ownerAccountID

3 days ago · 1697ec862f
7 changed files with 57 additions and 58 deletions
--- a/weed/s3api/s3tables/handler_bucket_create.go
+++ b/weed/s3api/s3tables/handler_bucket_create.go
@ -76,9 +76,9 @@ func (h *S3TablesHandler) handleCreateTableBucket(w http.ResponseWriter, r *http
 	// Create the bucket directory and set metadata as extended attributes
 	now := time.Now()
 	metadata := &tableBucketMetadata{
-		Name:      req.Name,
-		CreatedAt: now,
-		OwnerID:   h.getAccountID(r),
+		Name:           req.Name,
+		CreatedAt:      now,
+		OwnerAccountID: h.getAccountID(r),
 	}

 	metadataBytes, err := json.Marshal(metadata)
--- a/weed/s3api/s3tables/handler_bucket_get_list_delete.go
+++ b/weed/s3api/s3tables/handler_bucket_get_list_delete.go
@ -57,7 +57,7 @@ func (h *S3TablesHandler) handleGetTableBucket(w http.ResponseWriter, r *http.Re

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanGetTableBucket(principal, metadata.OwnerID) {
+	if !CanGetTableBucket(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to get table bucket details")
 		return NewAuthError("GetTableBucket", principal, "not authorized to get table bucket details")
 	}
@ -65,7 +65,7 @@ func (h *S3TablesHandler) handleGetTableBucket(w http.ResponseWriter, r *http.Re
 	resp := &GetTableBucketResponse{
 		ARN:            h.generateTableBucketARN(r, bucketName),
 		Name:           metadata.Name,
-		OwnerAccountID: metadata.OwnerID,
+		OwnerAccountID: metadata.OwnerAccountID,
 		CreatedAt:      metadata.CreatedAt,
 	}

@ -245,7 +245,7 @@ func (h *S3TablesHandler) handleDeleteTableBucket(w http.ResponseWriter, r *http

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanDeleteTableBucket(principal, metadata.OwnerID) {
+	if !CanDeleteTableBucket(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to delete table bucket")
 		return NewAuthError("DeleteTableBucket", principal, "not authorized to delete table bucket")
 	}
--- a/weed/s3api/s3tables/handler_namespace.go
+++ b/weed/s3api/s3tables/handler_namespace.go
@ -67,7 +67,7 @@ func (h *S3TablesHandler) handleCreateNamespace(w http.ResponseWriter, r *http.R

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanCreateNamespace(principal, bucketMetadata.OwnerID) {
+	if !CanCreateNamespace(principal, bucketMetadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create namespace")
 		return NewAuthError("CreateNamespace", principal, "not authorized to create namespace")
 	}
@ -91,9 +91,9 @@ func (h *S3TablesHandler) handleCreateNamespace(w http.ResponseWriter, r *http.R
 	// Create the namespace
 	now := time.Now()
 	metadata := &namespaceMetadata{
-		Namespace: req.Namespace,
-		CreatedAt: now,
-		OwnerID:   h.getAccountID(r),
+		Namespace:      req.Namespace,
+		CreatedAt:      now,
+		OwnerAccountID: h.getAccountID(r),
 	}

 	metadataBytes, err := json.Marshal(metadata)
@ -178,7 +178,7 @@ func (h *S3TablesHandler) handleGetNamespace(w http.ResponseWriter, r *http.Requ

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanGetNamespace(principal, metadata.OwnerID) {
+	if !CanGetNamespace(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to get namespace details")
 		return NewAuthError("GetNamespace", principal, "not authorized to get namespace details")
 	}
@ -186,7 +186,7 @@ func (h *S3TablesHandler) handleGetNamespace(w http.ResponseWriter, r *http.Requ
 	resp := &GetNamespaceResponse{
 		Namespace:      metadata.Namespace,
 		CreatedAt:      metadata.CreatedAt,
-		OwnerAccountID: metadata.OwnerID,
+		OwnerAccountID: metadata.OwnerAccountID,
 	}

 	h.writeJSON(w, http.StatusOK, resp)
@ -242,7 +242,7 @@ func (h *S3TablesHandler) handleListNamespaces(w http.ResponseWriter, r *http.Re
 	}

 	principal := h.getPrincipalFromRequest(r)
-	if !CanListNamespaces(principal, bucketMetadata.OwnerID) {
+	if !CanListNamespaces(principal, bucketMetadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to list namespaces")
 		return NewAuthError("ListNamespaces", principal, "not authorized to list namespaces")
 	}
@ -400,7 +400,7 @@ func (h *S3TablesHandler) handleDeleteNamespace(w http.ResponseWriter, r *http.R

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanDeleteNamespace(principal, metadata.OwnerID) {
+	if !CanDeleteNamespace(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to delete namespace")
 		return NewAuthError("DeleteNamespace", principal, "not authorized to delete namespace")
 	}
--- a/weed/s3api/s3tables/handler_policy.go
+++ b/weed/s3api/s3tables/handler_policy.go
@ -59,7 +59,7 @@ func (h *S3TablesHandler) handlePutTableBucketPolicy(w http.ResponseWriter, r *h

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanPutTableBucketPolicy(principal, bucketMetadata.OwnerID) {
+	if !CanPutTableBucketPolicy(principal, bucketMetadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to put table bucket policy")
 		return NewAuthError("PutTableBucketPolicy", principal, "not authorized to put table bucket policy")
 	}
@ -132,7 +132,7 @@ func (h *S3TablesHandler) handleGetTableBucketPolicy(w http.ResponseWriter, r *h

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanGetTableBucketPolicy(principal, bucketMetadata.OwnerID) {
+	if !CanGetTableBucketPolicy(principal, bucketMetadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to get table bucket policy")
 		return NewAuthError("GetTableBucketPolicy", principal, "not authorized to get table bucket policy")
 	}
@ -190,7 +190,7 @@ func (h *S3TablesHandler) handleDeleteTableBucketPolicy(w http.ResponseWriter, r

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanDeleteTableBucketPolicy(principal, bucketMetadata.OwnerID) {
+	if !CanDeleteTableBucketPolicy(principal, bucketMetadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to delete table bucket policy")
 		return NewAuthError("DeleteTableBucketPolicy", principal, "not authorized to delete table bucket policy")
 	}
@ -270,7 +270,7 @@ func (h *S3TablesHandler) handlePutTablePolicy(w http.ResponseWriter, r *http.Re

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanPutTablePolicy(principal, metadata.OwnerID) {
+	if !CanPutTablePolicy(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to put table policy")
 		return NewAuthError("PutTablePolicy", principal, "not authorized to put table policy")
 	}
@ -354,7 +354,7 @@ func (h *S3TablesHandler) handleGetTablePolicy(w http.ResponseWriter, r *http.Re

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanGetTablePolicy(principal, metadata.OwnerID) {
+	if !CanGetTablePolicy(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to get table policy")
 		return NewAuthError("GetTablePolicy", principal, "not authorized to get table policy")
 	}
@ -423,7 +423,7 @@ func (h *S3TablesHandler) handleDeleteTablePolicy(w http.ResponseWriter, r *http

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanDeleteTablePolicy(principal, metadata.OwnerID) {
+	if !CanDeleteTablePolicy(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to delete table policy")
 		return NewAuthError("DeleteTablePolicy", principal, "not authorized to delete table policy")
 	}
@ -475,24 +475,24 @@ func (h *S3TablesHandler) handleTagResource(w http.ResponseWriter, r *http.Reque
 			return err
 		}

-		var ownerID string
+		var ownerAccountID string
 		if rType == ResourceTypeTable {
 			var meta tableMetadataInternal
 			if err := json.Unmarshal(data, &meta); err != nil {
 				return err
 			}
-			ownerID = meta.OwnerID
+			ownerAccountID = meta.OwnerAccountID
 		} else {
 			var meta tableBucketMetadata
 			if err := json.Unmarshal(data, &meta); err != nil {
 				return err
 			}
-			ownerID = meta.OwnerID
+			ownerAccountID = meta.OwnerAccountID
 		}

 		// Check Permission inside the closure because we just got the ID
 		principal := h.getPrincipalFromRequest(r)
-		if !CanManageTags(principal, ownerID) {
+		if !CanManageTags(principal, ownerAccountID) {
 			return NewAuthError("TagResource", principal, "not authorized to tag resource")
 		}

@ -574,24 +574,24 @@ func (h *S3TablesHandler) handleListTagsForResource(w http.ResponseWriter, r *ht
 			return err
 		}

-		var ownerID string
+		var ownerAccountID string
 		if rType == ResourceTypeTable {
 			var meta tableMetadataInternal
 			if err := json.Unmarshal(data, &meta); err != nil {
 				return err
 			}
-			ownerID = meta.OwnerID
+			ownerAccountID = meta.OwnerAccountID
 		} else {
 			var meta tableBucketMetadata
 			if err := json.Unmarshal(data, &meta); err != nil {
 				return err
 			}
-			ownerID = meta.OwnerID
+			ownerAccountID = meta.OwnerAccountID
 		}

 		// Check Permission
 		principal := h.getPrincipalFromRequest(r)
-		if !CheckPermission("ListTagsForResource", principal, ownerID) {
+		if !CheckPermission("ListTagsForResource", principal, ownerAccountID) {
 			return NewAuthError("ListTagsForResource", principal, "not authorized to list tags for resource")
 		}

@ -661,24 +661,24 @@ func (h *S3TablesHandler) handleUntagResource(w http.ResponseWriter, r *http.Req
 			return err
 		}

-		var ownerID string
+		var ownerAccountID string
 		if rType == ResourceTypeTable {
 			var meta tableMetadataInternal
 			if err := json.Unmarshal(data, &meta); err != nil {
 				return err
 			}
-			ownerID = meta.OwnerID
+			ownerAccountID = meta.OwnerAccountID
 		} else {
 			var meta tableBucketMetadata
 			if err := json.Unmarshal(data, &meta); err != nil {
 				return err
 			}
-			ownerID = meta.OwnerID
+			ownerAccountID = meta.OwnerAccountID
 		}

 		// Check Permission
 		principal := h.getPrincipalFromRequest(r)
-		if !CanManageTags(principal, ownerID) {
+		if !CanManageTags(principal, ownerAccountID) {
 			return NewAuthError("UntagResource", principal, "not authorized to untag resource")
 		}

--- a/weed/s3api/s3tables/handler_table.go
+++ b/weed/s3api/s3tables/handler_table.go
@ -87,7 +87,7 @@ func (h *S3TablesHandler) handleCreateTable(w http.ResponseWriter, r *http.Reque

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanCreateTable(principal, namespaceMetadata.OwnerID) {
+	if !CanCreateTable(principal, namespaceMetadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create table")
 		return NewAuthError("CreateTable", principal, "not authorized to create table")
 	}
@ -113,14 +113,14 @@ func (h *S3TablesHandler) handleCreateTable(w http.ResponseWriter, r *http.Reque
 	versionToken := generateVersionToken()

 	metadata := &tableMetadataInternal{
-		Name:         tableName,
-		Namespace:    namespaceName,
-		Format:       req.Format,
-		CreatedAt:    now,
-		ModifiedAt:   now,
-		OwnerID:      h.getAccountID(r),
-		VersionToken: versionToken,
-		Schema:       req.Metadata,
+		Name:           tableName,
+		Namespace:      namespaceName,
+		Format:         req.Format,
+		CreatedAt:      now,
+		ModifiedAt:     now,
+		OwnerAccountID: h.getAccountID(r),
+		VersionToken:   versionToken,
+		Schema:         req.Metadata,
 	}

 	metadataBytes, err := json.Marshal(metadata)
@ -241,7 +241,7 @@ func (h *S3TablesHandler) handleGetTable(w http.ResponseWriter, r *http.Request,

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanGetTable(principal, metadata.OwnerID) {
+	if !CanGetTable(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to get table")
 		return NewAuthError("GetTable", principal, "not authorized to get table")
 	}
@ -255,7 +255,7 @@ func (h *S3TablesHandler) handleGetTable(w http.ResponseWriter, r *http.Request,
 		Format:           metadata.Format,
 		CreatedAt:        metadata.CreatedAt,
 		ModifiedAt:       metadata.ModifiedAt,
-		OwnerAccountID:   metadata.OwnerID,
+		OwnerAccountID:   metadata.OwnerAccountID,
 		MetadataLocation: metadata.MetadataLocation,
 		VersionToken:     metadata.VersionToken,
 	}
@ -311,7 +311,7 @@ func (h *S3TablesHandler) handleListTables(w http.ResponseWriter, r *http.Reques
 				return err
 			}
 			principal := h.getPrincipalFromRequest(r)
-			if !CanListTables(principal, nsMeta.OwnerID) {
+			if !CanListTables(principal, nsMeta.OwnerAccountID) {
 				return NewAuthError("ListTables", principal, "not authorized to list tables")
 			}

@ -328,7 +328,7 @@ func (h *S3TablesHandler) handleListTables(w http.ResponseWriter, r *http.Reques
 				return err
 			}
 			principal := h.getPrincipalFromRequest(r)
-			if !CanListTables(principal, bucketMeta.OwnerID) {
+			if !CanListTables(principal, bucketMeta.OwnerAccountID) {
 				return NewAuthError("ListTables", principal, "not authorized to list tables")
 			}

@ -603,7 +603,7 @@ func (h *S3TablesHandler) handleDeleteTable(w http.ResponseWriter, r *http.Reque

 	// Check permission
 	principal := h.getPrincipalFromRequest(r)
-	if !CanDeleteTable(principal, metadata.OwnerID) {
+	if !CanDeleteTable(principal, metadata.OwnerAccountID) {
 		h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to delete table")
 		return NewAuthError("DeleteTable", principal, "not authorized to delete table")
 	}
--- a/weed/s3api/s3tables/types.go
+++ b/weed/s3api/s3tables/types.go
@ -5,10 +5,10 @@ import "time"
 // Table bucket types

 type TableBucket struct {
-	ARN       string    `json:"arn"`
-	Name      string    `json:"name"`
-	OwnerID   string    `json:"ownerAccountId"`
-	CreatedAt time.Time `json:"createdAt"`
+	ARN            string    `json:"arn"`
+	Name           string    `json:"name"`
+	OwnerAccountID string    `json:"ownerAccountId"`
+	CreatedAt      time.Time `json:"createdAt"`
 }

 type CreateTableBucketRequest struct {
--- a/weed/s3api/s3tables/utils.go
+++ b/weed/s3api/s3tables/utils.go
@ -71,18 +71,17 @@ func getTablePath(bucketName, namespace, tableName string) string {

 // Metadata structures

-// tableBucketMetadata stores metadata for a table bucket
 type tableBucketMetadata struct {
-	Name      string    `json:"name"`
-	CreatedAt time.Time `json:"createdAt"`
-	OwnerID   string    `json:"ownerAccountId"`
+	Name           string    `json:"name"`
+	CreatedAt      time.Time `json:"createdAt"`
+	OwnerAccountID string    `json:"ownerAccountId"`
 }

 // namespaceMetadata stores metadata for a namespace
 type namespaceMetadata struct {
-	Namespace []string  `json:"namespace"`
-	CreatedAt time.Time `json:"createdAt"`
-	OwnerID   string    `json:"ownerAccountId"`
+	Namespace      []string  `json:"namespace"`
+	CreatedAt      time.Time `json:"createdAt"`
+	OwnerAccountID string    `json:"ownerAccountId"`
 }

 // tableMetadataInternal stores metadata for a table
@ -92,7 +91,7 @@ type tableMetadataInternal struct {
 	Format           string         `json:"format"`
 	CreatedAt        time.Time      `json:"createdAt"`
 	ModifiedAt       time.Time      `json:"modifiedAt"`
-	OwnerID          string         `json:"ownerAccountId"`
+	OwnerAccountID   string         `json:"ownerAccountId"`
 	VersionToken     string         `json:"versionToken"`
 	MetadataLocation string         `json:"metadataLocation,omitempty"`
 	Schema           *TableMetadata `json:"metadata,omitempty"`