seaweedfs/.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	chrislu <chris.lu@gmail.com>	2025-12-08 23:58:13 -0800
committer	chrislu <chris.lu@gmail.com>	2025-12-09 00:01:31 -0800
commit	c6721bb18d8f70ec9e86b6aa043b488d2d2f0239 (patch)
tree	df61724296cab7caa59d2b2627956bc02a839b04 /weed/s3api/auth_credentials.go
parent	d5f21fd8ba6ee20c2504455093a9ceeaa178b826 (diff)
download	seaweedfs-c6721bb18d8f70ec9e86b6aa043b488d2d2f0239.tar.xz seaweedfs-c6721bb18d8f70ec9e86b6aa043b488d2d2f0239.zip

s3: add s3:ExistingObjectTag condition support in policy engine

Add support for s3:ExistingObjectTag/<tag-key> condition keys in bucket policies, allowing access control based on object tags. Changes: - Add ObjectEntry field to PolicyEvaluationArgs (entry.Extended metadata) - Update EvaluateConditions to handle s3:ExistingObjectTag/<key> format - Extract tag value from entry metadata using X-Amz-Tagging-<key> prefix This enables policies like: { "Condition": { "StringEquals": { "s3:ExistingObjectTag/status": ["public"] } } } Fixes: https://github.com/seaweedfs/seaweedfs/issues/7447

Diffstat (limited to 'weed/s3api/auth_credentials.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: