aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/policy_engine/integration.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/policy_engine/integration.go')
-rw-r--r--weed/s3api/policy_engine/integration.go14
1 files changed, 13 insertions, 1 deletions
diff --git a/weed/s3api/policy_engine/integration.go b/weed/s3api/policy_engine/integration.go
index 9c4bee9e4..17bcec112 100644
--- a/weed/s3api/policy_engine/integration.go
+++ b/weed/s3api/policy_engine/integration.go
@@ -196,7 +196,19 @@ func convertSingleAction(action, bucketName string) (*PolicyStatement, error) {
case "List":
s3Actions = []string{"s3:ListBucket", "s3:ListBucketVersions"}
- resources = []string{fmt.Sprintf("arn:aws:s3:::%s", resourcePattern)}
+ if strings.HasSuffix(resourcePattern, "/*") {
+ // Object-level list access - extract bucket from "bucket/prefix/*" pattern
+ patternWithoutWildcard := strings.TrimSuffix(resourcePattern, "/*")
+ parts := strings.SplitN(patternWithoutWildcard, "/", 2)
+ bucket := parts[0]
+ resources = []string{
+ fmt.Sprintf("arn:aws:s3:::%s", bucket),
+ fmt.Sprintf("arn:aws:s3:::%s/*", bucket),
+ }
+ } else {
+ // Bucket-level list access
+ resources = []string{fmt.Sprintf("arn:aws:s3:::%s", resourcePattern)}
+ }
case "Tagging":
s3Actions = []string{"s3:GetObjectTagging", "s3:PutObjectTagging", "s3:DeleteObjectTagging"}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 10:48:43 +0000