Chris Lu bea0f8eda0 s3tables: Use policy framework for table creation authorization ...

Replace strict ownership check in CreateTable with policy-based authorization.
Now checks both namespace and bucket policies for CreateTable permission,
allowing delegation via resource policies while still respecting owner bypass.

Authorization logic:
- Namespace policy grants CreateTable → allowed
- Bucket policy grants CreateTable → allowed
- Otherwise → denied (even if same owner)

This enables cross-principal table creation via policies while maintaining
security through explicit allow/deny semantics.

2026-01-28 17:36:53 -08:00

..

filer_ops.go

S3 Tables: use os.ModeDir constant in filer_ops.go

2026-01-28 12:13:35 -08:00

handler_bucket_create.go

clean up

2026-01-28 17:00:42 -08:00

handler_bucket_get_list_delete.go

s3tables: Extract resource owner and bucket extraction into helper method

2026-01-28 16:24:07 -08:00

handler_namespace.go

s3tables: Extract resource owner and bucket extraction into helper method

2026-01-28 16:24:07 -08:00

handler_policy.go

s3tables: Fix bucket policy error handling in permission checks

2026-01-28 17:02:59 -08:00

handler_table.go

s3tables: Use policy framework for table creation authorization

2026-01-28 17:36:53 -08:00

handler.go

s3tables: Normalize action names to include service prefix

2026-01-28 17:36:16 -08:00

permissions_test.go

go fmt

2026-01-28 16:42:46 -08:00

permissions.go

s3tables: Normalize action names to include service prefix

2026-01-28 17:36:16 -08:00

types.go

ownerAccountID

2026-01-28 13:54:49 -08:00

utils.go

s3tables: Rename tableMetadataInternal.Schema to Metadata

2026-01-28 16:21:06 -08:00