Tree: 45ecf2cfe0

add-admin-and-worker-to-helm-charts

add-ec-vacuum

add-foundation-db

add_fasthttp_client

add_remote_storage

adding-message-queue-integration-tests

avoid_releasing_temp_file_on_write

changing-to-zap

collect-public-metrics

create-table-snapshot-api-design

data_query_pushdown

dependabot/maven/other/java/client/com.google.protobuf-protobuf-java-3.25.5

dependabot/maven/other/java/examples/org.apache.hadoop-hadoop-common-3.4.0

detect-and-plan-ec-tasks

do-not-retry-if-error-is-NotFound

enhance-erasure-coding

fasthttp

filer1_maintenance_branch

fix-GetObjectLockConfigurationHandler

fix-versioning-listing-only

ftp

gh-pages

improve-fuse-mount

improve-fuse-mount2

logrus

master

message_send

mount2

mq-subscribe

mq2

original_weed_mount

random_access_file

refactor-needle-read-operations

refactor-volume-write

remote_overlay

revert-5134-patch-1

revert-5819-patch-1

revert-6434-bugfix-missing-s3-audit

s3-select

sub

tcp_read

test-reverting-lock-table

test_udp

testing

testing-sdx-generation

tikv

track-mount-e2e

volume_buffered_writes

worker-execute-ec-tasks

0.72

0.72.release

0.73

0.74

0.75

0.76

0.77

0.90

0.91

0.92

0.93

0.94

0.95

0.96

0.97

0.98

0.99

1.00

1.01

1.02

1.03

1.04

1.05

1.06

1.07

1.08

1.09

1.10

1.11

1.12

1.14

1.15

1.16

1.17

1.18

1.19

1.20

1.21

1.22

1.23

1.24

1.25

1.26

1.27

1.28

1.29

1.30

1.31

1.32

1.33

1.34

1.35

1.36

1.37

1.38

1.40

1.41

1.42

1.43

1.44

1.45

1.46

1.47

1.48

1.49

1.50

1.51

1.52

1.53

1.54

1.55

1.56

1.57

1.58

1.59

1.60

1.61

1.61RC

1.62

1.63

1.64

1.65

1.66

1.67

1.68

1.69

1.70

1.71

1.72

1.73

1.74

1.75

1.76

1.77

1.78

1.79

1.80

1.81

1.82

1.83

1.84

1.85

1.86

1.87

1.88

1.90

1.91

1.92

1.93

1.94

1.95

1.96

1.97

1.98

1.99

1;70

2.00

2.01

2.02

2.03

2.04

2.05

2.06

2.07

2.08

2.09

2.10

2.11

2.12

2.13

2.14

2.15

2.16

2.17

2.18

2.19

2.20

2.21

2.22

2.23

2.24

2.25

2.26

2.27

2.28

2.29

2.30

2.31

2.32

2.33

2.34

2.35

2.36

2.37

2.38

2.39

2.40

2.41

2.42

2.43

2.47

2.48

2.49

2.50

2.51

2.52

2.53

2.54

2.55

2.56

2.57

2.58

2.59

2.60

2.61

2.62

2.63

2.64

2.65

2.66

2.67

2.68

2.69

2.70

2.71

2.72

2.73

2.74

2.75

2.76

2.77

2.78

2.79

2.80

2.81

2.82

2.83

2.84

2.85

2.86

2.87

2.88

2.89

2.90

2.91

2.92

2.93

2.94

2.95

2.96

2.97

2.98

2.99

3.00

3.01

3.02

3.03

3.04

3.05

3.06

3.07

3.08

3.09

3.10

3.11

3.12

3.13

3.14

3.15

3.16

3.18

3.19

3.20

3.21

3.22

3.23

3.24

3.25

3.26

3.27

3.28

3.29

3.30

3.31

3.32

3.33

3.34

3.35

3.36

3.37

3.38

3.39

3.40

3.41

3.42

3.43

3.44

3.45

3.46

3.47

3.48

3.50

3.51

3.52

3.53

3.54

3.55

3.56

3.57

3.58

3.59

3.60

3.61

3.62

3.63

3.64

3.65

3.66

3.67

3.68

3.69

3.71

3.72

3.73

3.74

3.75

3.76

3.77

3.78

3.79

3.80

3.81

3.82

3.83

3.84

3.85

3.86

3.87

3.88

3.89

3.90

3.91

3.92

3.93

3.94

3.95

3.96

3.97

3.98

3.99

dev

helm-3.65.1

v0.69

v0.70beta

v3.33

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '45ecf2cfe0'

${ noResults }

Commit Graph

11963 Commits (45ecf2cfe0feab91a8ebdc7afebca929027df139)

 

All Branches   

Search

Author	SHA1	Message	Date
chrislu	45ecf2cfe0	use docker compose to test keycloak	2 months ago
chrislu	369b50d04b	Update setup_keycloak.sh	2 months ago
chrislu	f9c19dd2f5	different iam config for github and local	2 months ago
chrislu	ce27ea975f	keycloak use 8080	2 months ago
chrislu	6dbff27e01	Update setup_keycloak.sh	2 months ago
chrislu	a6e68dbe17	Update iam_config.json	2 months ago
chrislu	b4c51bffe4	setup	2 months ago
chrislu	c870fcca8a	test setup	2 months ago
chrislu	4435f4eb5a	duplicated	2 months ago
chrislu	61d1d974bb	Update s3-iam-tests.yml	2 months ago
chrislu	efe95f631e	Update s3-iam-tests.yml	2 months ago
chrislu	306389b8e4	Create s3-iam-keycloak.yml	2 months ago
chrislu	63616be4a3	setup keycloak	2 months ago
chrislu	773d7648f2	fix compilation	2 months ago
chrislu	c34b14de8c	fix tests	2 months ago
chrislu	db4b613d44	fix tests	2 months ago
chrislu	51525ea2ba	remove filerAddress required	2 months ago
chrislu	13bff3f594	fix tests	2 months ago
chrislu	a5761aa42d	fixes	2 months ago
chrislu	0575d93bca	address comments	2 months ago
chrislu	3ccb7467d9	json format	2 months ago
chrislu	02798df85d	address comments	2 months ago
chrislu	7d7da35179	fix tests	2 months ago
chrislu	c5321abcbc	fix tests	2 months ago
chrislu	db58964a21	compile	2 months ago
chrislu	09f3d67fbf	fix tests	2 months ago
chrislu	a2fd8d9764	unique bucket name	2 months ago
chrislu	62432d0619	fix password	2 months ago
chrislu	72668a5339	fix tests	2 months ago
chrislu	ec7d3e44e7	Update iam_config.json	2 months ago
chrislu	b8d3d8d9fc	avoid hack	2 months ago
chrislu	ca3c5eadb2	fix tests	2 months ago
chrislu	d4de26962f	fix tests	2 months ago
chrislu	bc026e11bf	fix tests	2 months ago
chrislu	903dc89acd	Update setup_keycloak.sh	2 months ago
chrislu	dabb0652e0	fix test	2 months ago
chrislu	9b324f6b1b	always run keycloak tests	2 months ago
chrislu	9c587dbd51	fix oidc	2 months ago
chrislu	2c30968b2e	updates	2 months ago
chrislu	8c59efad5e	reduce load	2 months ago
chrislu	868b2de213	enable more tests	2 months ago
chrislu	a2cce1bb91	fix tests	2 months ago
chrislu	accad23427	Update iam_config.json	2 months ago
chrislu	4c032b3945	fix testing expired jwt	2 months ago
chrislu	5f32b3c982	Modified ListBucketsHandler to use IAM authorization (authorizeWithIAM) for JWT users instead of legacy identity.canDo()	2 months ago
chrislu	8603fe1433	Update s3_iam_middleware.go	2 months ago
chrislu	ca2c2aa1c7	Update iam_manager.go	2 months ago
chrislu	f462684f8a	Update token_utils.go	2 months ago
chrislu	df5b31aa9a	feat: Complete JWT authentication system for S3 IAM integration 🎉 Successfully resolved 501 NotImplemented error and implemented full JWT authentication ### Core Fixes: **1. Fixed Circular Dependency in JWT Authentication:** - Modified AuthenticateJWT to validate tokens directly via STS service - Removed circular IsActionAllowed call during authentication phase - Authentication now properly separated from authorization **2. Enhanced S3IAMIntegration Architecture:** - Added stsService field for direct JWT token validation - Updated NewS3IAMIntegration to get STS service from IAM manager - Added GetSTSService method to IAM manager **3. Fixed IAM Configuration Issues:** - Corrected JSON format: Action/Resource fields now arrays - Fixed role store initialization in loadIAMManagerFromConfig - Added memory-based role store for JSON config setups **4. Enhanced Trust Policy Validation:** - Fixed validateTrustPolicyForWebIdentity for mock tokens - Added fallback handling for non-JWT format tokens - Proper context building for trust policy evaluation **5. Implemented String Condition Evaluation:** - Complete evaluateStringCondition with wildcard support - Proper handling of StringEquals, StringNotEquals, StringLike - Support for array and single value conditions ### Verification Results: ✅ **JWT Authentication**: Fully working - tokens validated successfully ✅ **Authorization**: Policy evaluation working correctly ✅ **S3 Server Startup**: IAM integration initializes successfully ✅ **IAM Integration Tests**: All passing (TestFullOIDCWorkflow, etc.) ✅ **Trust Policy Validation**: Working for both JWT and mock tokens ### Before vs After: ❌ **Before**: 501 NotImplemented - IAM integration failed to initialize ✅ **After**: Complete JWT authentication flow with proper authorization The JWT authentication system is now fully functional. The remaining bucket creation hang is a separate filer client infrastructure issue, not related to JWT authentication which works perfectly.	2 months ago
chrislu	c63ad8fcaa	Update s3api_server.go	2 months ago