diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-11-12 22:14:50 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-12 22:14:50 -0800 |
| commit | 508d06d9a5c763668ba149a8f1182e8552505c2b (patch) | |
| tree | a34d21d801d2b71dc3c6968cbb4ff8568e0fa8da /test/s3/iam/iam_config_distributed.json | |
| parent | 50f067bcfd99ecf1821ba2d34fc2f109e90428bb (diff) | |
| download | seaweedfs-508d06d9a5c763668ba149a8f1182e8552505c2b.tar.xz seaweedfs-508d06d9a5c763668ba149a8f1182e8552505c2b.zip | |
S3: Enforce bucket policy (#7471)
* evaluate policies during authorization
* cache bucket policy
* refactor
* matching with regex special characters
* Case Sensitivity, pattern cache, Dead Code Removal
* Fixed Typo, Restored []string Case, Added Cache Size Limit
* hook up with policy engine
* remove old implementation
* action mapping
* validate
* if not specified, fall through to IAM checks
* fmt
* Fail-close on policy evaluation errors
* Explicit `Allow` bypasses IAM checks
* fix error message
* arn:seaweed => arn:aws
* remove legacy support
* fix tests
* Clean up bucket policy after this test
* fix for tests
* address comments
* security fixes
* fix tests
* temp comment out
Diffstat (limited to 'test/s3/iam/iam_config_distributed.json')
| -rw-r--r-- | test/s3/iam/iam_config_distributed.json | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/test/s3/iam/iam_config_distributed.json b/test/s3/iam/iam_config_distributed.json index c9827c220..a6d2aa395 100644 --- a/test/s3/iam/iam_config_distributed.json +++ b/test/s3/iam/iam_config_distributed.json @@ -40,7 +40,7 @@ "roles": [ { "roleName": "S3AdminRole", - "roleArn": "arn:seaweed:iam::role/S3AdminRole", + "roleArn": "arn:aws:iam::role/S3AdminRole", "trustPolicy": { "Version": "2012-10-17", "Statement": [ @@ -63,7 +63,7 @@ }, { "roleName": "S3ReadOnlyRole", - "roleArn": "arn:seaweed:iam::role/S3ReadOnlyRole", + "roleArn": "arn:aws:iam::role/S3ReadOnlyRole", "trustPolicy": { "Version": "2012-10-17", "Statement": [ @@ -86,7 +86,7 @@ }, { "roleName": "S3ReadWriteRole", - "roleArn": "arn:seaweed:iam::role/S3ReadWriteRole", + "roleArn": "arn:aws:iam::role/S3ReadWriteRole", "trustPolicy": { "Version": "2012-10-17", "Statement": [ @@ -137,8 +137,8 @@ "s3:ListBucketVersions" ], "Resource": [ - "arn:seaweed:s3:::*", - "arn:seaweed:s3:::*/*" + "arn:aws:s3:::*", + "arn:aws:s3:::*/*" ] } ] @@ -162,8 +162,8 @@ "s3:ListBucketVersions" ], "Resource": [ - "arn:seaweed:s3:::*", - "arn:seaweed:s3:::*/*" + "arn:aws:s3:::*", + "arn:aws:s3:::*/*" ] } ] |