diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-11-12 23:46:52 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-12 23:46:52 -0800 |
| commit | 2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae (patch) | |
| tree | fecb24a5439ab69f9b82f79c311305a082457e5e /weed/s3api/s3api_bucket_policy_engine.go | |
| parent | 508d06d9a5c763668ba149a8f1182e8552505c2b (diff) | |
| download | seaweedfs-2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae.tar.xz seaweedfs-2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae.zip | |
Refactor data structure (#7472)
* refactor to avoids circular dependency
* converts a policy.PolicyDocument to policy_engine.PolicyDocument
* convert numeric types to strings
* Update weed/s3api/policy_conversion.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* refactoring
* not skipping numeric and boolean values in arrays
* avoid nil
* edge cases
* handling conversion failure
The handling of unsupported types in convertToString could lead to silent policy alterations.
The conversion of map-based principals in convertPrincipal is too generic and could misinterpret policies.
* concise
* fix doc
* adjust warning
* recursion
* return errors
* reject empty principals
* better error message
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Diffstat (limited to 'weed/s3api/s3api_bucket_policy_engine.go')
| -rw-r--r-- | weed/s3api/s3api_bucket_policy_engine.go | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/weed/s3api/s3api_bucket_policy_engine.go b/weed/s3api/s3api_bucket_policy_engine.go index 9e77f407c..54b43223e 100644 --- a/weed/s3api/s3api_bucket_policy_engine.go +++ b/weed/s3api/s3api_bucket_policy_engine.go @@ -49,11 +49,8 @@ func (bpe *BucketPolicyEngine) LoadBucketPolicy(bucket string, entry *filer_pb.E // LoadBucketPolicyFromCache loads a bucket policy from a cached BucketConfig // -// NOTE: This function uses JSON marshaling/unmarshaling to convert between -// policy.PolicyDocument and policy_engine.PolicyDocument. This is inefficient -// but necessary because the two types are defined in different packages and -// have subtle differences. A future improvement would be to unify these types -// or create a direct conversion function for better performance and type safety. +// This function uses a type-safe conversion function to convert between +// policy.PolicyDocument and policy_engine.PolicyDocument with explicit field mapping and error handling. func (bpe *BucketPolicyEngine) LoadBucketPolicyFromCache(bucket string, policyDoc *policy.PolicyDocument) error { if policyDoc == nil { // No policy for this bucket - remove it if it exists @@ -61,10 +58,16 @@ func (bpe *BucketPolicyEngine) LoadBucketPolicyFromCache(bucket string, policyDo return nil } - // Convert policy.PolicyDocument to policy_engine.PolicyDocument - // We use JSON marshaling as an intermediate format since both types - // follow the same AWS S3 policy structure - policyJSON, err := json.Marshal(policyDoc) + // Convert policy.PolicyDocument to policy_engine.PolicyDocument using direct conversion + // This is more efficient than JSON marshaling and provides better type safety + enginePolicyDoc, err := ConvertPolicyDocumentToPolicyEngine(policyDoc) + if err != nil { + glog.Errorf("Failed to convert bucket policy for %s: %v", bucket, err) + return fmt.Errorf("failed to convert bucket policy: %w", err) + } + + // Marshal the converted policy to JSON for storage in the engine + policyJSON, err := json.Marshal(enginePolicyDoc) if err != nil { glog.Errorf("Failed to marshal bucket policy for %s: %v", bucket, err) return err |