mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2026-06-13 23:36:45 +03:00
update
Chris Lu
@@ -86,6 +86,16 @@ weed iam -filer=localhost:8888 -port=8111
|
||||
| `ListGroupPolicies` | List inline policy names for group | Admin only |
|
||||
| `ListGroupsForUser` | List groups a user belongs to | Admin only |
|
||||
| `UpdateGroup` | Rename or enable/disable a group (SeaweedFS extension) | Admin only |
|
||||
| `TagUser` | Attach key/value tags to a user (max 50 tags, key 1-128, value 0-256) | Admin only |
|
||||
| `UntagUser` | Remove tags from a user | Admin only |
|
||||
| `ListUserTags` | List tags attached to a user | Admin only |
|
||||
| `GetPolicyVersion` | Read a specific managed-policy version | Admin only |
|
||||
| `ListPolicyVersions` | List versions of a managed policy | Admin only |
|
||||
| `CreateServiceAccount` | Create a service-account credential | Admin only |
|
||||
| `DeleteServiceAccount` | Delete a service-account credential | Admin only |
|
||||
| `GetServiceAccount` | Get service-account details | Admin only |
|
||||
| `ListServiceAccounts` | List service-account credentials | Admin only |
|
||||
| `UpdateServiceAccount` | Update a service-account credential | Admin only |
|
||||
|
||||
### Self-Service Operations
|
||||
|
||||
|
||||
+12
-12
@@ -86,33 +86,33 @@ For IAM action names used in bucket policies (e.g., `s3:ListBucketMultipartUploa
|
||||
| GetPublicAccessBlock | Yes | |
|
||||
| PutPublicAccessBlock | Yes | |
|
||||
| DeletePublicAccessBlock | Yes | |
|
||||
| GetBucketAccelerateConfiguration | No | |
|
||||
| GetBucketAccelerateConfiguration | Yes | Always returns `Suspended` |
|
||||
| GetBucketAnalyticsConfiguration | Yes | Stub: returns `NoSuchConfiguration` |
|
||||
| ListBucketAnalyticsConfigurations | Yes | Stub: returns an empty list |
|
||||
| GetBucketIntelligentTieringConfiguration | Yes | Stub: returns `NoSuchConfiguration` |
|
||||
| ListBucketIntelligentTieringConfigurations | Yes | Stub: returns an empty list |
|
||||
| GetBucketInventoryConfiguration | Yes | Stub: returns `NoSuchConfiguration` |
|
||||
| ListBucketInventoryConfigurations | Yes | Stub: returns an empty list |
|
||||
| GetBucketLogging | Yes | Always returns an empty `BucketLoggingStatus` |
|
||||
| GetBucketMetricsConfiguration | Yes | Stub: returns `NoSuchConfiguration` |
|
||||
| ListBucketMetricsConfigurations | Yes | Stub: returns an empty list |
|
||||
| GetBucketPolicyStatus | Yes | Computes `IsPublic` from the bucket policy |
|
||||
| PutBucketRequestPayment | Yes | Accepts only `Payer=BucketOwner` |
|
||||
| PutBucketAccelerateConfiguration | No | |
|
||||
| GetBucketAnalyticsConfiguration | No | |
|
||||
| PutBucketAnalyticsConfiguration | No | |
|
||||
| DeleteBucketAnalyticsConfiguration | No | |
|
||||
| ListBucketAnalyticsConfigurations | No | |
|
||||
| GetBucketIntelligentTieringConfiguration | No | |
|
||||
| PutBucketIntelligentTieringConfiguration | No | |
|
||||
| DeleteBucketIntelligentTieringConfiguration | No | |
|
||||
| ListBucketIntelligentTieringConfigurations | No | |
|
||||
| GetBucketInventoryConfiguration | No | |
|
||||
| PutBucketInventoryConfiguration | No | |
|
||||
| DeleteBucketInventoryConfiguration | No | |
|
||||
| ListBucketInventoryConfigurations | No | |
|
||||
| GetBucketLogging | No | |
|
||||
| PutBucketLogging | No | |
|
||||
| GetBucketMetricsConfiguration | No | |
|
||||
| PutBucketMetricsConfiguration | No | |
|
||||
| DeleteBucketMetricsConfiguration | No | |
|
||||
| ListBucketMetricsConfigurations | No | |
|
||||
| GetBucketNotificationConfiguration | No | |
|
||||
| PutBucketNotificationConfiguration | No | |
|
||||
| GetBucketPolicyStatus | No | |
|
||||
| GetBucketReplication | No | |
|
||||
| PutBucketReplication | No | |
|
||||
| DeleteBucketReplication | No | |
|
||||
| PutBucketRequestPayment | No | |
|
||||
| GetBucketWebsite | No | |
|
||||
| PutBucketWebsite | No | |
|
||||
| DeleteBucketWebsite | No | |
|
||||
|
||||
+19
-9
@@ -20,7 +20,8 @@ This page compares the S3 API implementation in SeaweedFS with MinIO.
|
||||
| **ACLs** | ✅ Full | ⚠️ Dummy | MinIO accepts but does not enforce bucket and object ACL requests |
|
||||
| **Bucket Notifications** | ❌ No | ✅ Full | `GetBucketNotification`, `PutBucketNotification`, `ListenBucketNotification` |
|
||||
| **Bucket Replication** | ❌ No | ✅ Full | `Get/Put/DeleteBucketReplication` plus metrics and reset extensions |
|
||||
| **Bucket Policy Status** | ❌ No | ✅ Full | `GetBucketPolicyStatus` |
|
||||
| **Bucket Policy Status** | ✅ Full | ✅ Full | `GetBucketPolicyStatus` |
|
||||
| **Analytics / Inventory / IntelligentTiering / Metrics configs** | ⚠️ Stub | ❌ Rejected (OSS) | SeaweedFS returns an empty list / `NoSuchConfiguration` so SDK probes succeed; MinIO OSS returns 501 NotImplemented (the equivalents live in `mc admin` / AIStor workflows, not the standard S3 endpoint) |
|
||||
| **S3 Tables** | ✅ Full | ❌ No | SeaweedFS supports Iceberg via S3 Tables |
|
||||
| **Object Select** | ❌ No | ✅ Yes | `SelectObjectContent` |
|
||||
| **Object Attributes**| ✅ Yes | ✅ Yes | `GetObjectAttributes` |
|
||||
@@ -47,8 +48,7 @@ This page compares the S3 API implementation in SeaweedFS with MinIO.
|
||||
- **Extensions**: `GetObjectLambda`, `PostRestoreObject`, `PutObjectExtract` (Snowball auto-extract).
|
||||
- **Bucket Notifications**: `GetBucketNotification`, `PutBucketNotification`, plus MinIO's `ListenBucketNotification` SSE-style event stream.
|
||||
- **Bucket Replication**: `GetBucketReplication`, `PutBucketReplication`, `DeleteBucketReplication`, replication metrics (v1/v2), `ResetBucketReplicationStart`, `ResetBucketReplicationStatus`, `ValidateBucketReplicationCreds`.
|
||||
- **Bucket Policy Status**: `GetBucketPolicyStatus`.
|
||||
- **Dummy bucket configs** (accepted, not enforced): `GetBucketWebsite`/`DeleteBucketWebsite`, `GetBucketLogging`, `GetBucketAccelerate`.
|
||||
- **Persisted bucket configurations**: AWS Analytics, Inventory, IntelligentTiering, and Metrics configurations are not implemented on either side at the standard S3 endpoint. MinIO OSS rejects all methods with 501 NotImplemented; SeaweedFS exposes well-formed empty / `NoSuchConfiguration` stubs so AWS-SDK probes succeed. The equivalents live in MinIO's `mc admin` / AIStor workflows.
|
||||
|
||||
## STS API Comparison
|
||||
|
||||
@@ -95,13 +95,23 @@ This page compares the S3 API implementation in SeaweedFS with MinIO.
|
||||
| `s3:GetBucketReplication` | ❌ | ✅ |
|
||||
| `s3:PutBucketReplication` | ❌ | ✅ |
|
||||
| `s3:DeleteBucketReplication` | ❌ | ✅ |
|
||||
| `s3:GetBucketPolicyStatus` | ❌ | ✅ |
|
||||
| `s3:GetBucketPolicyStatus` | ✅ | ✅ |
|
||||
| `s3:PutBucketRequestPayment` | ✅ (`BucketOwner` only) | ❌ (Rejected) |
|
||||
| `s3:GetBucketAccelerate` | ⚠️ (Static `Suspended`) | ⚠️ (Dummy) |
|
||||
| `s3:GetBucketLogging` | ⚠️ (Static empty) | ⚠️ (Dummy) |
|
||||
| `s3:GetBucketAnalyticsConfiguration` / `s3:ListBucketAnalyticsConfigurations` | ⚠️ (Stub) | ❌ (Rejected, 501) |
|
||||
| `s3:GetBucketInventoryConfiguration` / `s3:ListBucketInventoryConfigurations` | ⚠️ (Stub) | ❌ (Rejected, 501) |
|
||||
| `s3:GetBucketIntelligentTieringConfiguration` / `s3:ListBucketIntelligentTieringConfigurations` | ⚠️ (Stub) | ❌ (Rejected, 501) |
|
||||
| `s3:GetBucketMetricsConfiguration` / `s3:ListBucketMetricsConfigurations` | ⚠️ (Stub) | ❌ (Rejected, 501) |
|
||||
| `s3:GetBucketWebsite` | ❌ | ⚠️ (Dummy) |
|
||||
| `s3:GetBucketLogging` | ❌ | ⚠️ (Dummy) |
|
||||
| `s3:GetBucketAccelerate` | ❌ | ⚠️ (Dummy) |
|
||||
| `s3:GetObjectACL` | ✅ | ⚠️ (Dummy) |
|
||||
| `s3:PutObjectACL` | ✅ | ⚠️ (Dummy) |
|
||||
|
||||
### Notes on behavioral divergence
|
||||
|
||||
- **`s3:GetBucketPolicyStatus`** — both services return an `IsPublic` flag, but the definition of "public" differs. MinIO marks a bucket public only when anonymous credentials can **both** `ListBucket` **and** `PutObject`. SeaweedFS marks it public if **any** `Allow` statement grants `Principal: "*"` without a `Condition`. A bucket open to anonymous reads only would report `true` in SeaweedFS and `FALSE` in MinIO.
|
||||
- **`s3:GetBucketAccelerate`** — MinIO returns 200 + `<AccelerateConfiguration/>` with no `<Status>` child (AWS clients default-interpret as `Suspended`). SeaweedFS returns the same empty XML but with an explicit `<Status>Suspended</Status>` element.
|
||||
|
||||
## IAM API Comparison
|
||||
|
||||
SeaweedFS implements IAM actions as standard AWS IAM API calls (same endpoint as S3). MinIO uses a proprietary admin API (`/minio/admin/v3/`) accessible via `mc admin` CLI and `madmin-go` SDK.
|
||||
@@ -153,7 +163,7 @@ For group management specifically, MinIO supports broadly similar administration
|
||||
| `iam:GetServiceAccount` | ✅ | ⚠️ Proprietary | MinIO: `mc admin user svcacct info` |
|
||||
| `iam:ListServiceAccounts` | ✅ | ⚠️ Proprietary | MinIO: `mc admin user svcacct ls` |
|
||||
| `iam:UpdateServiceAccount` | ✅ | ⚠️ Proprietary | MinIO: `mc admin user svcacct edit` |
|
||||
| `iam:TagUser` | ✅ | ❌ | Add tags to a user; AWS limits (50 tags, key 1-128, value 0-256) enforced |
|
||||
| `iam:UntagUser` | ✅ | ❌ | Remove tags from a user |
|
||||
| `iam:ListUserTags` | ✅ | ❌ | List tags on a user |
|
||||
| `iam:GetAccessKeyLastUsed` | 📋 Planned | ❌ | Return when an access key was last used |
|
||||
| `iam:TagUser` | 📋 Planned | ❌ | Add tags to a user |
|
||||
| `iam:UntagUser` | 📋 Planned | ❌ | Remove tags from a user |
|
||||
| `iam:ListUserTags` | 📋 Planned | ❌ | List tags on a user |
|
||||
|
||||
Reference in New Issue
Block a user