_v4.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
auto_signature_v4_test.go
feat(iam): add SetUserStatus and UpdateAccessKey actions (#7750)
2025-12-14 18:48:39 -08:00
bucket_metadata_test.go
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859)
2023-09-25 08:34:12 -07:00
bucket_metadata.go
s3: fix remote object not caching (#7790)
2025-12-16 12:41:04 -08:00
bucket_size_metrics.go
Make lock_manager.RenewInterval configurable in LiveLock (#7830)
2025-12-20 15:25:47 -08:00
chunked_bug_reproduction_test.go
S3 API: unsigned streaming (no cred) but chunks contain signatures (#7118)
2025-08-11 10:31:01 -07:00
chunked_reader_v4_test.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
chunked_reader_v4.go
s3: support STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER for signed chunked uploads with checksums (#7623)
2025-12-04 14:51:37 -08:00
custom_types.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
filer_multipart_test.go
fix: use path instead of filepath for S3 object paths on Windows (#7739)
2025-12-14 11:18:23 -08:00
filer_multipart.go
fix: reduce N+1 queries in S3 versioned object list operations (#7814)
2025-12-18 17:44:27 -08:00
filer_util_tags.go
added context to filer_client method calls (#6808)
2025-05-22 09:46:49 -07:00
filer_util.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
object_lock_utils.go
Fix SeaweedFS S3 bucket extended attributes handling (#7854)
2025-12-22 23:19:50 -08:00
policy_conversion_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
policy_conversion.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
README.txt
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
s3_action_resolver.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_bucket_encryption.go
fix: CORS wildcard subdomain matching cache race condition (#7736)
2025-12-13 14:33:46 -08:00
s3_content_encoding_test.go
S3: Fix Content-Encoding header not preserved (#7894) (#7895)
2025-12-27 12:25:33 -08:00
s3_end_to_end_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_error_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_existing_object_tag_test.go
s3: add s3:ExistingObjectTag condition support for bucket policies (#7677)
2025-12-09 09:48:13 -08:00
s3_granular_action_security_test.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_iam_middleware.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_iam_role_selection_test.go
S3 API: Advanced IAM System (#7160)
2025-08-30 11:15:48 -07:00
s3_iam_simple_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_jwt_auth_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_list_parts_action_test.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_metadata_util.go
s3: do not persist multi part "Response-Content-Disposition" in request header (#7887)
2025-12-26 13:21:15 -08:00
s3_multipart_iam_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_multipart_iam.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_policy_templates_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_policy_templates.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_presigned_url_iam_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_presigned_url_iam.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_sse_bucket_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_c_range_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_c_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_c.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_copy_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_ctr_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_error_test.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_http_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_kms_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_kms_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_kms.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_metadata.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_multipart_test.go
Migrate from deprecated azure-storage-blob-go to modern Azure SDK (#7310)
2025-10-08 23:12:03 -07:00
s3_sse_s3_integration_test.go
go fmt
2025-10-27 23:04:55 -07:00
s3_sse_s3_multipart_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_s3_test.go
fix: copy to bucket with default SSE-S3 encryption fails (#7562) (#7568)
2025-11-28 13:28:17 -08:00
s3_sse_s3.go
fix: copy to bucket with default SSE-S3 encryption fails (#7562) (#7568)
2025-11-28 13:28:17 -08:00
s3_sse_test_utils_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_utils.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_token_differentiation_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_validation_utils.go
go fmt
2025-10-27 23:04:55 -07:00
s3api_acl_helper_test.go
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859)
2023-09-25 08:34:12 -07:00
s3api_acl_helper.go
Add Kafka Gateway (#7231)
2025-10-13 18:05:17 -07:00
s3api_acp.go
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859)
2023-09-25 08:34:12 -07:00
s3api_auth.go
s3: support STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER for signed chunked uploads with checksums (#7623)
2025-12-04 14:51:37 -08:00
s3api_bucket_config.go
fix: CORS wildcard subdomain matching cache race condition (#7736)
2025-12-13 14:33:46 -08:00
s3api_bucket_cors_handlers.go
S3: add fallback for CORS (#7404)
2025-10-29 13:43:27 -07:00
s3api_bucket_handlers_object_lock_config.go
S3: S3 Object Retention API to include XML namespace support (#7517)
2025-11-20 11:42:22 -08:00
s3api_bucket_handlers_test.go
fix: ListBuckets returns empty for users with bucket-specific permissions (#7799)
2025-12-17 00:09:13 -08:00
s3api_bucket_handlers.go
s3: Add SOSAPI support for Veeam integration (#7899)
2025-12-28 14:07:58 -08:00
s3api_bucket_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_bucket_policy_arn_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_bucket_policy_engine.go
s3: add s3:ExistingObjectTag condition support for bucket policies (#7677)
2025-12-09 09:48:13 -08:00
s3api_bucket_policy_handlers.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_bucket_tagging_handlers.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_circuit_breaker_test.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_circuit_breaker.go
Metrics: Add Prometheus metrics for concurrent upload tracking (#7555)
2025-11-26 15:51:38 -08:00
s3api_conditional_headers_test.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_copy_size_calculation.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3api_copy_validation.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_domain_test.go
fix: Use a mixed of virtual and path styles within a single subdomain (#7357)
2025-10-24 01:45:22 -07:00
s3api_embedded_iam_test.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
s3api_embedded_iam.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
s3api_encrypted_volume_copy_test.go
S3: Fix encrypted file copy with multiple chunks (#7530) (#7546)
2025-11-25 09:56:20 -08:00
s3api_governance_permissions_test.go
Add policy engine (#6970)
2025-07-13 16:21:36 -07:00
s3api_handlers.go
Support multiple filers for S3 and IAM servers with automatic failover (#7550)
2025-11-26 11:29:55 -08:00
s3api_implicit_directory_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_key_rotation.go
Add S3 volume encryption support with -s3.encryptVolumeData flag (#7890)
2025-12-27 00:09:14 -08:00
s3api_list_normalization_test.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_acl.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_copy_test.go
fix: copy to bucket with default SSE-S3 encryption fails (#7562) (#7568)
2025-11-28 13:28:17 -08:00
s3api_object_handlers_copy_unified.go
Fix SSE-S3 copy: preserve encryption metadata and set chunk SSE type (#7598)
2025-12-02 09:24:31 -08:00
s3api_object_handlers_copy.go
Add S3 volume encryption support with -s3.encryptVolumeData flag (#7890)
2025-12-27 00:09:14 -08:00
s3api_object_handlers_delete.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_legal_hold.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
s3api_object_handlers_list_test.go
Fix: Eliminate duplicate versioned objects in S3 list operations (#7850)
2025-12-22 15:50:13 -08:00
s3api_object_handlers_list_versioned_test.go
Fix: Eliminate duplicate versioned objects in S3 list operations (#7850)
2025-12-22 15:50:13 -08:00
s3api_object_handlers_list.go
Fix: Eliminate duplicate versioned objects in S3 list operations (#7850)
2025-12-22 15:50:13 -08:00
s3api_object_handlers_multipart.go
s3: do not persist multi part "Response-Content-Disposition" in request header (#7887)
2025-12-26 13:21:15 -08:00
s3api_object_handlers_postpolicy_test.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_postpolicy.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_put_test.go
check errors
2025-11-21 14:48:41 -08:00
s3api_object_handlers_put.go
s3: implement Bucket Owner Enforced for object ownership (#7913)
2025-12-29 23:54:00 -08:00
s3api_object_handlers_retention.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
s3api_object_handlers_tagging.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_test.go
Support multiple filers for S3 and IAM servers with automatic failover (#7550)
2025-11-26 11:29:55 -08:00
s3api_object_handlers.go
s3api: Integrate SOSAPI handlers into GetObject and HeadObject
2025-12-28 12:56:51 -08:00
s3api_object_lock_fix_test.go
Fix get object lock configuration handler (#6996)
2025-07-18 02:19:50 -07:00
s3api_object_lock_headers_test.go
Test object lock and retention (#6997)
2025-07-18 22:25:58 -07:00
s3api_object_ownership_test.go
s3: implement Bucket Owner Enforced for object ownership (#7913)
2025-12-29 23:54:00 -08:00
s3api_object_retention_test.go
S3: S3 Object Retention API to include XML namespace support (#7517)
2025-11-20 11:42:22 -08:00
s3api_object_retention.go
s3: optimize DELETE by skipping lock check for buckets without Object Lock (#7642)
2025-12-06 21:37:25 -08:00
s3api_object_versioning.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_policy.go
[s3] Put bucket lifecycle configuration (#5510)
2024-04-27 07:39:22 -07:00
s3api_put_handlers.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_put_object_helper_test.go
Add credential storage (#6938)
2025-07-02 18:03:17 -07:00
s3api_put_object_helper.go
s3api: remove redundant auth verification in getRequestDataReader (#7685)
2025-12-09 10:24:35 -08:00
s3api_remote_storage_test.go
fix: S3 remote storage cold-cache read fails with 'size reported but no content available' (#7817)
2025-12-18 21:19:44 -08:00
s3api_server_grpc.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_server.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
s3api_sosapi_test.go
s3: Add SOSAPI support for Veeam integration (#7899)
2025-12-28 14:07:58 -08:00
s3api_sosapi.go
s3: Add SOSAPI support for Veeam integration (#7899)
2025-12-28 14:07:58 -08:00
s3api_sse_chunk_metadata_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_sse_decrypt_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_sse_s3_upload_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_status_handlers.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_streaming_copy.go
Fix SSE-S3 copy: preserve encryption metadata and set chunk SSE type (#7598)
2025-12-02 09:24:31 -08:00
s3api_sts.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
s3api_test.go
move to https://github.com/seaweedfs/seaweedfs
2022-07-29 00:17:28 -07:00
s3api_version_id_test.go
fix: S3 versioning memory leak in ListObjectVersions pagination (#7813)
2025-12-18 02:52:50 -08:00
s3api_version_id.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_xsd_generated_helper.go
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
s3api_xsd_generated.go
fix ListAllMyBucketsResult xmlns
2025-08-14 20:38:03 -07:00
stats.go
Populate bucket_traffic_received_bytes_total metric (#7249)
2025-09-17 19:04:51 -07:00
tags_test.go
tag parsing decode url encoded
2025-07-28 02:49:43 -07:00
tags.go
tag parsing decode url encoded
2025-07-28 02:49:43 -07:00

README.txt 

see https://blog.aqwari.net/xml-schema-go/

1. go get aqwari.net/xml/cmd/xsdgen
2. Add EncodingType element for ListBucketResult in AmazonS3.xsd
3. xsdgen -o s3api_xsd_generated.go -pkg s3api AmazonS3.xsd
4. Remove empty Grantee struct in s3api_xsd_generated.go
5. Remove xmlns: sed s'/http:\/\/s3.amazonaws.com\/doc\/2006-03-01\/\ //' s3api_xsd_generated.go
Reference in New Issue View Git Blame Copy Permalink