Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7314 Commits
37 Branches
296 Tags
161 MiB
Tree: 44c840f498
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '44c840f498'
${ noResults }
seaweedfs/weed/s3api/s3api_server.go

227 lines
10 KiB
Raw Normal View History

add list all my buckets
7 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
s3: use bucket in the domain fix https://github.com/chrislusf/seaweedfs/issues/1405
4 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
support acl
5 years ago
multiplate DomainNames through comma
4 years ago
s3: subscribe to s3.configure changes
4 years ago
support acl
5 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
merge master, resolve conflicts
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add list all my buckets
7 years ago
adding grpc mutual tls
6 years ago
add list all my buckets
7 years ago
change server address from string to a type
3 years ago
s3: use bucket in the domain fix https://github.com/chrislusf/seaweedfs/issues/1405
4 years ago
support acl
5 years ago
add list all my buckets
7 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
adding grpc mutual tls
6 years ago
s3: add option for "alllowEmptyFolder"
4 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
add list all my buckets
7 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
add list all my buckets
7 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
add list all my buckets
7 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
add list all my buckets
7 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
add list all my buckets
7 years ago
s3: subscribe to s3.configure changes
4 years ago
add list all my buckets
7 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
add list all my buckets
7 years ago
multiplate DomainNames through comma
4 years ago
add list all my buckets
7 years ago
add s3 upload, and removing mono and multi part upload analyzer removing mono and multi part upload analyzer, which were used just to determine the file name
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV2Handler
7 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
use backticks instead of double quotes to avoid escaped additionally in regex
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
add place holders for multiplarts upload
6 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
add place holders for multiplarts upload
6 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
refactoring
4 years ago
working S3 multipart uploads
6 years ago
refactoring
4 years ago
s3 add HEAD DELETE
7 years ago
refactoring
4 years ago
add list all my buckets
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV1
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add support for PostPolicy fix https://github.com/chrislusf/seaweedfs/issues/1426
4 years ago
preparing to support S3 multipart uploads
6 years ago
refactoring
4 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
fix DeleteBucketLifecycleConfiguration
3 years ago
s3: skip permission checking for creating bucket if the bucket already exists fix https://github.com/chrislusf/seaweedfs/issues/2417 Rclone was trying to create the bucket even though the bucket already exists.
3 years ago
fix DeleteBucketLifecycleConfiguration
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add list all my buckets
7 years ago
s3: support config action Admin:bucket
4 years ago
add list all my buckets
7 years ago
refactor
4 years ago
add list all my buckets
7 years ago
  1. package s3api
  3. import (
  4. "context"
  5. "fmt"
  6. "net"
  7. "net/http"
  8. "strings"
  9. "time"
  11. "github.com/chrislusf/seaweedfs/weed/filer"
  12. "github.com/chrislusf/seaweedfs/weed/pb"
  13. . "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
  14. "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
  15. "github.com/chrislusf/seaweedfs/weed/security"
  16. "github.com/chrislusf/seaweedfs/weed/util"
  17. "github.com/gorilla/mux"
  18. "google.golang.org/grpc"
  19. )
  21. type S3ApiServerOption struct {
  22. Filer pb.ServerAddress
  23. Port int
  24. Config string
  25. DomainName string
  26. BucketsPath string
  27. GrpcDialOption grpc.DialOption
  28. AllowEmptyFolder bool
  29. LocalFilerSocket *string
  30. }
  32. type S3ApiServer struct {
  33. option *S3ApiServerOption
  34. iam *IdentityAccessManagement
  35. randomClientId int32
  36. filerGuard *security.Guard
  37. client *http.Client
  38. }
  40. func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
  41. v := util.GetViper()
  42. signingKey := v.GetString("jwt.filer_signing.key")
  43. v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
  44. expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
  46. readSigningKey := v.GetString("jwt.filer_signing.read.key")
  47. v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
  48. readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
  50. s3ApiServer = &S3ApiServer{
  51. option: option,
  52. iam: NewIdentityAccessManagement(option),
  53. randomClientId: util.RandomInt32(),
  54. filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
  55. }
  56. if option.LocalFilerSocket == nil {
  57. s3ApiServer.client = &http.Client{Transport: &http.Transport{
  58. MaxIdleConns: 1024,
  59. MaxIdleConnsPerHost: 1024,
  60. }}
  61. } else {
  62. s3ApiServer.client = &http.Client{
  63. Transport: &http.Transport{
  64. DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
  65. return net.Dial("unix", *option.LocalFilerSocket)
  66. },
  67. },
  68. }
  69. }
  71. s3ApiServer.registerRouter(router)
  73. go s3ApiServer.subscribeMetaEvents("s3", filer.IamConfigDirecotry+"/"+filer.IamIdentityFile, time.Now().UnixNano())
  74. return s3ApiServer, nil
  75. }
  77. func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
  78. // API Router
  79. apiRouter := router.PathPrefix("/").Subrouter()
  81. // Readiness Probe
  82. apiRouter.Methods("GET").Path("/status").HandlerFunc(s3a.StatusHandler)
  84. var routers []*mux.Router
  85. if s3a.option.DomainName != "" {
  86. domainNames := strings.Split(s3a.option.DomainName, ",")
  87. for _, domainName := range domainNames {
  88. routers = append(routers, apiRouter.Host(
  89. fmt.Sprintf("%s.%s:%d", "{bucket:.+}", domainName, s3a.option.Port)).Subrouter())
  90. routers = append(routers, apiRouter.Host(
  91. fmt.Sprintf("%s.%s", "{bucket:.+}", domainName)).Subrouter())
  92. }
  93. }
  94. routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter())
  96. for _, bucket := range routers {
  98. // each case should follow the next rule:
  99. // - requesting object with query must precede any other methods
  100. // - requesting object must precede any methods with buckets
  101. // - requesting bucket with query must precede raw methods with buckets
  102. // - requesting bucket must be processed in the end
  104. // objects with query
  106. // CopyObjectPart
  107. bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.CopyObjectPartHandler, ACTION_WRITE), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  108. // PutObjectPart
  109. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectPartHandler, ACTION_WRITE), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  110. // CompleteMultipartUpload
  111. bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.CompleteMultipartUploadHandler, ACTION_WRITE), "POST")).Queries("uploadId", "{uploadId:.*}")
  112. // NewMultipartUpload
  113. bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.NewMultipartUploadHandler, ACTION_WRITE), "POST")).Queries("uploads", "")
  114. // AbortMultipartUpload
  115. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.AbortMultipartUploadHandler, ACTION_WRITE), "DELETE")).Queries("uploadId", "{uploadId:.*}")
  116. // ListObjectParts
  117. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.ListObjectPartsHandler, ACTION_READ), "GET")).Queries("uploadId", "{uploadId:.*}")
  118. // ListMultipartUploads
  119. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.ListMultipartUploadsHandler, ACTION_READ), "GET")).Queries("uploads", "")
  121. // GetObjectTagging
  122. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.GetObjectTaggingHandler, ACTION_READ), "GET")).Queries("tagging", "")
  123. // PutObjectTagging
  124. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectTaggingHandler, ACTION_TAGGING), "PUT")).Queries("tagging", "")
  125. // DeleteObjectTagging
  126. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING), "DELETE")).Queries("tagging", "")
  128. // PutObjectACL
  129. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectAclHandler, ACTION_WRITE), "PUT")).Queries("acl", "")
  130. // PutObjectRetention
  131. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectRetentionHandler, ACTION_WRITE), "PUT")).Queries("retention", "")
  132. // PutObjectLegalHold
  133. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectLegalHoldHandler, ACTION_WRITE), "PUT")).Queries("legal-hold", "")
  134. // PutObjectLockConfiguration
  135. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE), "PUT")).Queries("object-lock", "")
  137. // GetObjectACL
  138. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.GetObjectAclHandler, ACTION_READ), "GET")).Queries("acl", "")
  140. // objects with query
  142. // raw objects
  144. // HeadObject
  145. bucket.Methods("HEAD").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.HeadObjectHandler, ACTION_READ), "GET"))
  147. // GetObject, but directory listing is not supported
  148. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.GetObjectHandler, ACTION_READ), "GET"))
  150. // CopyObject
  151. bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.CopyObjectHandler, ACTION_WRITE), "COPY"))
  152. // PutObject
  153. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectHandler, ACTION_WRITE), "PUT"))
  154. // DeleteObject
  155. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteObjectHandler, ACTION_WRITE), "DELETE"))
  157. // raw objects
  159. // buckets with query
  161. // DeleteMultipleObjects
  162. bucket.Methods("POST").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE), "DELETE")).Queries("delete", "")
  164. // GetBucketACL
  165. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketAclHandler, ACTION_READ), "GET")).Queries("acl", "")
  166. // PutBucketACL
  167. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketAclHandler, ACTION_WRITE), "PUT")).Queries("acl", "")
  169. // GetBucketPolicy
  170. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketPolicyHandler, ACTION_READ), "GET")).Queries("policy", "")
  171. // PutBucketPolicy
  172. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketPolicyHandler, ACTION_WRITE), "PUT")).Queries("policy", "")
  173. // DeleteBucketPolicy
  174. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketPolicyHandler, ACTION_WRITE), "DELETE")).Queries("policy", "")
  176. // GetBucketCors
  177. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketCorsHandler, ACTION_READ), "GET")).Queries("cors", "")
  178. // PutBucketCors
  179. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketCorsHandler, ACTION_WRITE), "PUT")).Queries("cors", "")
  180. // DeleteBucketCors
  181. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketCorsHandler, ACTION_WRITE), "DELETE")).Queries("cors", "")
  183. // GetBucketLifecycleConfiguration
  184. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ), "GET")).Queries("lifecycle", "")
  185. // PutBucketLifecycleConfiguration
  186. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE), "PUT")).Queries("lifecycle", "")
  187. // DeleteBucketLifecycleConfiguration
  188. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE), "DELETE")).Queries("lifecycle", "")
  190. // GetBucketLocation
  191. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketLocationHandler, ACTION_READ), "GET")).Queries("location", "")
  193. // GetBucketRequestPayment
  194. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketRequestPaymentHandler, ACTION_READ), "GET")).Queries("requestPayment", "")
  196. // ListObjectsV2
  197. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.ListObjectsV2Handler, ACTION_LIST), "LIST")).Queries("list-type", "2")
  199. // buckets with query
  201. // raw buckets
  203. // PostPolicy
  204. bucket.Methods("POST").HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.PostPolicyBucketHandler, ACTION_WRITE), "POST"))
  206. // HeadBucket
  207. bucket.Methods("HEAD").HandlerFunc(track(s3a.iam.Auth(s3a.HeadBucketHandler, ACTION_READ), "GET"))
  209. // PutBucket
  210. bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
  211. // DeleteBucket
  212. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketHandler, ACTION_WRITE), "DELETE"))
  214. // ListObjectsV1 (Legacy)
  215. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.ListObjectsV1Handler, ACTION_LIST), "LIST"))
  217. // raw buckets
  219. }
  221. // ListBuckets
  222. apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.ListBucketsHandler, "LIST"))
  224. // NotFound
  225. apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
  227. }