Commit Graph

2550 Commits

Author SHA1 Message Date
Ben McClelland 0ad928a4d8 Merge pull request #1894 from versity/sis/getobject-directory-object-checksum
feat: adds checksums for directory objects in posix
2026-02-28 09:39:51 -08:00
Ben McClelland 1e5f803cab Merge pull request #1875 from versity/sis/disable-acl-option
feat: configuration option to disable ACLs
2026-02-28 09:32:23 -08:00
Ben McClelland ade010ecc3 Merge pull request #1881 from versity/test/env_and_readme_work
test: env, README work
2026-02-27 08:42:58 -08:00
Ben McClelland 03c4d7fa3e Merge pull request #1900 from versity/ben/scoutfs-limiter
feat: add concurrency limiter to scoutfs
2026-02-27 08:40:18 -08:00
niksis02 5ae791b154 feat: configuration option to disable ACLs
Closes #1847

This PR introduces a global optional gateway CLI flag `--disable-acl` (`VGW_DISABLE_ACL`) to disable ACL handling. When this flag is enabled, the gateway ignores all ACL-related headers, particularly in `CreateBucket`, `PutObject`, `CopyObject`, and `CreateMultipartUpload`.

`GetBucketAcl` behavior is unchanged simply returning the bucket ACL config.
There's no change in object ACL actions(`PutObjectACL`, `GetObjectACL`). They return a`NotImplemented` error as before.

A new custom error is added for PutBucketAcl calls when ACLs are disabled at the gateway level. Its HTTP status code and error code match AWS S3’s behavior, with only a slightly different error message.

In the access-control checker, ACL evaluation is fully bypassed. If ACLs are disabled only the bucket owner gets access to the bucket and all grantee checks are ignored.

The PR also includes minor refactoring of the S3 API server and router. The growing list of parameters passed to the router’s Init method has been consolidated into fields within the router struct, initialized during router construction. Parameters not needed by the S3 server are no longer stored in the server configuration and are instead forwarded directly to the router.
2026-02-27 20:04:13 +04:00
Kai Hambrecht 8234c317b8 Fix versitygw#1864 to not return parent keys for ListObjectVersions with prefix 2026-02-27 15:55:42 +01:00
niksis02 d03a33110d feat: optimize multipart upload checksum calculation.
This PR optimizes multipart upload checksum handling. When a checksum algorithm/type is specified at multipart-upload initiation, each `UploadPart` request computes, validates, and stores the corresponding part checksum. During `CompleteMultipartUpload`, the final checksum is derived either via composite checksum calculation or by composing the CRC-family checksums.

When **no** checksum algorithm is specified during multipart-upload initiation, each `UploadPart` may supply a different checksum algorithm for data-integrity verification. To support this scenario, a new mechanism has been implemented: for every `UploadPart`, a **crc64nvme** checksum is always computed.

* If the client uses crc64nvme for the part upload, a single hash reader is used.
* Otherwise, two hash readers are used—one for crc64nvme and one for the user-provided checksum.

The crc64nvme value is stored in part xattrs under `user.part-crc64nvme` and later used during `CompleteMultipartUpload` as a composable checksum source.

In `CompleteMultipartUpload`, the hash reader is entirely removed; the gateway no longer re-reads part data to compute the final checksum. The logic now follows two distinct paths:

1. **Checksum algorithm/type specified at MP initiation**

   * All required per-part checksums have already been stored.
   * If the checksum type is `FULL_OBJECT`, the gateway uses the composable path.
   * If the type is `COMPOSITE`, the gateway follows the checksum-combining path.

2. **No checksum algorithm specified at MP initiation**

   * The gateway loads the stored per-part `crc64nvme` values and composes them to compute the final checksum.

The previous `composableCRC` check has been removed because all `FULL_OBJECT` algorithms are inherently composable (`crc32`, `crc32c`, `crc64nvme`). Validation now relies solely on `checksum.Type`.
2026-02-27 15:13:21 +04:00
niksis02 4ebe40829e fix: store final checksum on CompleteMultipartUpload
Previously, if no object checksum type/algorithm was specified when initiating a multipart upload, the CompleteMultipartUpload request would compute the final object’s CRC64NVME checksum but not persist it. This logic has now been fixed, and in the scenario described above the checksum is stored on the final object. There should no longer be any case where a CompleteMultipartUpload request finishes without persisting the final object checksum.
2026-02-27 15:12:57 +04:00
Ben McClelland b3eac9781f feat: add concurrency limiter to scoutfs
This brings scoutfs in-line with the posix concurrency limiter.
This fixes a hang with scoutfs due to not correctly initializing
the concurrency in posix leading to a concurrency of 0 allowed.

This also adds a sane default to the posix concurrency when not
initialized.
2026-02-26 17:34:29 -08:00
Ben McClelland 17b42ac5d8 Merge pull request #1901 from versity/sis/go-version-1.25.0
feat: update go version to 1.25.0 and golang.org/x/net to 0.51.0
2026-02-26 17:28:01 -08:00
niksis02 880d4cecd6 feat: update go version to 1.25.0 and golang.org/x/net to 0.51.0 2026-02-27 03:35:19 +04:00
niksis02 24364754fd feat: adds checksums for directory objects in posix
Add data-integrity checksum support in `PutObject` in the POSIX backend for directory objects. Since the only way to upload a directory object is via `PutObject`, this logic validates and stores the checksum of the empty payload. Support for `GetObject` has also been added to retrieve and return directory-object checksums.
2026-02-26 22:36:56 +04:00
Luke McCrone 05ace90683 test: README, some test updates 2026-02-25 19:26:34 -03:00
Ben McClelland daad370651 Merge pull request #1895 from versity/dependabot/go_modules/github.com/gofiber/fiber/v2-2.52.12
chore(deps): bump github.com/gofiber/fiber/v2 from 2.52.11 to 2.52.12
2026-02-25 10:28:04 -08:00
Ben McClelland 297d9b2076 Merge pull request #1872 from versity/test/remove_old_recording
test: remove obsolete recording code
2026-02-25 08:43:27 -08:00
dependabot[bot] 22d49ed489 chore(deps): bump github.com/gofiber/fiber/v2 from 2.52.11 to 2.52.12
Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.52.11 to 2.52.12.
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](https://github.com/gofiber/fiber/compare/v2.52.11...v2.52.12)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-version: 2.52.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-25 00:13:19 +00:00
Luke McCrone 2bd5ffe8bc test: remove obsolete recording code 2026-02-24 15:15:06 -03:00
Ben McClelland 7e50917d0b Merge pull request #1885 from versity/sis/bucket-cors-rules-validation
fix: fixes PutBucketCors CORSRules validation
2026-02-24 08:48:01 -08:00
Ben McClelland 744cf2491d Merge pull request #1884 from versity/ben/s3proxy-disable-data-integrity
feat: add option to disable s3proxy client data integrity checks
2026-02-24 08:33:56 -08:00
niksis02 6fafc15d08 fix: fixes PutBucketCors CORSRules validation
Fixes #1870
Fixes #1863

A validation has been added to **PutBucketCors** for `CORSRule.AllowedOrigins`. The `AllowedOrigins` list can no longer be empty—otherwise a **MalformedXML** error is returned. Additionally, each origin is now validated to ensure it does not contain more than one wildcard.

A similar validation has been added for `AllowedMethods`. The list must not be empty, or a **MalformedXML** error is returned. Previously, empty method values (e.g., `[]string{""}`) were incorrectly treated as valid. This has been fixed, and an **UnsupportedCORSMethod** error is now returned.
2026-02-24 16:59:38 +04:00
Ben McClelland 9c3a14a932 Merge pull request #1892 from versity/dependabot/go_modules/dev-dependencies-d0d765b853
chore(deps): bump the dev-dependencies group with 21 updates
2026-02-23 15:29:56 -08:00
Ben McClelland 658c12b9ca Merge pull request #1891 from versity/dependabot/github_actions/goreleaser/goreleaser-action-7
chore(deps): bump goreleaser/goreleaser-action from 6 to 7
2026-02-23 15:09:54 -08:00
dependabot[bot] 05306369f5 chore(deps): bump the dev-dependencies group with 21 updates
Bumps the dev-dependencies group with 21 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.1` | `1.41.2` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.7` | `1.32.10` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.7` | `1.19.10` |
| [github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager](https://github.com/aws/aws-sdk-go-v2) | `0.1.2` | `0.1.5` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.96.0` | `1.96.1` |
| [github.com/aws/smithy-go](https://github.com/aws/smithy-go) | `1.24.0` | `1.24.1` |
| [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) | `1.48.0` | `1.49.0` |
| [github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream](https://github.com/aws/aws-sdk-go-v2) | `1.7.4` | `1.7.5` |
| [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://github.com/aws/aws-sdk-go-v2) | `1.18.17` | `1.18.18` |
| [github.com/aws/aws-sdk-go-v2/internal/configsources](https://github.com/aws/aws-sdk-go-v2) | `1.4.17` | `1.4.18` |
| [github.com/aws/aws-sdk-go-v2/internal/endpoints/v2](https://github.com/aws/aws-sdk-go-v2) | `2.7.17` | `2.7.18` |
| [github.com/aws/aws-sdk-go-v2/internal/v4a](https://github.com/aws/aws-sdk-go-v2) | `1.4.17` | `1.4.18` |
| [github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding](https://github.com/aws/aws-sdk-go-v2) | `1.13.4` | `1.13.5` |
| [github.com/aws/aws-sdk-go-v2/service/internal/checksum](https://github.com/aws/aws-sdk-go-v2) | `1.9.8` | `1.9.9` |
| [github.com/aws/aws-sdk-go-v2/service/internal/presigned-url](https://github.com/aws/aws-sdk-go-v2) | `1.13.17` | `1.13.18` |
| [github.com/aws/aws-sdk-go-v2/service/internal/s3shared](https://github.com/aws/aws-sdk-go-v2) | `1.19.17` | `1.19.18` |
| [github.com/aws/aws-sdk-go-v2/service/signin](https://github.com/aws/aws-sdk-go-v2) | `1.0.5` | `1.0.6` |
| [github.com/aws/aws-sdk-go-v2/service/sso](https://github.com/aws/aws-sdk-go-v2) | `1.30.9` | `1.30.11` |
| [github.com/aws/aws-sdk-go-v2/service/ssooidc](https://github.com/aws/aws-sdk-go-v2) | `1.35.13` | `1.35.15` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.41.6` | `1.41.7` |
| [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.19` | `0.0.20` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.41.1 to 1.41.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.41.1...v1.41.2)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.7 to 1.32.10
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.7...config/v1.32.10)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.7 to 1.19.10
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.19.7...service/iam/v1.19.10)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager` from 0.1.2 to 0.1.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/ec2imds/v0.1.2...ec2imds/v0.1.5)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.96.0 to 1.96.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.96.0...service/s3/v1.96.1)

Updates `github.com/aws/smithy-go` from 1.24.0 to 1.24.1
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.24.0...v1.24.1)

Updates `github.com/nats-io/nats.go` from 1.48.0 to 1.49.0
- [Release notes](https://github.com/nats-io/nats.go/releases)
- [Commits](https://github.com/nats-io/nats.go/compare/v1.48.0...v1.49.0)

Updates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.4 to 1.7.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.7.4...service/m2/v1.7.5)

Updates `github.com/aws/aws-sdk-go-v2/feature/ec2/imds` from 1.18.17 to 1.18.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/config/v1.18.18/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.17...config/v1.18.18)

Updates `github.com/aws/aws-sdk-go-v2/internal/configsources` from 1.4.17 to 1.4.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/internal/v4a/v1.4.17...internal/v4a/v1.4.18)

Updates `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2` from 2.7.17 to 2.7.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/internal/endpoints/v2.7.17...internal/endpoints/v2.7.18)

Updates `github.com/aws/aws-sdk-go-v2/internal/v4a` from 1.4.17 to 1.4.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/internal/v4a/v1.4.17...internal/v4a/v1.4.18)

Updates `github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding` from 1.13.4 to 1.13.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/mq/v1.13.5/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/mq/v1.13.4...service/mq/v1.13.5)

Updates `github.com/aws/aws-sdk-go-v2/service/internal/checksum` from 1.9.8 to 1.9.9
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/dsql/v1.9.8...service/dsql/v1.9.9)

Updates `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url` from 1.13.17 to 1.13.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/mq/v1.13.17...service/mq/v1.13.18)

Updates `github.com/aws/aws-sdk-go-v2/service/internal/s3shared` from 1.19.17 to 1.19.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/sqs/v1.19.17...service/docdb/v1.19.18)

Updates `github.com/aws/aws-sdk-go-v2/service/signin` from 1.0.5 to 1.0.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.0.5...service/m2/v1.0.6)

Updates `github.com/aws/aws-sdk-go-v2/service/sso` from 1.30.9 to 1.30.11
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/acm/v1.30.9...service/acm/v1.30.11)

Updates `github.com/aws/aws-sdk-go-v2/service/ssooidc` from 1.35.13 to 1.35.15
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/pi/v1.35.13...service/pi/v1.35.15)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.41.6 to 1.41.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/sts/v1.41.6...service/sts/v1.41.7)

Updates `github.com/mattn/go-runewidth` from 0.0.19 to 0.0.20
- [Commits](https://github.com/mattn/go-runewidth/compare/v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager
  dependency-version: 0.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.96.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/nats-io/nats.go
  dependency-version: 1.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
  dependency-version: 1.7.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/ec2/imds
  dependency-version: 1.18.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/internal/configsources
  dependency-version: 1.4.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
  dependency-version: 2.7.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/internal/v4a
  dependency-version: 1.4.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
  dependency-version: 1.13.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/internal/checksum
  dependency-version: 1.9.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
  dependency-version: 1.13.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/internal/s3shared
  dependency-version: 1.19.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/signin
  dependency-version: 1.0.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sso
  dependency-version: 1.30.11
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ssooidc
  dependency-version: 1.35.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-version: 1.41.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/mattn/go-runewidth
  dependency-version: 0.0.20
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-23 22:50:45 +00:00
dependabot[bot] 496b098953 chore(deps): bump goreleaser/goreleaser-action from 6 to 7
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6 to 7.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-23 22:35:41 +00:00
Ben McClelland 757c4146aa Merge pull request #1890 from versity/ben/maxlerebourg-fix-ui
fix: make webui sidebar responsive on mobile
2026-02-23 13:16:59 -08:00
Ben McClelland 5298f09373 Merge pull request #1883 from versity/ben/gateways-config
feat: add cli options to specify webui gateway/admin listing
2026-02-23 12:34:33 -08:00
Ben McClelland ab80ac6e26 Merge pull request #1876 from versity/sis/create-bucket-response
feat: adds `Location`, `x-amz-bucket-arn` response headers in CreateBucket
2026-02-23 12:34:05 -08:00
maxlerebourg 3d5663655f fix: make webui sidebar responsive on mobile
On small screens the sidebar now collapses out of view by default,
replaced by a visible toggle button that slides it back in. Without
this, the sidebar occupied the full screen width on phones and tablets,
leaving no room for page content.

Co-authored-by: Ben McClelland <ben.mcclelland@versity.com>
2026-02-23 12:11:53 -08:00
Ben McClelland f8f00aecca Merge pull request #1862 from versity/test/rest_cors
test: REST CORS commands - initial checks
2026-02-23 11:52:47 -08:00
Ben McClelland e2821fc855 feat: add option to disable s3proxy client data integrity checks
AWS introduced a relatively newer option for data integrity checks
that not all non-AWS server support yet. See this for mmore info:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html

This change adds a new option: disable-data-integrity-check
to disable the data integrity checks in the client sdk for the
servers that may not yet support this. Use this only when the s3
service for the proxy does not support the data integrity features.

Fixes #1867
2026-02-21 11:49:20 -08:00
Ben McClelland e7a1231e77 feat: add cli options to specify webui gateway/admin listing
New cli options added:
webui-gateways - override auto-detected S3 gateway URLs for WebUI
webui-admin-gateways - override auto-detected admin gateway URLs
 for WebUI

These also accept env vars VGW_WEBUI_GATEWAYS and
VGW_WEBUI_ADMIN_GATEWAYS for the options.

When setting these, this will override the url auto-detection for
the webui service urls dropdown options. By default, the gateway
auto-detects URLs based on the configured port settings. Use these
options to specify custom URLs when the auto-detected values are
incorrect (e.g., when running behind a reverse proxy or load
balancer). Multiple URLs can be specified with repeated options
or a comma-separated list with the environment variables.
for example:
--webui-gateways https://s3.example.com \
--webui-gateways http://192.168.1.100:7070
or
VGW_WEBUI_GATEWAYS=https://s3.example.com,http://192.168.1.100:7070

The gateway will validate the provided URLs with warnings for any
invalid URL specified. The gateway will terminate if these options
are set but contain no valid URLs.

Also added sorting to the auto-detected URLs so that localhost
URLs will be last in the list, since these will not likely work
on remote systems. The specified lists when provided are left
in the order they are specified to allow admins to determine
dropdown list ordering.

Fixes #1851
2026-02-21 11:35:01 -08:00
niksis02 7fb3dedecc feat: adds Location, x-amz-bucket-arn response headers in CreateBucket
Closes #1873
2026-02-20 13:02:51 +04:00
Luke McCrone 5fc7357a03 test: REST CORS - initial tests 2026-02-19 20:19:05 -03:00
Ben McClelland a81f9e5152 Merge pull request #1871 from versity/sis/create-bucket-private-canned-acl
fix: correct private canned ACL behavior on bucket creation
2026-02-18 09:55:36 -08:00
Ben McClelland ac2b36e9c9 Merge pull request #1865 from versity/sis/obj-default-content-type
fix: fixes object default Content-Type
2026-02-18 09:31:57 -08:00
Ben McClelland c1e0ce9457 Merge pull request #1843 from versity/ben/multi-ports
feat: add multi-address listener for s3/admin/webui
2026-02-18 09:31:24 -08:00
niksis02 f1577fd00b fix: correct private canned ACL behavior on bucket creation
Fixes #1869

Generally, when object ownership is not explicitly specified during bucket creation, it defaults to `BucketOwnerEnforced`. With `BucketOwnerEnforced`, ACLs are disabled and any attempt to set one results in an `InvalidBucketAclWithObjectOwnership` error.

However, there is an edge case. When the `private` canned ACL is used during bucket creation—which is effectively the default ACL for all buckets—`BucketOwnerEnforced` is still permitted. Moreover, if no explicit object ownership is specified together with the `private` canned ACL, the ownership defaults to `BucketOwnerPreferred`.

This fix also resolves the issue with rclone bucket creation, since rclone sends `x-amz-acl: private` by default:

```
rclone mkdir vgw:test
```
2026-02-18 20:32:05 +04:00
Ben McClelland 599ab1b743 feat: add multi-address listener for s3/admin/webui
This allows specifying the following options more than once:
port, admin-port, webui

or using a comma-separated list for the env vars:
e.g., VGW_PORT=:7070,:8080,localhost:9090

This will also expand multiple interfaces from hostnames, for example
"localhost" in this case would resolve to both IPv4 and IPv6 interfaces:
localhost has address 127.0.0.1
localhost has IPv6 address ::1

This updates the banner to reflect all of the listening interfaces/ports,
and starts the service listener on all requested interfaces/ports.

Fixes #1761
2026-02-17 14:16:43 -08:00
niksis02 46bcc8af35 fix: fixes object default Content-Type
Fixes #1849

If no `Content-Type` is provided during object upload, S3 defaults it to `application/octet-stream`. This behavior was missing in the gateway, causing backends to persist an empty `Content-Type`, which Fiber then overrides with its default `text/plain`. The behavior has now been corrected for the object upload operations: `PutObject`, `CreateMultipartUpload`, and `CopyObject`.
2026-02-18 01:44:52 +04:00
Ben McClelland 919436d473 Merge pull request #1854 from versity/sis/posix-rate-limiter
feat: add posix concurrency-limiter
2026-02-17 10:25:16 -08:00
Ben McClelland c8bd4b3716 Merge pull request #1848 from versity/sis/fiber-rate-limiter
feat: adds fiber max connections and in-flight requests limiter
2026-02-17 10:23:29 -08:00
niksis02 4b11f540cb feat: add posix concurrency-limiter
Closes #1815

Implements posix actions concurrency limiter. Since posix actions perform filesystem-heavy syscalls, a semaphore-based limiter is introduced to cap the maximum number of concurrent posix actions. When the limit is reached, additional action calls block until a slot becomes available.

For internal posix calls, the `no_acquire_slot` context key is used to prevent acquiring the limiter multiple times within a single action (e.g., PutObject internally calling PutObjectLegalHold).

The posix concurrency limit can be configured via the gateway posix subcommand flag (--concurrency) or the environment variable `VGW_POSIX_CONCURRENCY`. The default value is `5000`.
2026-02-17 14:59:32 +04:00
niksis02 f7814adcf5 feat: adds fiber max connections and in-flight requests limiter
This is part of the thread exhaustion issue (#1815).

This PR introduces:

* A **maximum Fiber HTTP connections limit**
* A middleware that enforces a **hard limit on in-flight HTTP requests**

When the in-flight request limit is reached, the middleware returns an **S3-compatible `503 SlowDown`** error.

The same mechanism is implemented for the **admin server** (both max connections and max in-flight requests).

All limits are configurable via **CLI flags** and **environment variables**, for both the `s3api` server and the `admin` server.

---

| Setting         | CLI Flag            | Alias | Environment Variable  | Default |
| --------------- | ------------------- | ----- | --------------------- | ------- |
| Max Connections | `--max-connections` | `-mc` | `VGW_MAX_CONNECTIONS` | 250000  |
| Max Requests    | `--max-requests`    | `-mr` | `VGW_MAX_REQUESTS`    | 100000  |

---

| Setting         | CLI Flag                  | Alias  | Environment Variable        | Default |
| --------------- | ------------------------- | ------ | --------------------------- | ------- |
| Max Connections | `--admin-max-connections` | `-amc` | `VGW_ADMIN_MAX_CONNECTIONS` | 250000  |
| Max Requests    | `--admin-max-requests`    | `-amr` | `VGW_ADMIN_MAX_REQUESTS`    | 100000  |
2026-02-17 12:20:54 +04:00
Ben McClelland 87fc640213 Merge pull request #1861 from versity/ben/fix-system-workflow
chore: fix warning in system.yml github workflow
2026-02-16 14:33:01 -08:00
Ben McClelland 930e337719 Merge pull request #1860 from versity/ben/readme
chore: update readme for testing overview
2026-02-16 14:13:52 -08:00
Ben McClelland 4264d481ac Merge pull request #1859 from versity/dependabot/go_modules/dev-dependencies-ecbd0c0999
chore(deps): bump github.com/clipperhouse/uax29/v2 from 2.6.0 to 2.7.0 in the dev-dependencies group
2026-02-16 14:13:32 -08:00
Ben McClelland 4fa7d38e56 chore: fix warning in system.yml github workflow
The system.yml file was giving this warning:
Context access might be invalid: SAFE_RUN_SET

The warning occurs because this was trying to access env.SAFE_RUN_SET
in a with: key of an action, but GitHub Actions has restrictions on where
context variables can be accessed.

The env context isn't always guaranteed to be available in the with: key
of actions, especially when it depends on runtime values set in previous
steps.

The recommended fix is to change from $GITHUB_ENV to $GITHUB_OUTPUT
for this case.
2026-02-16 14:00:58 -08:00
Ben McClelland dc0572bf42 chore: update readme for testing overview 2026-02-16 13:51:22 -08:00
dependabot[bot] 6e9f0db0c7 chore(deps): bump github.com/clipperhouse/uax29/v2
Bumps the dev-dependencies group with 1 update: [github.com/clipperhouse/uax29/v2](https://github.com/clipperhouse/uax29).


Updates `github.com/clipperhouse/uax29/v2` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/clipperhouse/uax29/releases)
- [Commits](https://github.com/clipperhouse/uax29/compare/v2.6.0...v2.7.0)

---
updated-dependencies:
- dependency-name: github.com/clipperhouse/uax29/v2
  dependency-version: 2.7.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-16 21:40:05 +00:00
Ben McClelland c9198846d5 Merge pull request #1858 from versity/ben/go-mod-tidy
chore: cleanup go.mod with go mod tidy
2026-02-16 13:38:15 -08:00