aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3_constants/s3_action_strings.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3_constants/s3_action_strings.go')
-rw-r--r--weed/s3api/s3_constants/s3_action_strings.go84
1 files changed, 84 insertions, 0 deletions
diff --git a/weed/s3api/s3_constants/s3_action_strings.go b/weed/s3api/s3_constants/s3_action_strings.go
new file mode 100644
index 000000000..c7d5541c9
--- /dev/null
+++ b/weed/s3api/s3_constants/s3_action_strings.go
@@ -0,0 +1,84 @@
+package s3_constants
+
+// S3 action strings for bucket policy evaluation
+// These match the official AWS S3 action format used in IAM and bucket policies
+const (
+ // Object operations
+ S3_ACTION_GET_OBJECT = "s3:GetObject"
+ S3_ACTION_PUT_OBJECT = "s3:PutObject"
+ S3_ACTION_DELETE_OBJECT = "s3:DeleteObject"
+ S3_ACTION_DELETE_OBJECT_VERSION = "s3:DeleteObjectVersion"
+ S3_ACTION_GET_OBJECT_VERSION = "s3:GetObjectVersion"
+
+ // Object ACL operations
+ S3_ACTION_GET_OBJECT_ACL = "s3:GetObjectAcl"
+ S3_ACTION_PUT_OBJECT_ACL = "s3:PutObjectAcl"
+
+ // Object tagging operations
+ S3_ACTION_GET_OBJECT_TAGGING = "s3:GetObjectTagging"
+ S3_ACTION_PUT_OBJECT_TAGGING = "s3:PutObjectTagging"
+ S3_ACTION_DELETE_OBJECT_TAGGING = "s3:DeleteObjectTagging"
+
+ // Object retention and legal hold
+ S3_ACTION_GET_OBJECT_RETENTION = "s3:GetObjectRetention"
+ S3_ACTION_PUT_OBJECT_RETENTION = "s3:PutObjectRetention"
+ S3_ACTION_GET_OBJECT_LEGAL_HOLD = "s3:GetObjectLegalHold"
+ S3_ACTION_PUT_OBJECT_LEGAL_HOLD = "s3:PutObjectLegalHold"
+ S3_ACTION_BYPASS_GOVERNANCE = "s3:BypassGovernanceRetention"
+
+ // Multipart upload operations
+ S3_ACTION_CREATE_MULTIPART = "s3:CreateMultipartUpload"
+ S3_ACTION_UPLOAD_PART = "s3:UploadPart"
+ S3_ACTION_COMPLETE_MULTIPART = "s3:CompleteMultipartUpload"
+ S3_ACTION_ABORT_MULTIPART = "s3:AbortMultipartUpload"
+ S3_ACTION_LIST_PARTS = "s3:ListMultipartUploadParts"
+
+ // Bucket operations
+ S3_ACTION_CREATE_BUCKET = "s3:CreateBucket"
+ S3_ACTION_DELETE_BUCKET = "s3:DeleteBucket"
+ S3_ACTION_LIST_BUCKET = "s3:ListBucket"
+ S3_ACTION_LIST_BUCKET_VERSIONS = "s3:ListBucketVersions"
+ S3_ACTION_LIST_MULTIPART_UPLOADS = "s3:ListBucketMultipartUploads"
+
+ // Bucket ACL operations
+ S3_ACTION_GET_BUCKET_ACL = "s3:GetBucketAcl"
+ S3_ACTION_PUT_BUCKET_ACL = "s3:PutBucketAcl"
+
+ // Bucket policy operations
+ S3_ACTION_GET_BUCKET_POLICY = "s3:GetBucketPolicy"
+ S3_ACTION_PUT_BUCKET_POLICY = "s3:PutBucketPolicy"
+ S3_ACTION_DELETE_BUCKET_POLICY = "s3:DeleteBucketPolicy"
+
+ // Bucket tagging operations
+ S3_ACTION_GET_BUCKET_TAGGING = "s3:GetBucketTagging"
+ S3_ACTION_PUT_BUCKET_TAGGING = "s3:PutBucketTagging"
+ S3_ACTION_DELETE_BUCKET_TAGGING = "s3:DeleteBucketTagging"
+
+ // Bucket CORS operations
+ S3_ACTION_GET_BUCKET_CORS = "s3:GetBucketCors"
+ S3_ACTION_PUT_BUCKET_CORS = "s3:PutBucketCors"
+ S3_ACTION_DELETE_BUCKET_CORS = "s3:DeleteBucketCors"
+
+ // Bucket lifecycle operations
+ // Note: Both PUT and DELETE lifecycle operations use s3:PutLifecycleConfiguration
+ S3_ACTION_GET_BUCKET_LIFECYCLE = "s3:GetLifecycleConfiguration"
+ S3_ACTION_PUT_BUCKET_LIFECYCLE = "s3:PutLifecycleConfiguration"
+
+ // Bucket versioning operations
+ S3_ACTION_GET_BUCKET_VERSIONING = "s3:GetBucketVersioning"
+ S3_ACTION_PUT_BUCKET_VERSIONING = "s3:PutBucketVersioning"
+
+ // Bucket location
+ S3_ACTION_GET_BUCKET_LOCATION = "s3:GetBucketLocation"
+
+ // Bucket notification
+ S3_ACTION_GET_BUCKET_NOTIFICATION = "s3:GetBucketNotification"
+ S3_ACTION_PUT_BUCKET_NOTIFICATION = "s3:PutBucketNotification"
+
+ // Bucket object lock operations
+ S3_ACTION_GET_BUCKET_OBJECT_LOCK = "s3:GetBucketObjectLockConfiguration"
+ S3_ACTION_PUT_BUCKET_OBJECT_LOCK = "s3:PutBucketObjectLockConfiguration"
+
+ // Wildcard for all S3 actions
+ S3_ACTION_ALL = "s3:*"
+)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 03:29:11 +0000