frostfs-s3-gw/docs/aws_s3_compat.md
Denis Kirillov 6b8095182e
All checks were successful
/ Builds (1.20) (pull_request) Successful in 13m52s
/ Builds (1.21) (pull_request) Successful in 13m40s
/ Lint (pull_request) Successful in 19m2s
/ Tests (1.20) (pull_request) Successful in 14m18s
/ Tests (1.21) (pull_request) Successful in 14m23s
/ DCO (pull_request) Successful in 2m55s
/ Vulncheck (pull_request) Successful in 1m9s
[#343] docs: Actualize s3 compatibility table
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 15:02:51 +03:00

10 KiB

S3 API support

Reference:

Legend
🟢 Supported
🟡 Partially supported
🔵 Not supported yet, but will be in future
🔴 Not applicable or will never be supported

Object

Method Comments
🟢 CopyObject Done on gateway side
🟢 DeleteObject
🟢 DeleteObjects aka DeleteMultipleObjects
🟢 GetObject
🔴 GetObjectTorrent We don't plan implementing BT gateway
🟢 HeadObject
🟢 ListParts Parts loaded with MultipartUpload
🟢 ListObjects
🟢 ListObjectsV2
🟢 PutObject Content-MD5 header deprecated
🔵 SelectObjectContent Need to have some Lambda to execute SQL
🔵 WriteGetObjectResponse Waiting for Lambda to be developed
🟢 GetObjectAttributes

ACL

For now there are some limitations:

Method Comments
🟢 GetObjectAcl Objects can have only private acl
🔴 PutObjectAcl Use PutBucketPolicy instead

Locking

For now there are some limitations:

  • Retention period can't be shortened, only extended.
  • You can't delete locks or object with unexpired lock.
Method Comments
🟡 GetObjectLegalHold
🟢 GetObjectLockConfiguration aka GetBucketObjectLockConfig
🟡 GetObjectRetention
🟡 PutObjectLegalHold
🟢 PutObjectLockConfiguration aka PutBucketObjectLockConfig
🟡 PutObjectRetention

Multipart

CompleteMultipartUpload operations may take long time to complete. Gateway sends whitespace characters to keep connection with the client alive. In this case, gateway is unable to set proper HTTP headers like X-Amz-Version-Id.

Method Comments
🟢 AbortMultipartUpload
🟢 CompleteMultipartUpload
🟢 CreateMultipartUpload
🟢 ListMultipartUploads
🟢 ListParts
🟢 UploadPart
🟢 UploadPartCopy

Tagging

Method Comments
🟢 DeleteObjectTagging
🟢 GetObjectTagging
🟢 PutObjectTagging

Versioning

See also GetObject and other method parameters.

Method Comments
🟢 ListObjectVersions ListBucketObjectVersions
🔵 RestoreObject

Bucket

Method Comments
🟢 CreateBucket PutBucket
🟢 DeleteBucket
🟢 GetBucketLocation
🟢 HeadBucket
🟢 ListBuckets
🔵 PutPublicAccessBlock

Acceleration

Method Comments
🔴 GetBucketAccelerateConfiguration GetBucketAccelerate
🔴 PutBucketAccelerateConfiguration

ACL

Method Comments
🟡 GetBucketAcl Only canned acl is supported
🟡 PutBucketAcl Only canned acl is supported

Analytics

Method Comments
🔵 DeleteBucketAnalyticsConfiguration
🔵 GetBucketAnalyticsConfiguration
🔵 ListBucketAnalyticsConfigurations
🔵 PutBucketAnalyticsConfiguration

CORS

Method Comments
🟢 DeleteBucketCors
🟢 GetBucketCors
🟢 PutBucketCors

Encryption

Method Comments
🔵 DeleteBucketEncryption
🔵 GetBucketEncryption
🔵 PutBucketEncryption

Inventory

Method Comments
🔵 DeleteBucketInventoryConfiguration
🔵 GetBucketInventoryConfiguration
🔵 ListBucketInventoryConfigurations
🔵 PutBucketInventoryConfiguration

Lifecycle

Method Comments
🔵 DeleteBucketLifecycle
🔵 GetBucketLifecycle
🔵 GetBucketLifecycleConfiguration
🔵 PutBucketLifecycle
🔵 PutBucketLifecycleConfiguration

Logging

Method Comments
🔵 GetBucketLogging
🔵 PutBucketLogging

Metrics

Method Comments
🔵 DeleteBucketMetricsConfiguration
🔵 GetBucketMetricsConfiguration
🔵 ListBucketMetricsConfigurations
🔵 PutBucketMetricsConfiguration

Notifications

Method Comments
🔵 GetBucketNotification
🔵 GetBucketNotificationConfiguration
🔵 ListenBucketNotification non-standard?
🔵 PutBucketNotification
🔵 PutBucketNotificationConfiguration

Ownership controls

Method Comments
🔵 DeleteBucketOwnershipControls
🔵 GetBucketOwnershipControls
🔵 PutBucketOwnershipControls

Policy and replication

Bucket policy has the following limitations

  • Supports only AWS principals in format arn:aws:iam::<namespace>:user/<user> or wildcard *.
  • No complex conditions (only conditions for groups now supported)

Simple valid policy example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Principal": {
        "AWS": [
          "arn:aws:iam::111122223333:role/JohnDoe"
        ]
      },
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion"
      ],
      "Resource": [
        "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
      ]
    }
  ]
}

Bucket policy status determines using the following scheme:

  • If policy has statement with principal that is wildcard (*) then policy is considered as public
Method Comments
🟢 DeleteBucketPolicy See Policy limitations
🔵 DeleteBucketReplication
🔵 DeletePublicAccessBlock
🟢 GetBucketPolicy See Policy limitations
🟢 GetBucketPolicyStatus See rule determining status in Policy limitations
🔵 GetBucketReplication
🟢 PostPolicyBucket Upload file using POST form
🟡 PutBucketPolicy See Policy limitations
🔵 PutBucketReplication

Request payment

Method Comments
🔴 GetBucketRequestPayment
🔴 PutBucketRequestPayment

Tagging

Method Comments
🟢 DeleteBucketTagging
🟢 GetBucketTagging
🟢 PutBucketTagging

Tiering

Method Comments
🔵 DeleteBucketIntelligentTieringConfiguration
🔵 GetBucketIntelligentTieringConfiguration
🔵 ListBucketIntelligentTieringConfigurations
🔵 PutBucketIntelligentTieringConfiguration

Versioning

Method Comments
🟢 GetBucketVersioning
🟢 PutBucketVersioning

Website

Method Comments
🔵 DeleteBucketWebsite
🔵 GetBucketWebsite
🔵 PutBucketWebsite