TrueCloudLab/frostfs-s3-gw
15
2
Fork 16
Code Issues 20 Pull requests 4 Projects Releases 13 Packages Activity Actions

[#343] docs: Actualize s3 compatibility table
All checks were successful
/ Builds (1.20) (pull_request) Successful in 13m52s
Details
/ Builds (1.21) (pull_request) Successful in 13m40s
Details
/ Lint (pull_request) Successful in 19m2s
Details
/ Tests (1.20) (pull_request) Successful in 14m18s
Details
/ Tests (1.21) (pull_request) Successful in 14m23s
Details
/ DCO (pull_request) Successful in 2m55s
Details
/ Vulncheck (pull_request) Successful in 1m9s
Details

Browse source 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-04-02 10:00:44 +03:00
parent 348126b3b8
commit 6b8095182e
1 changed files with 176 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

112
docs/aws_s3_compat.md
View file

@ -1,10 +1,11 @@
# S3 API support # S3 API support
Reference: Reference:
* [AWS S3 API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/s3-api.pdf) * [AWS S3 API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/s3-api.pdf)
| | Legend | | | Legend |
|----|-------------------------------------------| |-----|-------------------------------------------|
| 🟢 | Supported | | 🟢 | Supported |
| 🟡 | Partially supported | | 🟡 | Partially supported |
| 🔵 | Not supported yet, but will be in future | | 🔵 | Not supported yet, but will be in future |
@ -13,7 +14,7 @@ Reference:
## Object ## Object
| | Method | Comments | | | Method | Comments |
|----|------------------------|-----------------------------------------| |-----|------------------------|-----------------------------------------|
| 🟢 | CopyObject | Done on gateway side | | 🟢 | CopyObject | Done on gateway side |
| 🟢 | DeleteObject | | | 🟢 | DeleteObject | |
| 🟢 | DeleteObjects | aka DeleteMultipleObjects | | 🟢 | DeleteObjects | aka DeleteMultipleObjects |
@ -31,42 +32,26 @@ Reference:
## ACL ## ACL
For now there are some limitations: For now there are some limitations:
* [Bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html) supports only one `Principal` per `Statement`.
Principal must be `"AWS": "*"` (to refer all users) or `"CanonicalUser": "0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf"` (hex encoded public key of desired user).
* Resource in bucket policy is an array. Each item MUST contain bucket name, CAN contain object name (wildcards are not supported):
```json
{
"Statement": [
{
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/some/object"
]
}
]
}
```
* AWS conditions and wildcard are not supported in [resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-arn-format.html)
* Only `CanonicalUser` (with hex encoded public key) and `All Users Group` are supported in [ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html)
| | Method | Comments | | | Method | Comments |
|----|--------------|-----------------| |-----|--------------|-----------------------------------|
| 🟡 | GetObjectAcl | See Limitations | | 🟢 | GetObjectAcl | Objects can have only private acl |
| 🟡 | PutObjectAcl | See Limitations | | 🔴 | PutObjectAcl | Use PutBucketPolicy instead |
## Locking ## Locking
For now there are some limitations: For now there are some limitations:
* Retention period can't be shortened, only extended. * Retention period can't be shortened, only extended.
* You can't delete locks or object with unexpired lock. * You can't delete locks or object with unexpired lock.
| | Method | Comments | | | Method | Comments |
|-----|----------------------------|---------------------------| |-----|----------------------------|-------------------------------|
| 🟡 | GetObjectLegalHold | | | 🟡 | GetObjectLegalHold | |
| 🟢 | GetObjectLockConfiguration | GetBucketObjectLockConfig | | 🟢 | GetObjectLockConfiguration | aka GetBucketObjectLockConfig |
| 🟡 | GetObjectRetention | | | 🟡 | GetObjectRetention | |
| 🟡 | PutObjectLegalHold | | | 🟡 | PutObjectLegalHold | |
| 🟢 | PutObjectLockConfiguration | PutBucketObjectLockConfig | | 🟢 | PutObjectLockConfiguration | aka PutBucketObjectLockConfig |
| 🟡 | PutObjectRetention | | | 🟡 | PutObjectRetention | |
## Multipart ## Multipart
@ -76,7 +61,7 @@ sends whitespace characters to keep connection with the client alive. In this
case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`. case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
| | Method | Comments | | | Method | Comments |
|----|-------------------------|----------| |-----|-------------------------|----------|
| 🟢 | AbortMultipartUpload | | | 🟢 | AbortMultipartUpload | |
| 🟢 | CompleteMultipartUpload | | | 🟢 | CompleteMultipartUpload | |
| 🟢 | CreateMultipartUpload | | | 🟢 | CreateMultipartUpload | |
@ -88,7 +73,7 @@ case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
## Tagging ## Tagging
| | Method | Comments | | | Method | Comments |
|----|---------------------|----------| |-----|---------------------|----------|
| 🟢 | DeleteObjectTagging | | | 🟢 | DeleteObjectTagging | |
| 🟢 | GetObjectTagging | | | 🟢 | GetObjectTagging | |
| 🟢 | PutObjectTagging | | | 🟢 | PutObjectTagging | |
@ -98,14 +83,14 @@ case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
See also `GetObject` and other method parameters. See also `GetObject` and other method parameters.
| | Method | Comments | | | Method | Comments |
|----|--------------------|--------------------------| |-----|--------------------|--------------------------|
| 🟢 | ListObjectVersions | ListBucketObjectVersions | | 🟢 | ListObjectVersions | ListBucketObjectVersions |
| 🔵 | RestoreObject | | | 🔵 | RestoreObject | |
## Bucket ## Bucket
| | Method | Comments | | | Method | Comments |
|----|----------------------|-----------| |-----|----------------------|-----------|
| 🟢 | CreateBucket | PutBucket | | 🟢 | CreateBucket | PutBucket |
| 🟢 | DeleteBucket | | | 🟢 | DeleteBucket | |
| 🟢 | GetBucketLocation | | | 🟢 | GetBucketLocation | |
@ -116,21 +101,21 @@ See also `GetObject` and other method parameters.
## Acceleration ## Acceleration
| | Method | Comments | | | Method | Comments |
|----|----------------------------------|---------------------| |-----|----------------------------------|---------------------|
| 🔴 | GetBucketAccelerateConfiguration | GetBucketAccelerate | | 🔴 | GetBucketAccelerateConfiguration | GetBucketAccelerate |
| 🔴 | PutBucketAccelerateConfiguration | | | 🔴 | PutBucketAccelerateConfiguration | |
## ACL ## ACL
| | Method | Comments | | | Method | Comments |
|----|--------------|---------------------| |-----|--------------|------------------------------|
| 🟡 | GetBucketAcl | See ACL limitations | | 🟡 | GetBucketAcl | Only canned acl is supported |
| 🟡 | PutBucketAcl | See ACL Limitations | | 🟡 | PutBucketAcl | Only canned acl is supported |
## Analytics ## Analytics
| | Method | Comments | | | Method | Comments |
|----|------------------------------------|----------| |-----|------------------------------------|----------|
| 🔵 | DeleteBucketAnalyticsConfiguration | | | 🔵 | DeleteBucketAnalyticsConfiguration | |
| 🔵 | GetBucketAnalyticsConfiguration | | | 🔵 | GetBucketAnalyticsConfiguration | |
| 🔵 | ListBucketAnalyticsConfigurations | | | 🔵 | ListBucketAnalyticsConfigurations | |
@ -139,7 +124,7 @@ See also `GetObject` and other method parameters.
## CORS ## CORS
| | Method | Comments | | | Method | Comments |
|----|------------------|----------| |-----|------------------|----------|
| 🟢 | DeleteBucketCors | | | 🟢 | DeleteBucketCors | |
| 🟢 | GetBucketCors | | | 🟢 | GetBucketCors | |
| 🟢 | PutBucketCors | | | 🟢 | PutBucketCors | |
@ -147,7 +132,7 @@ See also `GetObject` and other method parameters.
## Encryption ## Encryption
| | Method | Comments | | | Method | Comments |
|----|------------------------|----------| |-----|------------------------|----------|
| 🔵 | DeleteBucketEncryption | | | 🔵 | DeleteBucketEncryption | |
| 🔵 | GetBucketEncryption | | | 🔵 | GetBucketEncryption | |
| 🔵 | PutBucketEncryption | | | 🔵 | PutBucketEncryption | |
@ -155,7 +140,7 @@ See also `GetObject` and other method parameters.
## Inventory ## Inventory
| | Method | Comments | | | Method | Comments |
|----|------------------------------------|----------| |-----|------------------------------------|----------|
| 🔵 | DeleteBucketInventoryConfiguration | | | 🔵 | DeleteBucketInventoryConfiguration | |
| 🔵 | GetBucketInventoryConfiguration | | | 🔵 | GetBucketInventoryConfiguration | |
| 🔵 | ListBucketInventoryConfigurations | | | 🔵 | ListBucketInventoryConfigurations | |
@ -164,7 +149,7 @@ See also `GetObject` and other method parameters.
## Lifecycle ## Lifecycle
| | Method | Comments | | | Method | Comments |
|----|---------------------------------|----------| |-----|---------------------------------|----------|
| 🔵 | DeleteBucketLifecycle | | | 🔵 | DeleteBucketLifecycle | |
| 🔵 | GetBucketLifecycle | | | 🔵 | GetBucketLifecycle | |
| 🔵 | GetBucketLifecycleConfiguration | | | 🔵 | GetBucketLifecycleConfiguration | |
@ -174,14 +159,14 @@ See also `GetObject` and other method parameters.
## Logging ## Logging
| | Method | Comments | | | Method | Comments |
|----|------------------|----------| |-----|------------------|----------|
| 🔵 | GetBucketLogging | | | 🔵 | GetBucketLogging | |
| 🔵 | PutBucketLogging | | | 🔵 | PutBucketLogging | |
## Metrics ## Metrics
| | Method | Comments | | | Method | Comments |
|----|----------------------------------|----------| |-----|----------------------------------|----------|
| 🔵 | DeleteBucketMetricsConfiguration | | | 🔵 | DeleteBucketMetricsConfiguration | |
| 🔵 | GetBucketMetricsConfiguration | | | 🔵 | GetBucketMetricsConfiguration | |
| 🔵 | ListBucketMetricsConfigurations | | | 🔵 | ListBucketMetricsConfigurations | |
@ -190,7 +175,7 @@ See also `GetObject` and other method parameters.
## Notifications ## Notifications
| | Method | Comments | | | Method | Comments |
|----|------------------------------------|---------------| |-----|------------------------------------|---------------|
| 🔵 | GetBucketNotification | | | 🔵 | GetBucketNotification | |
| 🔵 | GetBucketNotificationConfiguration | | | 🔵 | GetBucketNotificationConfiguration | |
| 🔵 | ListenBucketNotification | non-standard? | | 🔵 | ListenBucketNotification | non-standard? |
@ -200,7 +185,7 @@ See also `GetObject` and other method parameters.
## Ownership controls ## Ownership controls
| | Method | Comments | | | Method | Comments |
|----|-------------------------------|----------| |-----|-------------------------------|----------|
| 🔵 | DeleteBucketOwnershipControls | | | 🔵 | DeleteBucketOwnershipControls | |
| 🔵 | GetBucketOwnershipControls | | | 🔵 | GetBucketOwnershipControls | |
| 🔵 | PutBucketOwnershipControls | | | 🔵 | PutBucketOwnershipControls | |
@ -208,33 +193,46 @@ See also `GetObject` and other method parameters.
## Policy and replication ## Policy and replication
Bucket policy has the following limitations Bucket policy has the following limitations
* Supports only AWS principals in format `arn:aws:iam::<namespace>:user/<user>` or wildcard `*`. * Supports only AWS principals in format `arn:aws:iam::<namespace>:user/<user>` or wildcard `*`.
* No complex conditions (only conditions for groups now supported) * No complex conditions (only conditions for groups now supported)
Simple valid policy example: Simple valid policy example:
```json ```json
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
"Statement": [{ "Statement": [
"Principal": {"AWS": ["arn:aws:iam::111122223333:role/JohnDoe"]}, {
"Principal": {
"AWS": [
"arn:aws:iam::111122223333:role/JohnDoe"
]
},
"Effect": "Allow", "Effect": "Allow",
"Action": ["s3:GetObject","s3:GetObjectVersion"], "Action": [
"Resource": ["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"] "s3:GetObject",
}] "s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
]
}
]
} }
``` ```
Bucket policy status determines using the following scheme: Bucket policy status determines using the following scheme:
* If policy has statement with principal that is wildcard (`*`) then policy is considered as public * If policy has statement with principal that is wildcard (`*`) then policy is considered as public
| | Method | Comments | | | Method | Comments |
|-----|-------------------------|-----------------------------| |-----|-------------------------|---------------------------------------------------|
| 🟡 | DeleteBucketPolicy | See Policy limitations | | 🟢 | DeleteBucketPolicy | See Policy limitations |
| 🔵 | DeleteBucketReplication | | | 🔵 | DeleteBucketReplication | |
| 🔵 | DeletePublicAccessBlock | | | 🔵 | DeletePublicAccessBlock | |
| 🟡 | GetBucketPolicy | See Policy limitations | | 🟢 | GetBucketPolicy | See Policy limitations |
| 🟡 | GetBucketPolicyStatus | | | 🟢 | GetBucketPolicyStatus | See rule determining status in Policy limitations |
| 🔵 | GetBucketReplication | | | 🔵 | GetBucketReplication | |
| 🟢 | PostPolicyBucket | Upload file using POST form | | 🟢 | PostPolicyBucket | Upload file using POST form |
| 🟡 | PutBucketPolicy | See Policy limitations | | 🟡 | PutBucketPolicy | See Policy limitations |
@ -243,14 +241,14 @@ Bucket policy status determines using the following scheme:
## Request payment ## Request payment
| | Method | Comments | | | Method | Comments |
|----|-------------------------|----------| |-----|-------------------------|----------|
| 🔴 | GetBucketRequestPayment | | | 🔴 | GetBucketRequestPayment | |
| 🔴 | PutBucketRequestPayment | | | 🔴 | PutBucketRequestPayment | |
## Tagging ## Tagging
| | Method | Comments | | | Method | Comments |
|----|---------------------|----------| |-----|---------------------|----------|
| 🟢 | DeleteBucketTagging | | | 🟢 | DeleteBucketTagging | |
| 🟢 | GetBucketTagging | | | 🟢 | GetBucketTagging | |
| 🟢 | PutBucketTagging | | | 🟢 | PutBucketTagging | |
@ -258,7 +256,7 @@ Bucket policy status determines using the following scheme:
## Tiering ## Tiering
| | Method | Comments | | | Method | Comments |
|----|---------------------------------------------|----------| |-----|---------------------------------------------|----------|
| 🔵 | DeleteBucketIntelligentTieringConfiguration | | | 🔵 | DeleteBucketIntelligentTieringConfiguration | |
| 🔵 | GetBucketIntelligentTieringConfiguration | | | 🔵 | GetBucketIntelligentTieringConfiguration | |
| 🔵 | ListBucketIntelligentTieringConfigurations | | | 🔵 | ListBucketIntelligentTieringConfigurations | |
@ -267,14 +265,14 @@ Bucket policy status determines using the following scheme:
## Versioning ## Versioning
| | Method | Comments | | | Method | Comments |
|----|---------------------|----------| |-----|---------------------|----------|
| 🟢 | GetBucketVersioning | | | 🟢 | GetBucketVersioning | |
| 🟢 | PutBucketVersioning | | | 🟢 | PutBucketVersioning | |
## Website ## Website
| | Method | Comments | | | Method | Comments |
|----|---------------------|----------| |-----|---------------------|----------|
| 🔵 | DeleteBucketWebsite | | | 🔵 | DeleteBucketWebsite | |
| 🔵 | GetBucketWebsite | | | 🔵 | GetBucketWebsite | |
| 🔵 | PutBucketWebsite | | | 🔵 | PutBucketWebsite | |