aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3api_server.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3api_server.go')
-rw-r--r--weed/s3api/s3api_server.go13
1 files changed, 12 insertions, 1 deletions
diff --git a/weed/s3api/s3api_server.go b/weed/s3api/s3api_server.go
index 5af274970..e21886c57 100644
--- a/weed/s3api/s3api_server.go
+++ b/weed/s3api/s3api_server.go
@@ -473,12 +473,23 @@ func loadIAMManagerFromConfig(configPath string, filerAddressProvider func() str
return nil, fmt.Errorf("failed to parse config: %w", err)
}
+ // Ensure a valid policy engine config exists
+ if configRoot.Policy == nil {
+ // Provide a secure default if not specified in the config file
+ // Default to Deny with in-memory store so that JSON-defined policies work without filer
+ glog.V(0).Infof("No policy engine config provided; using defaults (DefaultEffect=%s, StoreType=%s)", sts.EffectDeny, sts.StoreTypeMemory)
+ configRoot.Policy = &policy.PolicyEngineConfig{
+ DefaultEffect: sts.EffectDeny,
+ StoreType: sts.StoreTypeMemory,
+ }
+ }
+
// Create IAM configuration
iamConfig := &integration.IAMConfig{
STS: configRoot.STS,
Policy: configRoot.Policy,
Roles: &integration.RoleStoreConfig{
- StoreType: "memory", // Use memory store for JSON config-based setup
+ StoreType: sts.StoreTypeMemory, // Use memory store for JSON config-based setup
},
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 02:53:38 +0000