aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3_iam_middleware.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3_iam_middleware.go')
-rw-r--r--weed/s3api/s3_iam_middleware.go8
1 files changed, 4 insertions, 4 deletions
diff --git a/weed/s3api/s3_iam_middleware.go b/weed/s3api/s3_iam_middleware.go
index 857123d7b..230b2d2cb 100644
--- a/weed/s3api/s3_iam_middleware.go
+++ b/weed/s3api/s3_iam_middleware.go
@@ -139,7 +139,7 @@ func (s3iam *S3IAMIntegration) AuthenticateJWT(ctx context.Context, r *http.Requ
parts := strings.Split(roleName, "/")
roleNameOnly = parts[len(parts)-1]
}
- principalArn = fmt.Sprintf("arn:seaweed:sts::assumed-role/%s/%s", roleNameOnly, sessionName)
+ principalArn = fmt.Sprintf("arn:aws:sts::assumed-role/%s/%s", roleNameOnly, sessionName)
}
// Validate the JWT token directly using STS service (avoid circular dependency)
@@ -238,11 +238,11 @@ type MockAssumedRoleUser struct {
// buildS3ResourceArn builds an S3 resource ARN from bucket and object
func buildS3ResourceArn(bucket string, objectKey string) string {
if bucket == "" {
- return "arn:seaweed:s3:::*"
+ return "arn:aws:s3:::*"
}
if objectKey == "" || objectKey == "/" {
- return "arn:seaweed:s3:::" + bucket
+ return "arn:aws:s3:::" + bucket
}
// Remove leading slash from object key if present
@@ -250,7 +250,7 @@ func buildS3ResourceArn(bucket string, objectKey string) string {
objectKey = objectKey[1:]
}
- return "arn:seaweed:s3:::" + bucket + "/" + objectKey
+ return "arn:aws:s3:::" + bucket + "/" + objectKey
}
// determineGranularS3Action determines the specific S3 IAM action based on HTTP request details
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:13:20 +0000