gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f950a941e3ac4d7226db92ed0bbb6bc08073ab0f
seaweedFS/weed
History
Chris Lu f950a941e3 Fix trust policy validation for specific AWS user principals (#8597) 
* Add tests for AWS user principal in AssumeRole trust policies

Add test cases that verify trust policy validation when using specific
AWS user principals (e.g., "arn:aws:iam::000000000000:user/backend")
in the Principal field of trust policies for AssumeRole.

Covers single user, multiple users (array), wildcard, and plain string
principal formats. These tests demonstrate the bug reported in #8588
where specific user principals always fail validation.

* Populate RequestContext in ValidateTrustPolicyForPrincipal

ValidateTrustPolicyForPrincipal was creating an EvaluationContext with
a nil RequestContext. The policy engine's principal matching logic looks
up "aws:PrincipalArn" in RequestContext for non-wildcard principals,
so specific user ARNs like "arn:aws:iam::000000000000:user/backend"
always failed to match, while wildcard "*" worked because it
short-circuits before the lookup.

Populate RequestContext with both "principal" and "aws:PrincipalArn"
keys, consistent with how IsActionAllowed already does it.

Fixes #8588

* Remove GitHub discussion URL from source code comments

* Add specific error message assertions in trust policy tests
2026-03-10 21:19:40 -07:00
..
admin
Fix plugin configuration tab layout overflow (#8596)
2026-03-10 19:19:42 -07:00
cluster
admin: auto migrating master maintenance scripts to admin_script plugin config (#8509)
2026-03-04 22:11:07 -08:00
command
fix port probing
2026-03-10 18:30:19 -07:00
credential
iam: add IAM group management (#8560)
2026-03-09 11:54:32 -07:00
filer
mount: make metadata cache rebuilds snapshot-consistent (#8531)
2026-03-07 09:19:40 -08:00
filer_client
fix: resolve gRPC DNS resolution issues in Kubernetes #8384 (#8387)
2026-02-19 15:46:02 -08:00
glog
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
iam
Fix trust policy validation for specific AWS user principals (#8597)
2026-03-10 21:19:40 -07:00
iamapi
iam: add IAM group management (#8560)
2026-03-09 11:54:32 -07:00
images
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
kms
S3 API: Add integration with KMS providers (#7152)
2025-08-22 22:10:30 -07:00
mount
mount: make metadata cache rebuilds snapshot-consistent (#8531)
2026-03-07 09:19:40 -08:00
mq
mount: make metadata cache rebuilds snapshot-consistent (#8531)
2026-03-07 09:19:40 -08:00
notification
go fix
2026-02-20 18:42:00 -08:00
operation
master: return 503/Unavailable during topology warmup after leader change (#8529)
2026-03-08 16:05:45 -07:00
pb
Batch volume balance: run multiple moves per job (#8561)
2026-03-09 19:30:08 -07:00
plugin/worker
Add dynamic timeouts to plugin worker vacuum gRPC calls (#8593)
2026-03-10 13:48:42 -07:00
query
mount: make metadata cache rebuilds snapshot-consistent (#8531)
2026-03-07 09:19:40 -08:00
remote_storage
go fmt
2026-02-25 10:25:44 -08:00
replication
filer.sync: add exponential backoff on unexpected EOF during replication (#8557)
2026-03-08 14:33:37 -07:00
s3api
Persist S3 bucket counter metrics across idle periods (#8595)
2026-03-10 19:00:40 -07:00
security
fix: port in SNI address when using domainName instead of IP for master (#8500)
2026-03-04 07:05:45 -08:00
sequence
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
server
weed/server: fix dropped error (#8584)
2026-03-09 18:04:12 -07:00
sftpd
Fix SFTP file upload failures with JWT filer tokens (#8448)
2026-02-25 14:30:21 -08:00
shell
add admin script worker (#8491)
2026-03-03 15:10:40 -08:00
static
Fix Broken Links (#5287)
2024-02-14 08:26:38 -08:00
stats
Persist S3 bucket counter metrics across idle periods (#8595)
2026-03-10 19:00:40 -07:00
storage
Fix nil pointer crash during concurrent vacuum compaction (#8592)
2026-03-10 13:31:45 -07:00
telemetry
Prevent split-brain: Persistent ClusterID and Join Validation (#8022)
2026-01-18 14:02:34 -08:00
topology
master: return 503/Unavailable during topology warmup after leader change (#8529)
2026-03-08 16:05:45 -07:00
util
4.16
2026-03-09 21:52:43 -07:00
wdclient
master: return 503/Unavailable during topology warmup after leader change (#8529)
2026-03-08 16:05:45 -07:00
worker
Add dynamic timeouts to plugin worker vacuum gRPC calls (#8593)
2026-03-10 13:48:42 -07:00
Makefile
Move SQL engine and PostgreSQL server to their own binaries (#8417)
2026-02-23 16:27:08 -08:00
weed.go
Fix the issue where fuse command on a node cannot specify multiple configuration directory paths (#7874)
2025-12-25 11:36:38 -08:00