fix: add new auth method to update ownership within acl

Add helper util auth.UpdateBucketACLOwner() that sets new default ACL based on new owner and removes old bucket policy. The ChangeBucketOwner() remains in the backend.Backend interface in case there is ever a backend that needs to manage ownership in some other way than with bucket ACLs. The arguments are changing to clarify the updated owner. This will break any plugins implementing the old interface. They should use the new auth.UpdateBucketACLOwner() or implement the corresponding change specific for the backend.
2026-01-07 20:25:12 +00:00 · 2025-07-09 12:19:09 -07:00
parent c196b5f999
commit f295df2217
8 changed files with 47 additions and 43 deletions
--- a/s3api/controllers/admin.go
+++ b/s3api/controllers/admin.go
@@ -15,13 +15,10 @@
 package controllers

 import (
-	"encoding/json"
 	"encoding/xml"
-	"fmt"
 	"net/http"
 	"strings"

-	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"github.com/gofiber/fiber/v2"
 	"github.com/versity/versitygw/auth"
 	"github.com/versity/versitygw/backend"
@@ -172,27 +169,7 @@ func (c AdminController) ChangeBucketOwner(ctx *fiber.Ctx) error {
 			})
 	}

-	acl := auth.ACL{
-		Owner: owner,
-		Grantees: []auth.Grantee{
-			{
-				Permission: auth.PermissionFullControl,
-				Access:     owner,
-				Type:       types.TypeCanonicalUser,
-			},
-		},
-	}
-
-	aclParsed, err := json.Marshal(acl)
-	if err != nil {
-		return SendResponse(ctx, fmt.Errorf("failed to marshal the bucket acl: %w", err),
-			&MetaOpts{
-				Logger: c.l,
-				Action: metrics.ActionAdminChangeBucketOwner,
-			})
-	}
-
-	err = c.be.ChangeBucketOwner(ctx.Context(), bucket, aclParsed)
+	err = c.be.ChangeBucketOwner(ctx.Context(), bucket, owner)
 	return SendResponse(ctx, err,
 		&MetaOpts{
 			Logger: c.l,