[#343] docs: Actualize s3 compatibility table

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-04-02 10:00:44 +03:00
parent 348126b3b8
commit 6b8095182e

View file

@ -1,10 +1,11 @@
# S3 API support
Reference:
* [AWS S3 API Reference](https://docs.aws.amazon.com/AmazonS3/latest/API/s3-api.pdf)
| | Legend |
|----|-------------------------------------------|
|-----|-------------------------------------------|
| 🟢 | Supported |
| 🟡 | Partially supported |
| 🔵 | Not supported yet, but will be in future |
@ -13,7 +14,7 @@ Reference:
## Object
| | Method | Comments |
|----|------------------------|-----------------------------------------|
|-----|------------------------|-----------------------------------------|
| 🟢 | CopyObject | Done on gateway side |
| 🟢 | DeleteObject | |
| 🟢 | DeleteObjects | aka DeleteMultipleObjects |
@ -31,42 +32,26 @@ Reference:
## ACL
For now there are some limitations:
* [Bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html) supports only one `Principal` per `Statement`.
Principal must be `"AWS": "*"` (to refer all users) or `"CanonicalUser": "0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf"` (hex encoded public key of desired user).
* Resource in bucket policy is an array. Each item MUST contain bucket name, CAN contain object name (wildcards are not supported):
```json
{
"Statement": [
{
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/some/object"
]
}
]
}
```
* AWS conditions and wildcard are not supported in [resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-arn-format.html)
* Only `CanonicalUser` (with hex encoded public key) and `All Users Group` are supported in [ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html)
| | Method | Comments |
|----|--------------|-----------------|
| 🟡 | GetObjectAcl | See Limitations |
| 🟡 | PutObjectAcl | See Limitations |
|-----|--------------|-----------------------------------|
| 🟢 | GetObjectAcl | Objects can have only private acl |
| 🔴 | PutObjectAcl | Use PutBucketPolicy instead |
## Locking
For now there are some limitations:
* Retention period can't be shortened, only extended.
* You can't delete locks or object with unexpired lock.
| | Method | Comments |
|-----|----------------------------|---------------------------|
|-----|----------------------------|-------------------------------|
| 🟡 | GetObjectLegalHold | |
| 🟢 | GetObjectLockConfiguration | GetBucketObjectLockConfig |
| 🟢 | GetObjectLockConfiguration | aka GetBucketObjectLockConfig |
| 🟡 | GetObjectRetention | |
| 🟡 | PutObjectLegalHold | |
| 🟢 | PutObjectLockConfiguration | PutBucketObjectLockConfig |
| 🟢 | PutObjectLockConfiguration | aka PutBucketObjectLockConfig |
| 🟡 | PutObjectRetention | |
## Multipart
@ -76,7 +61,7 @@ sends whitespace characters to keep connection with the client alive. In this
case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
| | Method | Comments |
|----|-------------------------|----------|
|-----|-------------------------|----------|
| 🟢 | AbortMultipartUpload | |
| 🟢 | CompleteMultipartUpload | |
| 🟢 | CreateMultipartUpload | |
@ -88,7 +73,7 @@ case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
## Tagging
| | Method | Comments |
|----|---------------------|----------|
|-----|---------------------|----------|
| 🟢 | DeleteObjectTagging | |
| 🟢 | GetObjectTagging | |
| 🟢 | PutObjectTagging | |
@ -98,14 +83,14 @@ case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
See also `GetObject` and other method parameters.
| | Method | Comments |
|----|--------------------|--------------------------|
|-----|--------------------|--------------------------|
| 🟢 | ListObjectVersions | ListBucketObjectVersions |
| 🔵 | RestoreObject | |
## Bucket
| | Method | Comments |
|----|----------------------|-----------|
|-----|----------------------|-----------|
| 🟢 | CreateBucket | PutBucket |
| 🟢 | DeleteBucket | |
| 🟢 | GetBucketLocation | |
@ -116,21 +101,21 @@ See also `GetObject` and other method parameters.
## Acceleration
| | Method | Comments |
|----|----------------------------------|---------------------|
|-----|----------------------------------|---------------------|
| 🔴 | GetBucketAccelerateConfiguration | GetBucketAccelerate |
| 🔴 | PutBucketAccelerateConfiguration | |
## ACL
| | Method | Comments |
|----|--------------|---------------------|
| 🟡 | GetBucketAcl | See ACL limitations |
| 🟡 | PutBucketAcl | See ACL Limitations |
|-----|--------------|------------------------------|
| 🟡 | GetBucketAcl | Only canned acl is supported |
| 🟡 | PutBucketAcl | Only canned acl is supported |
## Analytics
| | Method | Comments |
|----|------------------------------------|----------|
|-----|------------------------------------|----------|
| 🔵 | DeleteBucketAnalyticsConfiguration | |
| 🔵 | GetBucketAnalyticsConfiguration | |
| 🔵 | ListBucketAnalyticsConfigurations | |
@ -139,7 +124,7 @@ See also `GetObject` and other method parameters.
## CORS
| | Method | Comments |
|----|------------------|----------|
|-----|------------------|----------|
| 🟢 | DeleteBucketCors | |
| 🟢 | GetBucketCors | |
| 🟢 | PutBucketCors | |
@ -147,7 +132,7 @@ See also `GetObject` and other method parameters.
## Encryption
| | Method | Comments |
|----|------------------------|----------|
|-----|------------------------|----------|
| 🔵 | DeleteBucketEncryption | |
| 🔵 | GetBucketEncryption | |
| 🔵 | PutBucketEncryption | |
@ -155,7 +140,7 @@ See also `GetObject` and other method parameters.
## Inventory
| | Method | Comments |
|----|------------------------------------|----------|
|-----|------------------------------------|----------|
| 🔵 | DeleteBucketInventoryConfiguration | |
| 🔵 | GetBucketInventoryConfiguration | |
| 🔵 | ListBucketInventoryConfigurations | |
@ -164,7 +149,7 @@ See also `GetObject` and other method parameters.
## Lifecycle
| | Method | Comments |
|----|---------------------------------|----------|
|-----|---------------------------------|----------|
| 🔵 | DeleteBucketLifecycle | |
| 🔵 | GetBucketLifecycle | |
| 🔵 | GetBucketLifecycleConfiguration | |
@ -174,14 +159,14 @@ See also `GetObject` and other method parameters.
## Logging
| | Method | Comments |
|----|------------------|----------|
|-----|------------------|----------|
| 🔵 | GetBucketLogging | |
| 🔵 | PutBucketLogging | |
## Metrics
| | Method | Comments |
|----|----------------------------------|----------|
|-----|----------------------------------|----------|
| 🔵 | DeleteBucketMetricsConfiguration | |
| 🔵 | GetBucketMetricsConfiguration | |
| 🔵 | ListBucketMetricsConfigurations | |
@ -190,7 +175,7 @@ See also `GetObject` and other method parameters.
## Notifications
| | Method | Comments |
|----|------------------------------------|---------------|
|-----|------------------------------------|---------------|
| 🔵 | GetBucketNotification | |
| 🔵 | GetBucketNotificationConfiguration | |
| 🔵 | ListenBucketNotification | non-standard? |
@ -200,7 +185,7 @@ See also `GetObject` and other method parameters.
## Ownership controls
| | Method | Comments |
|----|-------------------------------|----------|
|-----|-------------------------------|----------|
| 🔵 | DeleteBucketOwnershipControls | |
| 🔵 | GetBucketOwnershipControls | |
| 🔵 | PutBucketOwnershipControls | |
@ -208,33 +193,46 @@ See also `GetObject` and other method parameters.
## Policy and replication
Bucket policy has the following limitations
* Supports only AWS principals in format `arn:aws:iam::<namespace>:user/<user>` or wildcard `*`.
* No complex conditions (only conditions for groups now supported)
Simple valid policy example:
```json
{
"Version": "2012-10-17",
"Statement": [{
"Principal": {"AWS": ["arn:aws:iam::111122223333:role/JohnDoe"]},
"Statement": [
{
"Principal": {
"AWS": [
"arn:aws:iam::111122223333:role/JohnDoe"
]
},
"Effect": "Allow",
"Action": ["s3:GetObject","s3:GetObjectVersion"],
"Resource": ["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
}]
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
]
}
]
}
```
Bucket policy status determines using the following scheme:
* If policy has statement with principal that is wildcard (`*`) then policy is considered as public
| | Method | Comments |
|-----|-------------------------|-----------------------------|
| 🟡 | DeleteBucketPolicy | See Policy limitations |
|-----|-------------------------|---------------------------------------------------|
| 🟢 | DeleteBucketPolicy | See Policy limitations |
| 🔵 | DeleteBucketReplication | |
| 🔵 | DeletePublicAccessBlock | |
| 🟡 | GetBucketPolicy | See Policy limitations |
| 🟡 | GetBucketPolicyStatus | |
| 🟢 | GetBucketPolicy | See Policy limitations |
| 🟢 | GetBucketPolicyStatus | See rule determining status in Policy limitations |
| 🔵 | GetBucketReplication | |
| 🟢 | PostPolicyBucket | Upload file using POST form |
| 🟡 | PutBucketPolicy | See Policy limitations |
@ -243,14 +241,14 @@ Bucket policy status determines using the following scheme:
## Request payment
| | Method | Comments |
|----|-------------------------|----------|
|-----|-------------------------|----------|
| 🔴 | GetBucketRequestPayment | |
| 🔴 | PutBucketRequestPayment | |
## Tagging
| | Method | Comments |
|----|---------------------|----------|
|-----|---------------------|----------|
| 🟢 | DeleteBucketTagging | |
| 🟢 | GetBucketTagging | |
| 🟢 | PutBucketTagging | |
@ -258,7 +256,7 @@ Bucket policy status determines using the following scheme:
## Tiering
| | Method | Comments |
|----|---------------------------------------------|----------|
|-----|---------------------------------------------|----------|
| 🔵 | DeleteBucketIntelligentTieringConfiguration | |
| 🔵 | GetBucketIntelligentTieringConfiguration | |
| 🔵 | ListBucketIntelligentTieringConfigurations | |
@ -267,14 +265,14 @@ Bucket policy status determines using the following scheme:
## Versioning
| | Method | Comments |
|----|---------------------|----------|
|-----|---------------------|----------|
| 🟢 | GetBucketVersioning | |
| 🟢 | PutBucketVersioning | |
## Website
| | Method | Comments |
|----|---------------------|----------|
|-----|---------------------|----------|
| 🔵 | DeleteBucketWebsite | |
| 🔵 | GetBucketWebsite | |
| 🔵 | PutBucketWebsite | |