mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-05-19 00:01:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
iam-phase1
seaweedfs/weed/s3api
History
Chris Lu f9dfc0ea37 feat(iam): STS web-identity AWS-fidelity polish 
- OIDC discovery via .well-known/openid-configuration; falls back to
  /.well-known/jwks.json when discovery is absent. Reject discovery docs
  whose issuer claim does not match the configured issuer to defend
  against issuer-substitution.
- ComputeParentUser derives a stable per-identity hash from (sub, iss).
  Surface as aws:userid in the request context and as a parent_user
  claim in the session JWT so per-user state survives token rotation.
- Per-role MaxSessionDuration (3600..43200) clamps requested
  DurationSeconds before the STS service applies its own caps.
- Tighten RoleSessionName to the AWS contract: 2..64 chars from
  [\w+=,.@-].
- Populate PackedPolicySize in AssumeRole / AssumeRoleWithWebIdentity /
  AssumeRoleWithLDAPIdentity responses as a percentage of the 2048-byte
  inline session policy budget.
2026-05-04 22:06:19 -07:00
..
cors
go fmt
2026-01-28 14:34:07 -08:00
iceberg
fix(iceberg): default namespace location so fresh CTAS does not race metadata write (#9074) (#9246)
2026-04-27 16:37:33 -07:00
policy
chore(weed/s3api/policy): prune unused test functions (#9150)
2026-04-20 12:04:41 -07:00
policy_engine
fix(s3): s3:PutObject bucket policy now implicitly allows multipart uploads (#8968)
2026-04-07 11:13:29 -07:00
s3_constants
fix(s3): strip client-supplied X-SeaweedFS-Principal/Session-Token in AuthSignatureOnly (#9120)
2026-04-17 12:23:21 -07:00
s3_objectlock
mount: make metadata cache rebuilds snapshot-consistent (#8531)
2026-03-07 09:19:40 -08:00
s3bucket
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3err
fix(s3): honor X-Forwarded-For in audit log remote_ip (#9295)
2026-04-30 15:19:04 -07:00
s3lifecycle
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3tables
fix(s3): strip client-supplied X-SeaweedFS-Principal/Session-Token in AuthSignatureOnly (#9120)
2026-04-17 12:23:21 -07:00
AmazonS3.xsd
auth_credentials_subscribe_test.go
go fmt
2026-02-20 18:40:47 -08:00
auth_credentials_subscribe.go
fix: resolve CORS cache race condition causing stale 404 responses (#8748)
2026-03-23 19:33:20 -07:00
auth_credentials_trust.go
Add AssumeRole and AssumeRoleWithLDAPIdentity STS actions (#8003)
2026-01-12 10:45:24 -08:00
auth_credentials.go
fix(s3api,iamapi): avoid full SaveConfiguration when creating a single IAM user (#9261)
2026-05-01 01:14:15 -07:00
auth_proxy_integration_test.go
feat: drop table location mapping support (#8458)
2026-02-26 16:36:24 -08:00
auth_security_test.go
fix(s3): strip client-supplied X-SeaweedFS-Principal/Session-Token in AuthSignatureOnly (#9120)
2026-04-17 12:23:21 -07:00
auth_signature_v2_test.go
fix(s3api): fix AWS Signature V2 format and validation (#7488)
2025-11-26 12:24:02 -08:00
auth_signature_v2.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_signature_v4_sts_test.go
S3: Implement IAM defaults and STS signing key fallback (#8348)
2026-02-16 13:59:13 -08:00
auth_signature_v4_test.go
fix(s3): handle empty URL path in forwarded prefix signature verification (#8973)
2026-04-07 13:22:21 -07:00
auth_signature_v4_unsigned_headers_test.go
security(s3api): reject unsigned x-amz-* headers in SigV4 requests (#9121)
2026-04-17 12:20:28 -07:00
auth_signature_v4.go
security(s3api): reject unsigned x-amz-* headers in SigV4 requests (#9121)
2026-04-17 12:20:28 -07:00
auth_sts_identity_test.go
S3: Implement IAM defaults and STS signing key fallback (#8348)
2026-02-16 13:59:13 -08:00
auth_sts_v4_test.go
fix(s3): strip client-supplied X-SeaweedFS-Principal/Session-Token in AuthSignatureOnly (#9120)
2026-04-17 12:23:21 -07:00
auto_signature_v4_test.go
fix(s3): allow anonymous ListBuckets with prefix-scoped List action (#9073)
2026-04-14 10:52:00 -07:00
bucket_metadata_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
bucket_metadata.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
bucket_paths.go
feat: drop table location mapping support (#8458)
2026-02-26 16:36:24 -08:00
bucket_size_metrics_test.go
fix(s3/shell): factor EC volumes into bucket size metrics and collection.list (#9182)
2026-04-21 20:17:42 -07:00
bucket_size_metrics.go
fix(s3/shell): factor EC volumes into bucket size metrics and collection.list (#9182)
2026-04-21 20:17:42 -07:00
chunked_bug_reproduction_test.go
S3 API: unsigned streaming (no cred) but chunks contain signatures (#7118)
2025-08-11 10:31:01 -07:00
chunked_reader_v4_test.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
chunked_reader_v4.go
s3: support STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER for signed chunked uploads with checksums (#7623)
2025-12-04 14:51:37 -08:00
copy_source_decode_test.go
s3: use url.PathUnescape for X-Amz-Copy-Source header (#8545)
2026-03-07 11:10:02 -08:00
credential_iam_errors.go
fix(s3api,iamapi): avoid full SaveConfiguration when creating a single IAM user (#9261)
2026-05-01 01:14:15 -07:00
custom_types.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
filer_multipart_sse_s3_test.go
fix(s3api): backfill multipart SSE-S3 metadata at completion (#9224)
2026-04-25 23:06:37 -07:00
filer_multipart.go
fix(s3api): backfill multipart SSE-S3 metadata at completion (#9224)
2026-04-25 23:06:37 -07:00
filer_util_delete_test.go
Fix S3 delete for non-empty directory markers (#8740)
2026-03-23 13:35:16 -07:00
filer_util_tags.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
filer_util.go
Prune Unused Functions from weed/s3api (#8815)
2026-03-28 13:24:11 -07:00
iam_defaults_test.go
Fix IAM defaults and S3Tables IAM regression (#8374)
2026-02-18 18:20:03 -08:00
iam_optional_test.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
identity_reflection_test.go
Enforce IAM for S3 Tables bucket creation (#8388)
2026-02-19 22:52:05 -08:00
object_lock_utils.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
README.txt
s3_action_resolver_test.go
feat(s3): add STS GetFederationToken support (#8891)
2026-04-02 17:37:05 -07:00
s3_action_resolver.go
feat(s3): add STS GetFederationToken support (#8891)
2026-04-02 17:37:05 -07:00
s3_bucket_encryption.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3_content_encoding_test.go
S3: Fix Content-Encoding header not preserved (#7894) (#7895)
2025-12-27 12:25:33 -08:00
s3_end_to_end_test.go
fix(s3): populate s3:prefix from query param for ListObjects policy conditions (#8971)
2026-04-07 13:21:30 -07:00
s3_error_utils.go
Prune Unused Functions from weed/s3api (#8815)
2026-03-28 13:24:11 -07:00
s3_existing_object_tag_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3_granular_action_security_test.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_iam_middleware.go
fix(s3): populate s3:prefix from query param for ListObjects policy conditions (#8971)
2026-04-07 13:21:30 -07:00
s3_iam_role_selection_test.go
S3 API: Advanced IAM System (#7160)
2025-08-30 11:15:48 -07:00
s3_jwt_auth_test.go
fix(s3): strip client-supplied X-SeaweedFS-Principal/Session-Token in AuthSignatureOnly (#9120)
2026-04-17 12:23:21 -07:00
s3_list_parts_action_test.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_metadata_util.go
s3: do not persist multi part "Response-Content-Disposition" in request header (#7887)
2025-12-26 13:21:15 -08:00
s3_sse_c.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3_sse_ctr_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_kms_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_kms.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3_sse_metadata.go
fix(s3api): cross-SSE copy operations and bring them back into CI (#9281) (#9282)
2026-04-29 10:06:51 -07:00
s3_sse_s3_integration_test.go
fix(s3api): stream multipart-SSE chunks lazily to avoid truncated GETs (#8908) (#9228)
2026-04-26 16:31:42 -07:00
s3_sse_s3_multipart_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_s3.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3_sse_test_utils_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_utils.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_token_differentiation_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_validation_utils.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3api_acl_helper.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3api_acp.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_auth.go
Fix critical authentication bypass vulnerability (#7912) (#7915)
2025-12-30 12:40:59 -08:00
s3api_bucket_config_update_test.go
s3api: preserve lifecycle config responses for Terraform (#8805)
2026-03-27 22:50:02 -07:00
s3api_bucket_config.go
s3api: preserve lifecycle config responses for Terraform (#8805)
2026-03-27 22:50:02 -07:00
s3api_bucket_cors_handlers.go
S3: add fallback for CORS (#7404)
2025-10-29 13:43:27 -07:00
s3api_bucket_handlers_lifecycle_test.go
fix(s3): lifecycle TTL rules inherit replication and volumeGrowthCount from filer config (#8321)
2026-02-12 16:46:05 -08:00
s3api_bucket_handlers_object_lock_config.go
Add table operations test (#8241)
2026-02-07 13:27:47 -08:00
s3api_bucket_handlers.go
s3api: prune bucket-scoped IAM actions on DeleteBucket (#9054)
2026-04-13 12:13:38 -07:00
s3api_bucket_lifecycle_config.go
s3api: preserve lifecycle config responses for Terraform (#8805)
2026-03-27 22:50:02 -07:00
s3api_bucket_lifecycle_response_test.go
s3api: skip TTL fast-path for versioned buckets (#8823)
2026-03-29 00:05:53 -07:00
s3api_bucket_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_bucket_policy_arn_test.go
s3api: fix AccessDenied by correctly propagating principal ARN in vended tokens (#8330)
2026-02-12 23:11:41 -08:00
s3api_bucket_policy_engine.go
s3: support s3:x-amz-server-side-encryption policy condition (#8806)
2026-03-27 23:15:01 -07:00
s3api_bucket_policy_handlers.go
fix(s3): omit NotResource:null from bucket policy JSON response (#8658)
2026-03-16 12:58:26 -07:00
s3api_bucket_tagging_handlers.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_circuit_breaker_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_circuit_breaker.go
s3api: fix static IAM policy enforcement after reload (#8532)
2026-03-06 12:35:08 -08:00
s3api_copy_size_calculation.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3api_copy_validation.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_domain_test.go
fix: Use a mixed of virtual and path styles within a single subdomain (#7357)
2025-10-24 01:45:22 -07:00
s3api_embedded_iam_test.go
fix(s3api,iamapi): avoid full SaveConfiguration when creating a single IAM user (#9261)
2026-05-01 01:14:15 -07:00
s3api_embedded_iam.go
fix(s3api,iamapi): avoid full SaveConfiguration when creating a single IAM user (#9261)
2026-05-01 01:14:15 -07:00
s3api_encrypted_volume_copy_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_governance_permissions_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_handlers.go
fix(s3): don't count ErrNotFound as filer health failure in failover (#8995)
2026-04-08 17:08:57 -07:00
s3api_implicit_directory_test.go
Add table operations test (#8241)
2026-02-07 13:27:47 -08:00
s3api_list_normalization_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_multipart_ssekms_test.go
fix(s3api): stream multipart-SSE chunks lazily to avoid truncated GETs (#8908) (#9228)
2026-04-26 16:31:42 -07:00
s3api_nextmarker_test.go
fix: S3 listing NextMarker missing intermediate directory component (#8089)
2026-01-22 16:56:35 -08:00
s3api_object_handlers_acl.go
Add Iceberg admin UI (#8246)
2026-02-08 20:06:32 -08:00
s3api_object_handlers_attributes.go
s3api: add GetObjectAttributes API support (#8504)
2026-03-04 12:52:09 -08:00
s3api_object_handlers_copy_part_sse.go
fix(s3api): re-encrypt UploadPartCopy bytes for the destination's SSE config (#8908) (#9280)
2026-04-29 09:46:44 -07:00
s3api_object_handlers_copy_unified.go
Add table operations test (#8241)
2026-02-07 13:27:47 -08:00
s3api_object_handlers_copy.go
fix(s3): cache remote-only source before CopyObject (#9304) (#9305)
2026-05-03 18:52:45 -07:00
s3api_object_handlers_delete.go
s3api: make conditional mutations atomic and AWS-compatible (#8802)
2026-03-27 19:22:26 -07:00
s3api_object_handlers_legal_hold.go
adjust logs
2026-01-17 18:40:48 -08:00
s3api_object_handlers_list_directory_test.go
fix: directory incorrectly listed as object in S3 ListObjects (#7939)
2026-01-02 15:52:37 -08:00
s3api_object_handlers_list_test.go
fix(s3api): ListObjects with trailing-slash prefix matches sibling directories (#8599)
2026-03-11 02:28:34 -07:00
s3api_object_handlers_list_versioned_test.go
fix(s3): skip directories before marker in ListObjectVersions pagination (#8890)
2026-04-02 15:59:52 -07:00
s3api_object_handlers_list.go
fix(s3api): fix uint16 overflow in doListFilerEntries Limit calculation (#9271)
2026-04-28 20:50:05 -07:00
s3api_object_handlers_multipart.go
feat(s3): store and return checksum headers for additional checksum algorithms (#8914)
2026-04-03 18:37:54 -07:00
s3api_object_handlers_postpolicy_test.go
fix(s3): propagate validated POST form fields to upload headers (#9123)
2026-04-17 14:55:06 -07:00
s3api_object_handlers_postpolicy.go
fix(s3): propagate validated POST form fields to upload headers (#9123)
2026-04-17 14:55:06 -07:00
s3api_object_handlers_put_checksum_test.go
fix(s3): honor ChecksumAlgorithm on presigned URL uploads (#9076)
2026-04-14 21:52:49 -07:00
s3api_object_handlers_put.go
fix(mount): remove fid pool to stop master over-allocating volumes (#9111)
2026-04-16 15:51:13 -07:00
s3api_object_handlers_retention.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
s3api_object_handlers_tagging.go
Add Iceberg admin UI (#8246)
2026-02-08 20:06:32 -08:00
s3api_object_handlers.go
fix(s3): cache remote-only source before CopyObject (#9304) (#9305)
2026-05-03 18:52:45 -07:00
s3api_object_lock_fix_test.go
Fix get object lock configuration handler (#6996)
2025-07-18 02:19:50 -07:00
s3api_object_lock_headers_test.go
Test object lock and retention (#6997)
2025-07-18 22:25:58 -07:00
s3api_object_ownership_test.go
s3: implement Bucket Owner Enforced for object ownership (#7913)
2025-12-29 23:54:00 -08:00
s3api_object_retention_test.go
S3: S3 Object Retention API to include XML namespace support (#7517)
2025-11-20 11:42:22 -08:00
s3api_object_retention.go
Prune Unused Functions from weed/s3api (#8815)
2026-03-28 13:24:11 -07:00
s3api_object_versioning_self_heal_test.go
fix(s3api): self-heal stale .versions latest-version pointer on read (#9125)
2026-04-17 14:57:59 -07:00
s3api_object_versioning.go
fix(s3api): clear stale latest-version pointer when .versions dir cleanup is blocked (#9269)
2026-04-28 21:02:52 -07:00
s3api_policy_test.go
s3api: accept all supported lifecycle rule types (#8813)
2026-03-28 19:39:21 -07:00
s3api_policy.go
s3lifecycle: add lifecycle rule evaluator package and extend XML types (#8807)
2026-03-28 11:10:31 -07:00
s3api_put_handlers.go
Prune Unused Functions from weed/s3api (#8815)
2026-03-28 13:24:11 -07:00
s3api_put_object_helper_test.go
S3: Implement IAM defaults and STS signing key fallback (#8348)
2026-02-16 13:59:13 -08:00
s3api_put_object_helper.go
s3api: remove redundant auth verification in getRequestDataReader (#7685)
2025-12-09 10:24:35 -08:00
s3api_remote_storage_test.go
fix(s3): cache remote-only source before CopyObject (#9304) (#9305)
2026-05-03 18:52:45 -07:00
s3api_server_grpc.go
iam: add IAM group management (#8560)
2026-03-09 11:54:32 -07:00
s3api_server_routing_test.go
fix(s3api): route STS GetFederationToken to STS handler (#9157) (#9167)
2026-04-20 19:33:22 -07:00
s3api_server.go
fix(s3api): route STS GetFederationToken to STS handler (#9157) (#9167)
2026-04-20 19:33:22 -07:00
s3api_sosapi.go
chore: remove ~50k lines of unreachable dead code (#8913)
2026-04-03 16:04:27 -07:00
s3api_sse_decrypt_test.go
fix(s3api): backfill multipart SSE-S3 metadata at completion (#9224)
2026-04-25 23:06:37 -07:00
s3api_sse_s3_upload_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_status_handlers.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_stream_error_test.go
Client disconnects create context cancelled errors, 500x errors and Filer lookup failures (#8845)
2026-03-30 12:11:30 -07:00
s3api_sts_assume_role_test.go
Embed role policies in AssumeRole STS tokens (#8421)
2026-02-23 22:59:53 -08:00
s3api_sts_get_caller_identity_test.go
STS: add GetCallerIdentity support (#8893)
2026-04-02 15:59:09 -07:00
s3api_sts_get_federation_token_test.go
feat(s3): add STS GetFederationToken support (#8891)
2026-04-02 17:37:05 -07:00
s3api_sts.go
feat(iam): STS web-identity AWS-fidelity polish
2026-05-04 22:06:19 -07:00
s3api_tables_rest_validation_test.go
s3api: return 400 for invalid namespace query in REST table routes (#8296)
2026-02-10 17:57:08 -08:00
s3api_tables.go
Enforce IAM for S3 Tables bucket creation (#8388)
2026-02-19 22:52:05 -08:00
s3api_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_version_id_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_version_id.go
Add table operations test (#8241)
2026-02-07 13:27:47 -08:00
s3api_xsd_generated_helper.go
s3api_xsd_generated.go
fix ListAllMyBucketsResult xmlns
2025-08-14 20:38:03 -07:00
sses3_multipart_repro_test.go
fix(s3api): stream multipart-SSE chunks lazily to avoid truncated GETs (#8908) (#9228)
2026-04-26 16:31:42 -07:00
stats.go
Populate bucket_traffic_received_bytes_total metric (#7249)
2025-09-17 19:04:51 -07:00
sts_packed_policy_test.go
feat(iam): STS web-identity AWS-fidelity polish
2026-05-04 22:06:19 -07:00
sts_params_test.go
s3/iam: reuse one request id per request (#8538)
2026-03-06 15:22:39 -08:00
sts_session_name_test.go
feat(iam): STS web-identity AWS-fidelity polish
2026-05-04 22:06:19 -07:00
tags_test.go
tag parsing decode url encoded
2025-07-28 02:49:43 -07:00
tags.go
Add s3tables shell and admin UI (#8172)
2026-01-30 22:57:05 -08:00

README.txt 

see https://blog.aqwari.net/xml-schema-go/

1. go get aqwari.net/xml/cmd/xsdgen
2. Add EncodingType element for ListBucketResult in AmazonS3.xsd
3. xsdgen -o s3api_xsd_generated.go -pkg s3api AmazonS3.xsd
4. Remove empty Grantee struct in s3api_xsd_generated.go
5. Remove xmlns: sed s'/http:\/\/s3.amazonaws.com\/doc\/2006-03-01\/\ //' s3api_xsd_generated.go
Reference in New Issue View Git Blame Copy Permalink