mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2026-05-17 15:21:31 +00:00
e4bcfb96d8
* fix(iam): preserve actions/resources in GetUserPolicy fallback (#9008) When GetUserPolicy cannot find a stored inline policy document and falls back to reconstructing one from the aggregated ident.Actions, it produced mangled output: bare-bucket paths like "b-le*/*" got another "/*" appended (becoming "b-le*/*/*"), and distinct s3 actions that map to the same coarse verb (e.g. s3:GetObject and s3:GetBucketLocation -> s3:Get*) were emitted multiple times in the same statement. - Use SplitN so paths containing ':' are not shredded. - Only append "/*" to bare bucket patterns; paths already containing '/' are used as-is. - Dedupe reconstructed actions per resource. Adds a regression test using the exact reproducer from the issue. * fix(iam): preserve bucket-level ARNs in fallback reconstruction Addresses CodeRabbit review feedback on #9009: - Use stored path verbatim in the GetUserPolicy fallback so bucket-level resources (e.g. arn:aws:s3:::b-le*) are not rewritten to object-level ARNs (arn:aws:s3:::b-le*/*). Previously bare bucket patterns had "/*" appended, conflating bucket and object resources. - Extend TestPutGetUserPolicyIssue9008 to also exercise the fallback reconstruction path by clearing the persisted inline policy between the two GetUserPolicy calls, validating that bucket and object resources stay distinct. * chore: revert accidental scheduled_tasks.lock change