[#343] docs: Actualize s3 compatibility table
All checks were successful
/ Builds (1.20) (pull_request) Successful in 13m52s
/ Builds (1.21) (pull_request) Successful in 13m40s
/ Lint (pull_request) Successful in 19m2s
/ Tests (1.20) (pull_request) Successful in 14m18s
/ Tests (1.21) (pull_request) Successful in 14m23s
/ DCO (pull_request) Successful in 2m55s
/ Vulncheck (pull_request) Successful in 1m9s
All checks were successful
/ Builds (1.20) (pull_request) Successful in 13m52s
/ Builds (1.21) (pull_request) Successful in 13m40s
/ Lint (pull_request) Successful in 19m2s
/ Tests (1.20) (pull_request) Successful in 14m18s
/ Tests (1.21) (pull_request) Successful in 14m23s
/ DCO (pull_request) Successful in 2m55s
/ Vulncheck (pull_request) Successful in 1m9s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
348126b3b8
commit
6b8095182e
1 changed files with 176 additions and 178 deletions
|
@ -1,10 +1,11 @@
|
|||
# S3 API support
|
||||
|
||||
Reference:
|
||||
|
||||
* [AWS S3 API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/s3-api.pdf)
|
||||
|
||||
| | Legend |
|
||||
|----|-------------------------------------------|
|
||||
|-----|-------------------------------------------|
|
||||
| 🟢 | Supported |
|
||||
| 🟡 | Partially supported |
|
||||
| 🔵 | Not supported yet, but will be in future |
|
||||
|
@ -13,7 +14,7 @@ Reference:
|
|||
## Object
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------------|-----------------------------------------|
|
||||
|-----|------------------------|-----------------------------------------|
|
||||
| 🟢 | CopyObject | Done on gateway side |
|
||||
| 🟢 | DeleteObject | |
|
||||
| 🟢 | DeleteObjects | aka DeleteMultipleObjects |
|
||||
|
@ -31,42 +32,26 @@ Reference:
|
|||
## ACL
|
||||
|
||||
For now there are some limitations:
|
||||
* [Bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html) supports only one `Principal` per `Statement`.
|
||||
Principal must be `"AWS": "*"` (to refer all users) or `"CanonicalUser": "0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf"` (hex encoded public key of desired user).
|
||||
* Resource in bucket policy is an array. Each item MUST contain bucket name, CAN contain object name (wildcards are not supported):
|
||||
```json
|
||||
{
|
||||
"Statement": [
|
||||
{
|
||||
"Resource": [
|
||||
"arn:aws:s3:::bucket",
|
||||
"arn:aws:s3:::bucket/some/object"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
* AWS conditions and wildcard are not supported in [resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-arn-format.html)
|
||||
* Only `CanonicalUser` (with hex encoded public key) and `All Users Group` are supported in [ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html)
|
||||
|
||||
| | Method | Comments |
|
||||
|----|--------------|-----------------|
|
||||
| 🟡 | GetObjectAcl | See Limitations |
|
||||
| 🟡 | PutObjectAcl | See Limitations |
|
||||
|-----|--------------|-----------------------------------|
|
||||
| 🟢 | GetObjectAcl | Objects can have only private acl |
|
||||
| 🔴 | PutObjectAcl | Use PutBucketPolicy instead |
|
||||
|
||||
## Locking
|
||||
|
||||
For now there are some limitations:
|
||||
|
||||
* Retention period can't be shortened, only extended.
|
||||
* You can't delete locks or object with unexpired lock.
|
||||
|
||||
| | Method | Comments |
|
||||
|-----|----------------------------|---------------------------|
|
||||
|-----|----------------------------|-------------------------------|
|
||||
| 🟡 | GetObjectLegalHold | |
|
||||
| 🟢 | GetObjectLockConfiguration | GetBucketObjectLockConfig |
|
||||
| 🟢 | GetObjectLockConfiguration | aka GetBucketObjectLockConfig |
|
||||
| 🟡 | GetObjectRetention | |
|
||||
| 🟡 | PutObjectLegalHold | |
|
||||
| 🟢 | PutObjectLockConfiguration | PutBucketObjectLockConfig |
|
||||
| 🟢 | PutObjectLockConfiguration | aka PutBucketObjectLockConfig |
|
||||
| 🟡 | PutObjectRetention | |
|
||||
|
||||
## Multipart
|
||||
|
@ -76,7 +61,7 @@ sends whitespace characters to keep connection with the client alive. In this
|
|||
case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
|
||||
|
||||
| | Method | Comments |
|
||||
|----|-------------------------|----------|
|
||||
|-----|-------------------------|----------|
|
||||
| 🟢 | AbortMultipartUpload | |
|
||||
| 🟢 | CompleteMultipartUpload | |
|
||||
| 🟢 | CreateMultipartUpload | |
|
||||
|
@ -88,7 +73,7 @@ case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
|
|||
## Tagging
|
||||
|
||||
| | Method | Comments |
|
||||
|----|---------------------|----------|
|
||||
|-----|---------------------|----------|
|
||||
| 🟢 | DeleteObjectTagging | |
|
||||
| 🟢 | GetObjectTagging | |
|
||||
| 🟢 | PutObjectTagging | |
|
||||
|
@ -98,14 +83,14 @@ case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
|
|||
See also `GetObject` and other method parameters.
|
||||
|
||||
| | Method | Comments |
|
||||
|----|--------------------|--------------------------|
|
||||
|-----|--------------------|--------------------------|
|
||||
| 🟢 | ListObjectVersions | ListBucketObjectVersions |
|
||||
| 🔵 | RestoreObject | |
|
||||
|
||||
## Bucket
|
||||
|
||||
| | Method | Comments |
|
||||
|----|----------------------|-----------|
|
||||
|-----|----------------------|-----------|
|
||||
| 🟢 | CreateBucket | PutBucket |
|
||||
| 🟢 | DeleteBucket | |
|
||||
| 🟢 | GetBucketLocation | |
|
||||
|
@ -116,21 +101,21 @@ See also `GetObject` and other method parameters.
|
|||
## Acceleration
|
||||
|
||||
| | Method | Comments |
|
||||
|----|----------------------------------|---------------------|
|
||||
|-----|----------------------------------|---------------------|
|
||||
| 🔴 | GetBucketAccelerateConfiguration | GetBucketAccelerate |
|
||||
| 🔴 | PutBucketAccelerateConfiguration | |
|
||||
|
||||
## ACL
|
||||
|
||||
| | Method | Comments |
|
||||
|----|--------------|---------------------|
|
||||
| 🟡 | GetBucketAcl | See ACL limitations |
|
||||
| 🟡 | PutBucketAcl | See ACL Limitations |
|
||||
|-----|--------------|------------------------------|
|
||||
| 🟡 | GetBucketAcl | Only canned acl is supported |
|
||||
| 🟡 | PutBucketAcl | Only canned acl is supported |
|
||||
|
||||
## Analytics
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------------------------|----------|
|
||||
|-----|------------------------------------|----------|
|
||||
| 🔵 | DeleteBucketAnalyticsConfiguration | |
|
||||
| 🔵 | GetBucketAnalyticsConfiguration | |
|
||||
| 🔵 | ListBucketAnalyticsConfigurations | |
|
||||
|
@ -139,7 +124,7 @@ See also `GetObject` and other method parameters.
|
|||
## CORS
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------|----------|
|
||||
|-----|------------------|----------|
|
||||
| 🟢 | DeleteBucketCors | |
|
||||
| 🟢 | GetBucketCors | |
|
||||
| 🟢 | PutBucketCors | |
|
||||
|
@ -147,7 +132,7 @@ See also `GetObject` and other method parameters.
|
|||
## Encryption
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------------|----------|
|
||||
|-----|------------------------|----------|
|
||||
| 🔵 | DeleteBucketEncryption | |
|
||||
| 🔵 | GetBucketEncryption | |
|
||||
| 🔵 | PutBucketEncryption | |
|
||||
|
@ -155,7 +140,7 @@ See also `GetObject` and other method parameters.
|
|||
## Inventory
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------------------------|----------|
|
||||
|-----|------------------------------------|----------|
|
||||
| 🔵 | DeleteBucketInventoryConfiguration | |
|
||||
| 🔵 | GetBucketInventoryConfiguration | |
|
||||
| 🔵 | ListBucketInventoryConfigurations | |
|
||||
|
@ -164,7 +149,7 @@ See also `GetObject` and other method parameters.
|
|||
## Lifecycle
|
||||
|
||||
| | Method | Comments |
|
||||
|----|---------------------------------|----------|
|
||||
|-----|---------------------------------|----------|
|
||||
| 🔵 | DeleteBucketLifecycle | |
|
||||
| 🔵 | GetBucketLifecycle | |
|
||||
| 🔵 | GetBucketLifecycleConfiguration | |
|
||||
|
@ -174,14 +159,14 @@ See also `GetObject` and other method parameters.
|
|||
## Logging
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------|----------|
|
||||
|-----|------------------|----------|
|
||||
| 🔵 | GetBucketLogging | |
|
||||
| 🔵 | PutBucketLogging | |
|
||||
|
||||
## Metrics
|
||||
|
||||
| | Method | Comments |
|
||||
|----|----------------------------------|----------|
|
||||
|-----|----------------------------------|----------|
|
||||
| 🔵 | DeleteBucketMetricsConfiguration | |
|
||||
| 🔵 | GetBucketMetricsConfiguration | |
|
||||
| 🔵 | ListBucketMetricsConfigurations | |
|
||||
|
@ -190,7 +175,7 @@ See also `GetObject` and other method parameters.
|
|||
## Notifications
|
||||
|
||||
| | Method | Comments |
|
||||
|----|------------------------------------|---------------|
|
||||
|-----|------------------------------------|---------------|
|
||||
| 🔵 | GetBucketNotification | |
|
||||
| 🔵 | GetBucketNotificationConfiguration | |
|
||||
| 🔵 | ListenBucketNotification | non-standard? |
|
||||
|
@ -200,7 +185,7 @@ See also `GetObject` and other method parameters.
|
|||
## Ownership controls
|
||||
|
||||
| | Method | Comments |
|
||||
|----|-------------------------------|----------|
|
||||
|-----|-------------------------------|----------|
|
||||
| 🔵 | DeleteBucketOwnershipControls | |
|
||||
| 🔵 | GetBucketOwnershipControls | |
|
||||
| 🔵 | PutBucketOwnershipControls | |
|
||||
|
@ -208,33 +193,46 @@ See also `GetObject` and other method parameters.
|
|||
## Policy and replication
|
||||
|
||||
Bucket policy has the following limitations
|
||||
|
||||
* Supports only AWS principals in format `arn:aws:iam::<namespace>:user/<user>` or wildcard `*`.
|
||||
* No complex conditions (only conditions for groups now supported)
|
||||
|
||||
Simple valid policy example:
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [{
|
||||
"Principal": {"AWS": ["arn:aws:iam::111122223333:role/JohnDoe"]},
|
||||
"Statement": [
|
||||
{
|
||||
"Principal": {
|
||||
"AWS": [
|
||||
"arn:aws:iam::111122223333:role/JohnDoe"
|
||||
]
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Action": ["s3:GetObject","s3:GetObjectVersion"],
|
||||
"Resource": ["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
|
||||
}]
|
||||
"Action": [
|
||||
"s3:GetObject",
|
||||
"s3:GetObjectVersion"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Bucket policy status determines using the following scheme:
|
||||
|
||||
* If policy has statement with principal that is wildcard (`*`) then policy is considered as public
|
||||
|
||||
|
||||
| | Method | Comments |
|
||||
|-----|-------------------------|-----------------------------|
|
||||
| 🟡 | DeleteBucketPolicy | See Policy limitations |
|
||||
|-----|-------------------------|---------------------------------------------------|
|
||||
| 🟢 | DeleteBucketPolicy | See Policy limitations |
|
||||
| 🔵 | DeleteBucketReplication | |
|
||||
| 🔵 | DeletePublicAccessBlock | |
|
||||
| 🟡 | GetBucketPolicy | See Policy limitations |
|
||||
| 🟡 | GetBucketPolicyStatus | |
|
||||
| 🟢 | GetBucketPolicy | See Policy limitations |
|
||||
| 🟢 | GetBucketPolicyStatus | See rule determining status in Policy limitations |
|
||||
| 🔵 | GetBucketReplication | |
|
||||
| 🟢 | PostPolicyBucket | Upload file using POST form |
|
||||
| 🟡 | PutBucketPolicy | See Policy limitations |
|
||||
|
@ -243,14 +241,14 @@ Bucket policy status determines using the following scheme:
|
|||
## Request payment
|
||||
|
||||
| | Method | Comments |
|
||||
|----|-------------------------|----------|
|
||||
|-----|-------------------------|----------|
|
||||
| 🔴 | GetBucketRequestPayment | |
|
||||
| 🔴 | PutBucketRequestPayment | |
|
||||
|
||||
## Tagging
|
||||
|
||||
| | Method | Comments |
|
||||
|----|---------------------|----------|
|
||||
|-----|---------------------|----------|
|
||||
| 🟢 | DeleteBucketTagging | |
|
||||
| 🟢 | GetBucketTagging | |
|
||||
| 🟢 | PutBucketTagging | |
|
||||
|
@ -258,7 +256,7 @@ Bucket policy status determines using the following scheme:
|
|||
## Tiering
|
||||
|
||||
| | Method | Comments |
|
||||
|----|---------------------------------------------|----------|
|
||||
|-----|---------------------------------------------|----------|
|
||||
| 🔵 | DeleteBucketIntelligentTieringConfiguration | |
|
||||
| 🔵 | GetBucketIntelligentTieringConfiguration | |
|
||||
| 🔵 | ListBucketIntelligentTieringConfigurations | |
|
||||
|
@ -267,14 +265,14 @@ Bucket policy status determines using the following scheme:
|
|||
## Versioning
|
||||
|
||||
| | Method | Comments |
|
||||
|----|---------------------|----------|
|
||||
|-----|---------------------|----------|
|
||||
| 🟢 | GetBucketVersioning | |
|
||||
| 🟢 | PutBucketVersioning | |
|
||||
|
||||
## Website
|
||||
|
||||
| | Method | Comments |
|
||||
|----|---------------------|----------|
|
||||
|-----|---------------------|----------|
|
||||
| 🔵 | DeleteBucketWebsite | |
|
||||
| 🔵 | GetBucketWebsite | |
|
||||
| 🔵 | PutBucketWebsite | |
|
||||
|
|
Loading…
Reference in a new issue