ad76487e9d
Fixes #7990 The issue was that the Charset constant used for generating secret keys included the '/' character, which is URL-unsafe. When secret keys containing '/' were used in HTTP requests, they would be URL-encoded, causing a mismatch during signature verification. Changes: - Removed '/' from the Charset constant in weed/iam/constants.go - Added TestGenerateSecretAccessKey_URLSafe to verify generated keys don't contain URL-unsafe characters like '/' or '+' This ensures all newly generated secret keys are URL-safe and will work correctly with S3 authentication. Existing keys continue to work.
38 lines
944 B
Go
38 lines
944 B
Go
package iam
|
|
|
|
// Character sets for credential generation
|
|
const (
|
|
CharsetUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
|
Charset = CharsetUpper + "abcdefghijklmnopqrstuvwxyz"
|
|
)
|
|
|
|
// Policy document version
|
|
const PolicyDocumentVersion = "2012-10-17"
|
|
|
|
// Error message templates
|
|
const UserDoesNotExist = "the user with name %s cannot be found."
|
|
|
|
// Statement action constants - these map to IAM policy actions
|
|
const (
|
|
StatementActionAdmin = "*"
|
|
StatementActionWrite = "Put*"
|
|
StatementActionWriteAcp = "PutBucketAcl"
|
|
StatementActionRead = "Get*"
|
|
StatementActionReadAcp = "GetBucketAcl"
|
|
StatementActionList = "List*"
|
|
StatementActionTagging = "Tagging*"
|
|
StatementActionDelete = "DeleteBucket*"
|
|
)
|
|
|
|
// Access key lengths
|
|
const (
|
|
AccessKeyIdLength = 21
|
|
SecretAccessKeyLength = 42
|
|
)
|
|
|
|
// Access key status values (AWS IAM compatible)
|
|
const (
|
|
AccessKeyStatusActive = "Active"
|
|
AccessKeyStatusInactive = "Inactive"
|
|
)
|