fix: adds validation for bucket canned ACL

Fixes #1379 Adds validation for bucket canned ACLs in `CreateBucket` and `PutBucketAcl`. The gateway supports three values: `private`, `public-read`, and `public-read-write`. All other values (including `authenticated-read`, which is not supported) are considered invalid and result in an `InvalidArgument` error with an empty error message.
2026-01-05 03:24:04 +00:00 · 2025-11-03 22:23:28 +04:00
parent 4345420e12
commit 7744dacced
7 changed files with 100 additions and 13 deletions
--- a/s3err/s3err.go
+++ b/s3err/s3err.go
@@ -174,6 +174,7 @@ const (
 	ErrCORSIsNotEnabled
 	ErrNotModified
 	ErrInvalidLocationConstraint
+	ErrInvalidArgument

 	// Non-AWS errors
 	ErrExistingObjectIsDirectory
@@ -768,6 +769,11 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "The specified location-constraint is not valid",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrInvalidArgument: {
+		Code:           "InvalidArgument",
+		Description:    "",
+		HTTPStatusCode: http.StatusBadRequest,
+	},

 	// non aws errors
 	ErrExistingObjectIsDirectory: {