seaweedfs/weed/pb/s3.proto

syntax = "proto3";

package messaging_pb;

option go_package = "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb";
option java_package = "seaweedfs.client";
option java_outer_classname = "S3Proto";

//////////////////////////////////////////////////

import "iam.proto";

service SeaweedS3 {

    // Explicit IAM APIs mirroring SeaweedIdentityAccessManagement
    rpc ListUsers (iam_pb.ListUsersRequest) returns (iam_pb.ListUsersResponse) {}
    rpc CreateUser (iam_pb.CreateUserRequest) returns (iam_pb.CreateUserResponse) {}
    rpc GetUser (iam_pb.GetUserRequest) returns (iam_pb.GetUserResponse) {}
    rpc UpdateUser (iam_pb.UpdateUserRequest) returns (iam_pb.UpdateUserResponse) {}
    rpc DeleteUser (iam_pb.DeleteUserRequest) returns (iam_pb.DeleteUserResponse) {}
    
    rpc ListAccessKeys (iam_pb.ListAccessKeysRequest) returns (iam_pb.ListAccessKeysResponse) {}
    rpc CreateAccessKey (iam_pb.CreateAccessKeyRequest) returns (iam_pb.CreateAccessKeyResponse) {}
    rpc DeleteAccessKey (iam_pb.DeleteAccessKeyRequest) returns (iam_pb.DeleteAccessKeyResponse) {}
    
    rpc PutUserPolicy (iam_pb.PutUserPolicyRequest) returns (iam_pb.PutUserPolicyResponse) {}
    rpc GetUserPolicy (iam_pb.GetUserPolicyRequest) returns (iam_pb.GetUserPolicyResponse) {}
    rpc DeleteUserPolicy (iam_pb.DeleteUserPolicyRequest) returns (iam_pb.DeleteUserPolicyResponse) {}
    
    rpc ListServiceAccounts (iam_pb.ListServiceAccountsRequest) returns (iam_pb.ListServiceAccountsResponse) {}
    rpc CreateServiceAccount (iam_pb.CreateServiceAccountRequest) returns (iam_pb.CreateServiceAccountResponse) {}
    rpc UpdateServiceAccount (iam_pb.UpdateServiceAccountRequest) returns (iam_pb.UpdateServiceAccountResponse) {}
    rpc DeleteServiceAccount (iam_pb.DeleteServiceAccountRequest) returns (iam_pb.DeleteServiceAccountResponse) {}
    rpc GetServiceAccount (iam_pb.GetServiceAccountRequest) returns (iam_pb.GetServiceAccountResponse) {}

}

//////////////////////////////////////////////////

message S3CircuitBreakerConfig {
    S3CircuitBreakerOptions global=1;
    map<string, S3CircuitBreakerOptions> buckets= 2;
}

message S3CircuitBreakerOptions {
    bool enabled=1;
    map<string, int64> actions = 2;
}

//////////////////////////////////////////////////
// Bucket Metadata

message CORSRule {
    repeated string allowed_headers = 1;
    repeated string allowed_methods = 2;
    repeated string allowed_origins = 3;
    repeated string expose_headers = 4;
    int32 max_age_seconds = 5;
    string id = 6;
}

message CORSConfiguration {
    repeated CORSRule cors_rules = 1;
}

message BucketMetadata {
    map<string, string> tags = 1;
    CORSConfiguration cors = 2;
    EncryptionConfiguration encryption = 3;
}

message EncryptionConfiguration {
    string sse_algorithm = 1; // "AES256" or "aws:kms"
    string kms_key_id = 2; // KMS key ID (optional for aws:kms)
    bool bucket_key_enabled = 3; // S3 Bucket Keys optimization
}