diff --git a/weed/s3api/auth_credentials_subscribe.go b/weed/s3api/auth_credentials_subscribe.go index 9dab99457..bbd44392f 100644 --- a/weed/s3api/auth_credentials_subscribe.go +++ b/weed/s3api/auth_credentials_subscribe.go @@ -1,13 +1,11 @@ package s3api import ( - "encoding/json" "errors" "time" "github.com/seaweedfs/seaweedfs/weed/filer" "github.com/seaweedfs/seaweedfs/weed/glog" - "github.com/seaweedfs/seaweedfs/weed/iam/policy" "github.com/seaweedfs/seaweedfs/weed/pb" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" @@ -147,19 +145,9 @@ func (s3a *S3ApiServer) updateBucketConfigCacheFromEntry(entry *filer_pb.Entry) } else { glog.V(3).Infof("updateBucketConfigCacheFromEntry: no Object Lock configuration found for bucket %s", bucket) } - - // Parse bucket policy if present (for performance optimization) - if policyJSON, exists := entry.Extended[BUCKET_POLICY_METADATA_KEY]; exists && len(policyJSON) > 0 { - var policyDoc policy.PolicyDocument - if err := json.Unmarshal(policyJSON, &policyDoc); err != nil { - glog.Errorf("updateBucketConfigCacheFromEntry: failed to parse bucket policy for %s: %v", bucket, err) - } else { - config.BucketPolicy = &policyDoc - glog.V(2).Infof("updateBucketConfigCacheFromEntry: cached bucket policy for bucket %s", bucket) - } - } else { - glog.V(4).Infof("updateBucketConfigCacheFromEntry: no bucket policy found for bucket %s", bucket) - } + + // Load bucket policy if present (for performance optimization) + config.BucketPolicy = loadBucketPolicyFromExtended(entry, bucket) } // Load CORS configuration from bucket directory content diff --git a/weed/s3api/s3api_bucket_config.go b/weed/s3api/s3api_bucket_config.go index a103553a1..4a474c6a9 100644 --- a/weed/s3api/s3api_bucket_config.go +++ b/weed/s3api/s3api_bucket_config.go @@ -320,6 +320,28 @@ func (bcc *BucketConfigCache) RemoveNegativeCache(bucket string) { delete(bcc.negativeCache, bucket) } +// loadBucketPolicyFromExtended loads and parses bucket policy from entry extended attributes +func loadBucketPolicyFromExtended(entry *filer_pb.Entry, bucket string) *policy.PolicyDocument { + if entry.Extended == nil { + return nil + } + + policyJSON, exists := entry.Extended[BUCKET_POLICY_METADATA_KEY] + if !exists || len(policyJSON) == 0 { + glog.V(4).Infof("loadBucketPolicyFromExtended: no bucket policy found for bucket %s", bucket) + return nil + } + + var policyDoc policy.PolicyDocument + if err := json.Unmarshal(policyJSON, &policyDoc); err != nil { + glog.Errorf("loadBucketPolicyFromExtended: failed to parse bucket policy for %s: %v", bucket, err) + return nil + } + + glog.V(3).Infof("loadBucketPolicyFromExtended: loaded bucket policy for bucket %s", bucket) + return &policyDoc +} + // getBucketConfig retrieves bucket configuration with caching func (s3a *S3ApiServer) getBucketConfig(bucket string) (*BucketConfig, s3err.ErrorCode) { // Check negative cache first @@ -378,19 +400,9 @@ func (s3a *S3ApiServer) getBucketConfig(bucket string) (*BucketConfig, s3err.Err } else { glog.V(3).Infof("getBucketConfig: no Object Lock config found in extended attributes for bucket %s", bucket) } - - // Parse bucket policy if present (for performance optimization) - if policyJSON, exists := entry.Extended[BUCKET_POLICY_METADATA_KEY]; exists && len(policyJSON) > 0 { - var policyDoc policy.PolicyDocument - if err := json.Unmarshal(policyJSON, &policyDoc); err != nil { - glog.Errorf("getBucketConfig: failed to parse bucket policy for %s: %v", bucket, err) - } else { - config.BucketPolicy = &policyDoc - glog.V(3).Infof("getBucketConfig: loaded bucket policy from extended attributes for bucket %s", bucket) - } - } else { - glog.V(4).Infof("getBucketConfig: no bucket policy found for bucket %s", bucket) - } + + // Load bucket policy if present (for performance optimization) + config.BucketPolicy = loadBucketPolicyFromExtended(entry, bucket) } // Load CORS configuration from bucket directory content