Tree:
				b4c51bffe4
			
			
		
		add-ec-vacuum
			
				add-foundation-db
			
				add_fasthttp_client
			
				add_remote_storage
			
				adding-message-queue-integration-tests
			
				avoid_releasing_temp_file_on_write
			
				changing-to-zap
			
				collect-public-metrics
			
				create-table-snapshot-api-design
			
				data_query_pushdown
			
				dependabot/go_modules/github.com/seaweedfs/raft-1.1.5
			
				dependabot/maven/other/java/client/com.google.protobuf-protobuf-java-3.25.5
			
				dependabot/maven/other/java/examples/org.apache.hadoop-hadoop-common-3.4.0
			
				detect-and-plan-ec-tasks
			
				do-not-retry-if-error-is-NotFound
			
				fasthttp
			
				filer1_maintenance_branch
			
				fix-GetObjectLockConfigurationHandler
			
				fix-versioning-listing-only
			
				ftp
			
				gh-pages
			
				improve-fuse-mount
			
				improve-fuse-mount2
			
				logrus
			
				master
			
				message_send
			
				mount2
			
				mq-subscribe
			
				mq2
			
				original_weed_mount
			
				random_access_file
			
				refactor-needle-read-operations
			
				refactor-volume-write
			
				remote_overlay
			
				revert-5134-patch-1
			
				revert-5819-patch-1
			
				revert-6434-bugfix-missing-s3-audit
			
				s3-select
			
				sub
			
				tcp_read
			
				test-reverting-lock-table
			
				test_udp
			
				testing
			
				testing-sdx-generation
			
				tikv
			
				track-mount-e2e
			
				volume_buffered_writes
			
				worker-execute-ec-tasks
			
			
				0.72
			
				0.72.release
			
				0.73
			
				0.74
			
				0.75
			
				0.76
			
				0.77
			
				0.90
			
				0.91
			
				0.92
			
				0.93
			
				0.94
			
				0.95
			
				0.96
			
				0.97
			
				0.98
			
				0.99
			
				1.00
			
				1.01
			
				1.02
			
				1.03
			
				1.04
			
				1.05
			
				1.06
			
				1.07
			
				1.08
			
				1.09
			
				1.10
			
				1.11
			
				1.12
			
				1.14
			
				1.15
			
				1.16
			
				1.17
			
				1.18
			
				1.19
			
				1.20
			
				1.21
			
				1.22
			
				1.23
			
				1.24
			
				1.25
			
				1.26
			
				1.27
			
				1.28
			
				1.29
			
				1.30
			
				1.31
			
				1.32
			
				1.33
			
				1.34
			
				1.35
			
				1.36
			
				1.37
			
				1.38
			
				1.40
			
				1.41
			
				1.42
			
				1.43
			
				1.44
			
				1.45
			
				1.46
			
				1.47
			
				1.48
			
				1.49
			
				1.50
			
				1.51
			
				1.52
			
				1.53
			
				1.54
			
				1.55
			
				1.56
			
				1.57
			
				1.58
			
				1.59
			
				1.60
			
				1.61
			
				1.61RC
			
				1.62
			
				1.63
			
				1.64
			
				1.65
			
				1.66
			
				1.67
			
				1.68
			
				1.69
			
				1.70
			
				1.71
			
				1.72
			
				1.73
			
				1.74
			
				1.75
			
				1.76
			
				1.77
			
				1.78
			
				1.79
			
				1.80
			
				1.81
			
				1.82
			
				1.83
			
				1.84
			
				1.85
			
				1.86
			
				1.87
			
				1.88
			
				1.90
			
				1.91
			
				1.92
			
				1.93
			
				1.94
			
				1.95
			
				1.96
			
				1.97
			
				1.98
			
				1.99
			
				1;70
			
				2.00
			
				2.01
			
				2.02
			
				2.03
			
				2.04
			
				2.05
			
				2.06
			
				2.07
			
				2.08
			
				2.09
			
				2.10
			
				2.11
			
				2.12
			
				2.13
			
				2.14
			
				2.15
			
				2.16
			
				2.17
			
				2.18
			
				2.19
			
				2.20
			
				2.21
			
				2.22
			
				2.23
			
				2.24
			
				2.25
			
				2.26
			
				2.27
			
				2.28
			
				2.29
			
				2.30
			
				2.31
			
				2.32
			
				2.33
			
				2.34
			
				2.35
			
				2.36
			
				2.37
			
				2.38
			
				2.39
			
				2.40
			
				2.41
			
				2.42
			
				2.43
			
				2.47
			
				2.48
			
				2.49
			
				2.50
			
				2.51
			
				2.52
			
				2.53
			
				2.54
			
				2.55
			
				2.56
			
				2.57
			
				2.58
			
				2.59
			
				2.60
			
				2.61
			
				2.62
			
				2.63
			
				2.64
			
				2.65
			
				2.66
			
				2.67
			
				2.68
			
				2.69
			
				2.70
			
				2.71
			
				2.72
			
				2.73
			
				2.74
			
				2.75
			
				2.76
			
				2.77
			
				2.78
			
				2.79
			
				2.80
			
				2.81
			
				2.82
			
				2.83
			
				2.84
			
				2.85
			
				2.86
			
				2.87
			
				2.88
			
				2.89
			
				2.90
			
				2.91
			
				2.92
			
				2.93
			
				2.94
			
				2.95
			
				2.96
			
				2.97
			
				2.98
			
				2.99
			
				3.00
			
				3.01
			
				3.02
			
				3.03
			
				3.04
			
				3.05
			
				3.06
			
				3.07
			
				3.08
			
				3.09
			
				3.10
			
				3.11
			
				3.12
			
				3.13
			
				3.14
			
				3.15
			
				3.16
			
				3.18
			
				3.19
			
				3.20
			
				3.21
			
				3.22
			
				3.23
			
				3.24
			
				3.25
			
				3.26
			
				3.27
			
				3.28
			
				3.29
			
				3.30
			
				3.31
			
				3.32
			
				3.33
			
				3.34
			
				3.35
			
				3.36
			
				3.37
			
				3.38
			
				3.39
			
				3.40
			
				3.41
			
				3.42
			
				3.43
			
				3.44
			
				3.45
			
				3.46
			
				3.47
			
				3.48
			
				3.50
			
				3.51
			
				3.52
			
				3.53
			
				3.54
			
				3.55
			
				3.56
			
				3.57
			
				3.58
			
				3.59
			
				3.60
			
				3.61
			
				3.62
			
				3.63
			
				3.64
			
				3.65
			
				3.66
			
				3.67
			
				3.68
			
				3.69
			
				3.71
			
				3.72
			
				3.73
			
				3.74
			
				3.75
			
				3.76
			
				3.77
			
				3.78
			
				3.79
			
				3.80
			
				3.81
			
				3.82
			
				3.83
			
				3.84
			
				3.85
			
				3.86
			
				3.87
			
				3.88
			
				3.89
			
				3.90
			
				3.91
			
				3.92
			
				3.93
			
				3.94
			
				3.95
			
				3.96
			
				3.97
			
				dev
			
				helm-3.65.1
			
				v0.69
			
				v0.70beta
			
				v3.33
			
		${ noResults }
		
	
		
			6 Commits (b4c51bffe496250fc4c76efa3572243afb013ae5)
		
	
	
		
	
    | Author | SHA1 | Message | Date | 
|---|---|---|---|
|  | 29fedb1f0e | feat: default IAM stores to filer for production-ready persistence This change makes filer stores the default for all IAM components, requiring explicit configuration only when different storage is needed. ### Changes Made: #### Default Store Types Updated: - STS Session Store: memory → filer (persistent sessions) - Policy Engine: memory → filer (persistent policies) - Role Store: memory → filer (persistent roles) #### Code Updates: - STSService: Default sessionStoreType now uses DefaultStoreType constant - PolicyEngine: Default storeType changed to filer for persistence - IAMManager: Default roleStore changed to filer for persistence - Added DefaultStoreType constant for consistent configuration #### Configuration Simplification: - iam_config_distributed.json: Removed redundant filer specifications - Only specify storeType when different from default (e.g. memory for testing) ### Benefits: - Production-ready defaults with persistent storage - Minimal configuration for standard deployments - Clear intent: only specify when different from sensible defaults - Backwards compatible: existing explicit configs continue to work - Consistent with SeaweedFS distributed, persistent nature | 2 months ago | 
|  | 586ebbca2d | refactor: simplify configuration by using constants for default base paths This commit addresses the user feedback that configuration files should not
need to specify default paths when constants are available.
### Changes Made:
#### Configuration Simplification:
- Removed redundant basePath configurations from iam_config_distributed.json
- All stores now use constants for defaults:
  * Sessions: /etc/iam/sessions (DefaultSessionBasePath)
  * Policies: /etc/iam/policies (DefaultPolicyBasePath)
  * Roles: /etc/iam/roles (DefaultRoleBasePath)
- Eliminated empty storeConfig objects entirely for cleaner JSON
#### Updated Store Implementations:
- FilerPolicyStore: Updated hardcoded path to use /etc/iam/policies
- FilerRoleStore: Updated hardcoded path to use /etc/iam/roles
- All stores consistently align with /etc/ filer convention
#### Runtime Filer Address Integration:
- Updated IAM manager methods to accept filerAddress parameter:
  * AssumeRoleWithWebIdentity(ctx, filerAddress, request)
  * AssumeRoleWithCredentials(ctx, filerAddress, request)
  * IsActionAllowed(ctx, filerAddress, request)
  * ExpireSessionForTesting(ctx, filerAddress, sessionToken)
- Enhanced S3IAMIntegration to store filerAddress from S3ApiServer
- Updated all test files to pass test filerAddress ('localhost:8888')
### Benefits:
- ✅ Cleaner, minimal configuration files
- ✅ Consistent use of well-defined constants for defaults
- ✅ No configuration needed for standard use cases
- ✅ Runtime filer address flexibility maintained
- ✅ Aligns with SeaweedFS /etc/ convention throughout
### Breaking Change:
- S3IAMIntegration constructor now requires filerAddress parameter
- All IAM manager methods now require filerAddress as second parameter
- Tests and middleware updated accordingly | 2 months ago | 
|  | 8718c301ba | feat(sts): pass filerAddress at call-time instead of init-time This change addresses the requirement that filer addresses should be
passed when methods are called, not during initialization, to support:
- Dynamic filer failover and load balancing
- Runtime changes to filer topology
- Environment-agnostic configuration files
### Changes Made:
#### SessionStore Interface & Implementations:
- Updated SessionStore interface to accept filerAddress parameter in all methods
- Modified FilerSessionStore to remove filerAddress field from struct
- Updated MemorySessionStore to accept filerAddress (ignored) for interface consistency
- All methods now take: (ctx, filerAddress, sessionId, ...) parameters
#### STS Service Methods:
- Updated all public STS methods to accept filerAddress parameter:
  - AssumeRoleWithWebIdentity(ctx, filerAddress, request)
  - AssumeRoleWithCredentials(ctx, filerAddress, request)
  - ValidateSessionToken(ctx, filerAddress, sessionToken)
  - RevokeSession(ctx, filerAddress, sessionToken)
  - ExpireSessionForTesting(ctx, filerAddress, sessionToken)
#### Configuration Cleanup:
- Removed filerAddress from all configuration files (iam_config_distributed.json)
- Configuration now only contains basePath and other store-specific settings
- Makes configs environment-agnostic (dev/staging/prod compatible)
#### Test Updates:
- Updated all test files to pass testFilerAddress parameter
- Tests use dummy filerAddress ('localhost:8888') for consistency
- Maintains test functionality while validating new interface
### Benefits:
- ✅ Filer addresses determined at runtime by caller (S3 API server)
- ✅ Supports filer failover without service restart
- ✅ Configuration files work across environments
- ✅ Follows SeaweedFS patterns used elsewhere in codebase
- ✅ Load balancer friendly - no filer affinity required
- ✅ Horizontal scaling compatible
### Breaking Change:
This is a breaking change for any code calling STS service methods.
Callers must now pass filerAddress as the second parameter. | 2 months ago | 
|  | 0a6c238eb0 | align(sts): use filer /etc/ path convention for IAM storage - Update DefaultSessionBasePath to /etc/iam/sessions (was /seaweedfs/iam/sessions) - Update DefaultPolicyBasePath to /etc/iam/policies (was /seaweedfs/iam/policies) - Update DefaultRoleBasePath to /etc/iam/roles (was /seaweedfs/iam/roles) - Update iam_config_distributed.json to use /etc/iam paths - Align with existing filer configuration structure in filer_conf.go - Follow SeaweedFS convention of storing configs under /etc/ - Add FILER_INTEGRATION.md documenting path conventions - Maintain consistency with IamConfigDirectory = '/etc/iam' - Enable standard filer backup/restore procedures for IAM data - Ensure operational consistency across SeaweedFS components | 2 months ago | 
|  | beb23b0ab5 | feat: Implement configuration-driven identity providers for distributed STS PROBLEM SOLVED:
- Identity providers were registered manually on each STS instance
- No guarantee of provider consistency across distributed deployments
- Authentication behavior could differ between S3 gateway instances
- Operational complexity in managing provider configurations at scale
IMPLEMENTATION:
- Add provider configuration support to STSConfig schema
- Create ProviderFactory for automatic provider loading from config
- Update STSService.Initialize() to load providers from configuration
- Support OIDC and mock providers with extensible factory pattern
- Comprehensive validation and error handling for provider configs
NEW COMPONENTS:
- weed/iam/sts/provider_factory.go - Factory for creating providers from config
- weed/iam/sts/provider_factory_test.go - Comprehensive factory tests
- weed/iam/sts/distributed_sts_test.go - Distributed STS integration tests
- test/s3/iam/STS_DISTRIBUTED.md - Complete deployment and operations guide
CONFIGURATION SCHEMA:
{
  'sts': {
    'providers': [
      {
        'name': 'keycloak-oidc',
        'type': 'oidc',
        'enabled': true,
        'config': {
          'issuer': 'https://keycloak.company.com/realms/seaweedfs',
          'clientId': 'seaweedfs-s3',
          'clientSecret': 'secret',
          'scopes': ['openid', 'profile', 'email', 'roles']
        }
      }
    ]
  }
}
DISTRIBUTED BENEFITS:
- ✅ Consistent providers across all S3 gateway instances
- ✅ Configuration-driven - no manual provider registration needed
- ✅ Automatic validation and initialization of all providers
- ✅ Support for provider enable/disable without code changes
- ✅ Extensible factory pattern for adding new provider types
- ✅ Comprehensive testing for distributed deployment scenarios
This completes the distributed STS implementation, making SeaweedFS
S3 Gateway truly production-ready for multi-instance deployments
with consistent, reliable authentication across all instances. | 2 months ago | 
|  | ce17743275 | feat: Implement distributed IAM role storage for multi-instance deployments PROBLEM SOLVED:
- Roles were stored in memory per-instance, causing inconsistencies
- Sessions and policies had filer storage but roles didn't
- Multi-instance deployments had authentication failures
IMPLEMENTATION:
- Add RoleStore interface for pluggable role storage backends
- Implement FilerRoleStore using SeaweedFS filer as distributed backend
- Update IAMManager to use RoleStore instead of in-memory map
- Add role store configuration to IAM config schema
- Support both memory and filer storage for roles
NEW COMPONENTS:
- weed/iam/integration/role_store.go - Role storage interface & implementations
- weed/iam/integration/role_store_test.go - Unit tests for role storage
- test/s3/iam/iam_config_distributed.json - Sample distributed config
- test/s3/iam/DISTRIBUTED.md - Complete deployment guide
CONFIGURATION:
{
  'roleStore': {
    'storeType': 'filer',
    'storeConfig': {
      'filerAddress': 'localhost:8888',
      'basePath': '/seaweedfs/iam/roles'
    }
  }
}
BENEFITS:
- ✅ Consistent role definitions across all S3 gateway instances
- ✅ Persistent role storage survives instance restarts
- ✅ Scales to unlimited number of gateway instances
- ✅ No session affinity required in load balancers
- ✅ Production-ready distributed IAM system
This completes the distributed IAM implementation, making SeaweedFS
S3 Gateway truly scalable for production multi-instance deployments. | 2 months ago | 
|  | 299c86f002 | feat: Add Keycloak OIDC integration for S3 IAM tests - Add Docker Compose setup with Keycloak OIDC provider - Configure test realm with users, roles, and S3 client - Implement automatic detection between Keycloak and mock OIDC modes - Add comprehensive Keycloak integration tests for authentication and authorization - Support real JWT token validation with production-like OIDC flow - Add Docker-specific IAM configuration for containerized testing - Include detailed documentation for Keycloak integration setup Integration includes: - Real OIDC authentication flow with username/password - JWT Bearer token authentication for S3 operations - Role mapping from Keycloak roles to SeaweedFS IAM policies - Comprehensive test coverage for production scenarios - Automatic fallback to mock mode when Keycloak unavailable | 2 months ago |