Add support for server side bucket replication (#9882)

2025-11-09 21:49:46 -05:00 · 2020-07-21 17:49:56 -07:00
parent ca4c15bc63
commit c43da3005a
44 changed files with 2387 additions and 322 deletions
--- a/pkg/iam/policy/action.go
+++ b/pkg/iam/policy/action.go
@@ -158,6 +158,22 @@ const (

 	// GetBucketVersioningAction - GetBucketVersioning REST API action
 	GetBucketVersioningAction = "s3:GetBucketVersioning"
+	// GetReplicationConfigurationAction  - GetReplicationConfiguration REST API action
+	GetReplicationConfigurationAction = "s3:GetReplicationConfiguration"
+	// PutReplicationConfigurationAction  - PutReplicationConfiguration REST API action
+	PutReplicationConfigurationAction = "s3:PutReplicationConfiguration"
+
+	// ReplicateObjectAction  - ReplicateObject REST API action
+	ReplicateObjectAction = "s3:ReplicateObject"
+
+	// ReplicateDeleteAction  - ReplicateDelete REST API action
+	ReplicateDeleteAction = "s3:ReplicateDelete"
+
+	// ReplicateTagsAction  - ReplicateTags REST API action
+	ReplicateTagsAction = "s3:ReplicateTags"
+
+	// GetObjectVersionForReplicationAction  - GetObjectVersionForReplication REST API action
+	GetObjectVersionForReplicationAction = "s3:GetObjectVersionForReplication"

 	// AllActions - all API actions
 	AllActions = "s3:*"
@@ -208,30 +224,40 @@ var supportedActions = map[Action]struct{}{
 	GetBucketEncryptionAction:              {},
 	PutBucketVersioningAction:              {},
 	GetBucketVersioningAction:              {},
+	GetReplicationConfigurationAction:      {},
+	PutReplicationConfigurationAction:      {},
+	ReplicateObjectAction:                  {},
+	ReplicateDeleteAction:                  {},
+	ReplicateTagsAction:                    {},
+	GetObjectVersionForReplicationAction:   {},
 	AllActions:                             {},
 }

 // List of all supported object actions.
 var supportedObjectActions = map[Action]struct{}{
-	AllActions:                       {},
-	AbortMultipartUploadAction:       {},
-	DeleteObjectAction:               {},
-	GetObjectAction:                  {},
-	ListMultipartUploadPartsAction:   {},
-	PutObjectAction:                  {},
-	BypassGovernanceRetentionAction:  {},
-	PutObjectRetentionAction:         {},
-	GetObjectRetentionAction:         {},
-	PutObjectLegalHoldAction:         {},
-	GetObjectLegalHoldAction:         {},
-	GetObjectTaggingAction:           {},
-	PutObjectTaggingAction:           {},
-	DeleteObjectTaggingAction:        {},
-	GetObjectVersionAction:           {},
-	GetObjectVersionTaggingAction:    {},
-	DeleteObjectVersionAction:        {},
-	DeleteObjectVersionTaggingAction: {},
-	PutObjectVersionTaggingAction:    {},
+	AllActions:                           {},
+	AbortMultipartUploadAction:           {},
+	DeleteObjectAction:                   {},
+	GetObjectAction:                      {},
+	ListMultipartUploadPartsAction:       {},
+	PutObjectAction:                      {},
+	BypassGovernanceRetentionAction:      {},
+	PutObjectRetentionAction:             {},
+	GetObjectRetentionAction:             {},
+	PutObjectLegalHoldAction:             {},
+	GetObjectLegalHoldAction:             {},
+	GetObjectTaggingAction:               {},
+	PutObjectTaggingAction:               {},
+	DeleteObjectTaggingAction:            {},
+	GetObjectVersionAction:               {},
+	GetObjectVersionTaggingAction:        {},
+	DeleteObjectVersionAction:            {},
+	DeleteObjectVersionTaggingAction:     {},
+	PutObjectVersionTaggingAction:        {},
+	ReplicateObjectAction:                {},
+	ReplicateDeleteAction:                {},
+	ReplicateTagsAction:                  {},
+	GetObjectVersionForReplicationAction: {},
 }

 // isObjectAction - returns whether action is object type or not.
@@ -360,4 +386,10 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
 		append([]condition.Key{
 			condition.S3VersionID,
 		}, condition.CommonKeys...)...),
+	GetReplicationConfigurationAction:    condition.NewKeySet(condition.CommonKeys...),
+	PutReplicationConfigurationAction:    condition.NewKeySet(condition.CommonKeys...),
+	ReplicateObjectAction:                condition.NewKeySet(condition.CommonKeys...),
+	ReplicateDeleteAction:                condition.NewKeySet(condition.CommonKeys...),
+	ReplicateTagsAction:                  condition.NewKeySet(condition.CommonKeys...),
+	GetObjectVersionForReplicationAction: condition.NewKeySet(condition.CommonKeys...),
 }
--- a/pkg/iam/policy/admin-action.go
+++ b/pkg/iam/policy/admin-action.go
@@ -108,46 +108,55 @@ const (
 	// GetBucketQuotaAdminAction - allow getting bucket quota
 	GetBucketQuotaAdminAction = "admin:GetBucketQuota"

+	// Bucket Replication admin Actions
+
+	// SetBucketReplicationTargetAction - allow setting bucket replication target
+	SetBucketReplicationTargetAction = "admin:SetBucketReplicationTarget"
+	// GetBucketReplicationTargetAction - allow getting bucket replication targets
+	GetBucketReplicationTargetAction = "admin:GetBucketReplicationTarget"
+
 	// AllAdminActions - provides all admin permissions
 	AllAdminActions = "admin:*"
 )

 // List of all supported admin actions.
 var supportedAdminActions = map[AdminAction]struct{}{
-	HealAdminAction:                {},
-	StorageInfoAdminAction:         {},
-	DataUsageInfoAdminAction:       {},
-	TopLocksAdminAction:            {},
-	ProfilingAdminAction:           {},
-	TraceAdminAction:               {},
-	ConsoleLogAdminAction:          {},
-	KMSKeyStatusAdminAction:        {},
-	ServerInfoAdminAction:          {},
-	OBDInfoAdminAction:             {},
-	ServerUpdateAdminAction:        {},
-	ServiceRestartAdminAction:      {},
-	ServiceStopAdminAction:         {},
-	ConfigUpdateAdminAction:        {},
-	CreateUserAdminAction:          {},
-	DeleteUserAdminAction:          {},
-	ListUsersAdminAction:           {},
-	EnableUserAdminAction:          {},
-	DisableUserAdminAction:         {},
-	GetUserAdminAction:             {},
-	AddUserToGroupAdminAction:      {},
-	RemoveUserFromGroupAdminAction: {},
-	GetGroupAdminAction:            {},
-	ListGroupsAdminAction:          {},
-	EnableGroupAdminAction:         {},
-	DisableGroupAdminAction:        {},
-	CreatePolicyAdminAction:        {},
-	DeletePolicyAdminAction:        {},
-	GetPolicyAdminAction:           {},
-	AttachPolicyAdminAction:        {},
-	ListUserPoliciesAdminAction:    {},
-	SetBucketQuotaAdminAction:      {},
-	GetBucketQuotaAdminAction:      {},
-	AllAdminActions:                {},
+	HealAdminAction:                  {},
+	StorageInfoAdminAction:           {},
+	DataUsageInfoAdminAction:         {},
+	TopLocksAdminAction:              {},
+	ProfilingAdminAction:             {},
+	TraceAdminAction:                 {},
+	ConsoleLogAdminAction:            {},
+	KMSKeyStatusAdminAction:          {},
+	ServerInfoAdminAction:            {},
+	OBDInfoAdminAction:               {},
+	ServerUpdateAdminAction:          {},
+	ServiceRestartAdminAction:        {},
+	ServiceStopAdminAction:           {},
+	ConfigUpdateAdminAction:          {},
+	CreateUserAdminAction:            {},
+	DeleteUserAdminAction:            {},
+	ListUsersAdminAction:             {},
+	EnableUserAdminAction:            {},
+	DisableUserAdminAction:           {},
+	GetUserAdminAction:               {},
+	AddUserToGroupAdminAction:        {},
+	RemoveUserFromGroupAdminAction:   {},
+	GetGroupAdminAction:              {},
+	ListGroupsAdminAction:            {},
+	EnableGroupAdminAction:           {},
+	DisableGroupAdminAction:          {},
+	CreatePolicyAdminAction:          {},
+	DeletePolicyAdminAction:          {},
+	GetPolicyAdminAction:             {},
+	AttachPolicyAdminAction:          {},
+	ListUserPoliciesAdminAction:      {},
+	SetBucketQuotaAdminAction:        {},
+	GetBucketQuotaAdminAction:        {},
+	SetBucketReplicationTargetAction: {},
+	GetBucketReplicationTargetAction: {},
+	AllAdminActions:                  {},
 }

 // IsValid - checks if action is valid or not.
@@ -158,37 +167,39 @@ func (action AdminAction) IsValid() bool {

 // adminActionConditionKeyMap - holds mapping of supported condition key for an action.
 var adminActionConditionKeyMap = map[Action]condition.KeySet{
-	AllAdminActions:                condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	HealAdminAction:                condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	StorageInfoAdminAction:         condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ServerInfoAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	DataUsageInfoAdminAction:       condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	OBDInfoAdminAction:             condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	TopLocksAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ProfilingAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	TraceAdminAction:               condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ConsoleLogAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	KMSKeyStatusAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ServerUpdateAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ServiceRestartAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ServiceStopAdminAction:         condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ConfigUpdateAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	CreateUserAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	DeleteUserAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ListUsersAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	EnableUserAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	DisableUserAdminAction:         condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	GetUserAdminAction:             condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	AddUserToGroupAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	RemoveUserFromGroupAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ListGroupsAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	EnableGroupAdminAction:         condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	DisableGroupAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	CreatePolicyAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	DeletePolicyAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	GetPolicyAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	AttachPolicyAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	ListUserPoliciesAdminAction:    condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	SetBucketQuotaAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
-	GetBucketQuotaAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	AllAdminActions:                  condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	HealAdminAction:                  condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	StorageInfoAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ServerInfoAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	DataUsageInfoAdminAction:         condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	OBDInfoAdminAction:               condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	TopLocksAdminAction:              condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ProfilingAdminAction:             condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	TraceAdminAction:                 condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ConsoleLogAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	KMSKeyStatusAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ServerUpdateAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ServiceRestartAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ServiceStopAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ConfigUpdateAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	CreateUserAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	DeleteUserAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ListUsersAdminAction:             condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	EnableUserAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	DisableUserAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	GetUserAdminAction:               condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	AddUserToGroupAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	RemoveUserFromGroupAdminAction:   condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ListGroupsAdminAction:            condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	EnableGroupAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	DisableGroupAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	CreatePolicyAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	DeletePolicyAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	GetPolicyAdminAction:             condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	AttachPolicyAdminAction:          condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	ListUserPoliciesAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	SetBucketQuotaAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	GetBucketQuotaAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	SetBucketReplicationTargetAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	GetBucketReplicationTargetAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
 }