aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/policy_engine/conditions.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/policy_engine/conditions.go')
-rw-r--r--weed/s3api/policy_engine/conditions.go10
1 files changed, 4 insertions, 6 deletions
diff --git a/weed/s3api/policy_engine/conditions.go b/weed/s3api/policy_engine/conditions.go
index feb582e89..ffbae51e6 100644
--- a/weed/s3api/policy_engine/conditions.go
+++ b/weed/s3api/policy_engine/conditions.go
@@ -10,6 +10,7 @@ import (
"time"
"github.com/seaweedfs/seaweedfs/weed/glog"
+ "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
)
// LRUNode represents a node in the doubly-linked list for efficient LRU operations
@@ -705,12 +706,9 @@ func GetConditionEvaluator(operator string) (ConditionEvaluator, error) {
}
}
-// ExistingObjectTagPrefix is the prefix for object tag condition keys
+// ExistingObjectTagPrefix is the prefix for S3 policy condition keys
const ExistingObjectTagPrefix = "s3:ExistingObjectTag/"
-// ObjectTagMetadataPrefix is the prefix used to store tags in entry.Extended
-const ObjectTagMetadataPrefix = "X-Amz-Tagging-"
-
// EvaluateConditions evaluates all conditions in a policy statement
// objectEntry is the object's metadata from entry.Extended (can be nil)
func EvaluateConditions(conditions PolicyConditions, contextValues map[string][]string, objectEntry map[string][]byte) bool {
@@ -733,7 +731,7 @@ func EvaluateConditions(conditions PolicyConditions, contextValues map[string][]
if strings.HasPrefix(key, ExistingObjectTagPrefix) {
// Extract tag value from entry.Extended using the tag prefix
tagKey := key[len(ExistingObjectTagPrefix):]
- metadataKey := ObjectTagMetadataPrefix + tagKey
+ metadataKey := s3_constants.AmzObjectTaggingPrefix + tagKey
if objectEntry != nil {
if tagValue, exists := objectEntry[metadataKey]; exists {
contextVals = []string{string(tagValue)}
@@ -784,7 +782,7 @@ func EvaluateConditionsLegacy(conditions map[string]interface{}, contextValues m
// Handle s3:ExistingObjectTag/<tag-key> condition keys
if strings.HasPrefix(key, ExistingObjectTagPrefix) {
tagKey := key[len(ExistingObjectTagPrefix):]
- metadataKey := ObjectTagMetadataPrefix + tagKey
+ metadataKey := s3_constants.AmzObjectTaggingPrefix + tagKey
if objectEntry != nil {
if tagValue, exists := objectEntry[metadataKey]; exists {
contextVals = []string{string(tagValue)}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:22:59 +0000