Refactor data structure (#7472)

* refactor to avoids circular dependency * converts a policy.PolicyDocument to policy_engine.PolicyDocument * convert numeric types to strings * Update weed/s3api/policy_conversion.go Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * refactoring * not skipping numeric and boolean values in arrays * avoid nil * edge cases * handling conversion failure The handling of unsupported types in convertToString could lead to silent policy alterations. The conversion of map-based principals in convertPrincipal is too generic and could misinterpret policies. * concise * fix doc * adjust warning * recursion * return errors * reject empty principals * better error message --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
author: Chris Lu <chrislusf@users.noreply.github.com> 2025-11-12 23:46:52 -0800
committer: GitHub <noreply@github.com> 2025-11-12 23:46:52 -0800
commit: 2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae (patch)
tree: fecb24a5439ab69f9b82f79c311305a082457e5e /weed/s3api/s3api_server.go
parent: 508d06d9a5c763668ba149a8f1182e8552505c2b (diff)
download: seaweedfs-2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae.tar.xz
seaweedfs-2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae.zip
1 files changed, 8 insertions, 6 deletions
diff --git a/weed/s3api/s3api_server.go b/weed/s3api/s3api_server.go
index 5a06be720..053d4f56a 100644
--- a/weed/s3api/s3api_server.go
+++ b/weed/s3api/s3api_server.go
@@ -86,10 +86,11 @@ func NewS3ApiServerWithStore(router *mux.Router, option *S3ApiServerOption, expl
 		option.AllowedOrigins = domains
 	}
 
-	var iam *IdentityAccessManagement
-
-	iam = NewIdentityAccessManagementWithStore(option, explicitStore)
+	iam := NewIdentityAccessManagementWithStore(option, explicitStore)
 
+	// Initialize bucket policy engine first
+	policyEngine := NewBucketPolicyEngine()
+	
 	s3ApiServer = &S3ApiServer{
 		option:            option,
 		iam:               iam,
@@ -98,11 +99,12 @@ func NewS3ApiServerWithStore(router *mux.Router, option *S3ApiServerOption, expl
 		cb:                NewCircuitBreaker(option),
 		credentialManager: iam.credentialManager,
 		bucketConfigCache: NewBucketConfigCache(60 * time.Minute), // Increased TTL since cache is now event-driven
-		policyEngine:      NewBucketPolicyEngine(),                // Initialize bucket policy engine
+		policyEngine:      policyEngine,                           // Initialize bucket policy engine
 	}
 
-	// Link IAM back to server for bucket policy evaluation
-	iam.s3ApiServer = s3ApiServer
+	// Pass policy engine to IAM for bucket policy evaluation
+	// This avoids circular dependency by not passing the entire S3ApiServer
+	iam.policyEngine = policyEngine
 
 	// Initialize advanced IAM system if config is provided
 	if option.IamConfig != "" {
author	Chris Lu <chrislusf@users.noreply.github.com>	2025-11-12 23:46:52 -0800
committer	GitHub <noreply@github.com>	2025-11-12 23:46:52 -0800
commit	2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae (patch)
tree	fecb24a5439ab69f9b82f79c311305a082457e5e /weed/s3api/s3api_server.go
parent	508d06d9a5c763668ba149a8f1182e8552505c2b (diff)
download	seaweedfs-2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae.tar.xz seaweedfs-2a9d4d1e23a99ddbdd4b99d3ddc3ff78cdfdf7ae.zip