aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/auth_credentials.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/auth_credentials.go')
-rw-r--r--weed/s3api/auth_credentials.go8
1 files changed, 4 insertions, 4 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index 7a6a706ff..85002377b 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -54,8 +54,8 @@ type IdentityAccessManagement struct {
// IAM Integration for advanced features
iamIntegration *S3IAMIntegration
- // Link to S3ApiServer for bucket policy evaluation
- s3ApiServer *S3ApiServer
+ // Bucket policy engine for evaluating bucket policies
+ policyEngine *BucketPolicyEngine
}
type Identity struct {
@@ -511,9 +511,9 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action)
// - Explicit DENY in bucket policy → immediate rejection
// - Explicit ALLOW in bucket policy → grant access (bypass IAM checks)
// - No policy or indeterminate → fall through to IAM checks
- if iam.s3ApiServer != nil && iam.s3ApiServer.policyEngine != nil && bucket != "" {
+ if iam.policyEngine != nil && bucket != "" {
principal := buildPrincipalARN(identity)
- allowed, evaluated, err := iam.s3ApiServer.policyEngine.EvaluatePolicy(bucket, object, string(action), principal)
+ allowed, evaluated, err := iam.policyEngine.EvaluatePolicy(bucket, object, string(action), principal)
if err != nil {
// SECURITY: Fail-close on policy evaluation errors
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 06:53:00 +0000