{"id":38065040,"url":"https://github.com/relvacode/ls3","last_synced_at":"2026-01-16T20:34:07.574Z","repository":{"id":47918465,"uuid":"516086236","full_name":"relvacode/ls3","owner":"relvacode","description":"Lightweight S3","archived":false,"fork":false,"pushed_at":"2023-03-24T22:15:02.000Z","size":209,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-21T14:03:55.242Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/relvacode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/ip.go","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-20T18:04:03.000Z","updated_at":"2022-07-20T18:04:16.000Z","dependencies_parsed_at":"2024-06-21T12:51:09.215Z","dependency_job_id":"a67ced06-4846-496b-8dd1-8786e4f3c0a1","html_url":"https://github.com/relvacode/ls3","commit_stats":{"total_commits":37,"total_committers":2,"mean_commits":18.5,"dds":"0.027027027027026973","last_synced_commit":"3e261d83726c4c884b6e084d30c542574eb78964"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/relvacode/ls3","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/relvacode%2Fls3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/relvacode%2Fls3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/relvacode%2Fls3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/relvacode%2Fls3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/relvacode","download_url":"https://codeload.github.com/relvacode/ls3/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/relvacode%2Fls3/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28482267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-16T20:34:07.449Z","updated_at":"2026-01-16T20:34:07.556Z","avatar_url":"https://github.com/relvacode.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LS3\n\nLightweight read-only S3 compatible object storage interface for local filesystems.\n\n- Zero state\n- Works across filesystems\n- Multiple identities\n- Rule based access control\n- Automatic Content-Type detection\n\n## Authentication and Access Control\n\nAccess to LS3 resources are controlled through an identity and an optional global policy.\n\n\u003e An identity that allows access to any action and resource on the server\n\n```json\n{\n  \"Name\": \"example\",\n  \"AccessKeyId\": \"EXAMPLE\",\n  \"SecretAccessKey\": \"\u003csecurestring\u003e\",\n  \"Policy\": [\n    {\n      \"Action\": \"*\",\n      \"Resource\": \"*\"\n    }\n  ]\n}\n```\n\n### Identities\n\nAn identity is an access key ID and secret access key pair, along with a policy specific to that identity. An identity\nalso has a name to identify it in logs, and in conditional policy evaluation.\n\n#### Root Identity\n\nThe `root` identity has full access to any action and resource on the server. You can provide an access key id and\nsecret access key through the\ncommand-line or environment, or ls3 will generate random keys on startup.\n\n#### Public Identity\n\nThe `public` identity is a special identity used for when a request provides no authentication mechanism. A public\nidentity is one that has an empty `AccessKeyId`.\n\nBy default, the `public` identity is denied access to everything unless you enable public access.\n\nWhen public access is not enabled, the public identity is configured as such:\n\n```json\n{\n  \"Name\": \"public\",\n  \"AccessKeyId\": \"\",\n  \"Policy\": [\n    {\n      \"Deny\": true,\n      \"Action\": \"*\",\n      \"Resource\": \"*\"\n    }\n  ]\n}\n```\n\nYou can override this behaviour by configuring your own public identity.\nWhen you configure a public identity this overrides the behaviour set by allow public access, and is up to you to deny\naccess if desired.\n\n### Policies\n\nPolicies control what an identity has access to. A policy consists of one or more actions, along with one or more\nresources of that action that describe what each policy applies to.\n\nIf there are no policies that match a given request then access is denied.\n\nYou can configure a global policy that applies to all identities.\n\n#### Wildcards\n\nYou can use wildcard characters (`*` and `?`) anywhere in an action or resource. A `*` character matches anything up to\nthe character proceeding it, and a `?` matches any single character.\n\n\u003e Allow access to s3:GetObject in the `example` bucket on any file that ends with `.txt` or `.html`\n\n```json\n{\n  \"Action\": \"s3:GetObject\",\n  \"Resource\": [\n    \"example/*.txt\",\n    \"example/*.html\"\n  ]\n}\n```\n\n#### Explicit Deny\n\nIf a policy is an explicit deny, then any requests that match that policy will be denied. Even if there is another\npolicy that allows that access.\n\n\u003e Deny any access to the `secret` bucket\n\n```json\n{\n  \"Deny\": true,\n  \"Action\": [\n    \"s3:GetObject\",\n    \"s3:ListBucket\"\n  ],\n  \"Resource\": \"secret/*\"\n}\n```\n\n#### Conditions\n\nYou can add one or more `Condition` to any policy that limits the scope of that policy to only requests that match those\nconditions.\n\n```json\n{\n  \"Condition\": {\n    \"\u003cConditionOperator\u003e\": {\n      \"\u003cContextKey\u003e\": [\n        \"\u003cvalue\u003e\",\n        \"\u003cvalue\u003e\"\n      ]\n    }\n  }\n}\n```\n\n\u003e Allow access from 127.0.0.1\n\n```json\n{\n  \"Action\": \"*\",\n  \"Resource\": \"*\",\n  \"Condition\": {\n    \"IpAddress\": {\n      \"aws:SourceIp\": \"127.0.0.1\"\n    }\n  }\n}\n```\n\n\u003e Deny access if request is not secure (not using HTTPS)\n\n```json\n{\n  \"Deny\": true,\n  \"Action\": \"*\",\n  \"Resource\": \"*\",\n  \"Condition\": {\n    \"Bool\": {\n      \"aws:SecureTransport\": \"false\"\n    }\n  }\n}\n```\n\n##### Condition Operators\n\n| Operator                    | Description                                                  |\n|-----------------------------|--------------------------------------------------------------|\n| `StringEquals`              | True if any are exactly equal                                |\n| `StringNotEquals`           | True if none are exactly equal                               |\n| `StringEqualsIgnoreCase`    | True if any are exactly equal (case insensitive)             |\n| `StringNotEqualsIgnoreCase` | True if none are exactly equal (case insensitive)            |\n| `StringLike`                | True if matches any wildcard pattern                         |\n| `StringNotLike`             | True if not match all wildcard patterns                      |\n| `IpAddress`                 | True if matches any IP or CIDR range                         |\n| `NotIpAdress`               | True if not matches all IP or CIDR range                     |\n| `Bool`                      | True if all boolean values are equal. False if not a boolean |\n\n##### Global Context Keys\n\nThese context keys apply to all requests\n\n| Key                   | Type        | Description                                                             |\n|-----------------------|-------------|-------------------------------------------------------------------------|\n| `aws:SourceIp`        | `IpAddress` | The IP address of the client                                            |\n| `aws:SecureTransport` | `Bool`      | Was the request made over HTTPS                                         |\n| `aws:username`        | `String`    | The `Name` of the identity making the request. `public` if unauthorized |\n| `ls3:authenticated`   | `Bool`      | Is the request made with an authenticated identity                      |","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelvacode%2Fls3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frelvacode%2Fls3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelvacode%2Fls3/lists"}