mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2026-05-14 13:51:33 +00:00
35e3fe89bc
* feat(s3/lifecycle): filer-backed cursor Persister FilerPersister persists per-shard cursor maps as JSON to /etc/s3/lifecycle/cursors/shard-NN.json via filer.SaveInsideFiler. One file per shard keeps Save atomic — the filer writes the entry in a single mutation, so a crash mid-write doesn't leak partial state. Pipeline.Run loads on start; the periodic checkpoint and graceful-shutdown save go through this implementation. A small FilerStore interface wraps the SeaweedFilerClient surface the persister needs, so tests inject an in-memory fake instead of mocking the full gRPC client. * refactor(s3/lifecycle): drop BlockerStore — durable cursor IS the block A frozen cursor doesn't advance, so the durable cursor (FilerPersister) encodes the blocked state on its own. On worker restart the reader re-encounters the poison event at MinTsNs, the dispatcher walks the same retry budget to BLOCKED, and the cursor freezes at the same EventTs. Other in-flight events between freeze tsNs and prior cursor positions self-resolve via NOOP_RESOLVED (STALE_IDENTITY) since the underlying objects were already deleted on the prior pass. Removed: - BlockerStore interface + InMemoryBlockerStore + BlockerRecord - Dispatcher.Blockers + Dispatcher.ReplayBlockers - the BlockerStore.Put call in handleBlocked - Pipeline.Blockers field + the ReplayBlockers call on startup Added a TestDispatchRestartReFreezesNaturally that pins the self-recovery property: a fresh Dispatcher with a fresh Cursor, fed the same poison event, reaches the same frozen state at the same EventTs without any durable blocker store. Operator visibility: a cursor whose MinTsNs hasn't advanced is the signal — surfaced via the durable cursor file. * refactor(filer): SaveInsideFiler accepts ctx ReadInsideFiler already takes ctx; SaveInsideFiler used context.Background() internally and silently dropped the caller's ctx. Symmetric API now; cancellation/deadlines propagate through LookupEntry / CreateEntry / UpdateEntry. Mechanical update of all callers — most pass context.Background() since the existing call sites have no ctx in scope. * fix(s3/lifecycle): deterministic order in cursor save Iterating Go maps yields random order, so json.Encode produced a different byte sequence on each save even when the state hadn't changed. Sort entries by (Bucket, ActionKind, RuleHash) before encoding so the on-disk file diffs cleanly. New test pins byte-identical output across two saves of the same map. * fix(s3/lifecycle): log reason when freezing cursor in handleBlocked handleBlocked dropped the reason via _ = reason with a comment claiming the caller logged it; none of the three callers do. A frozen cursor is the only surface where the operator finds out something stuck, so the reason has to land somewhere. glog.Warningf with shard, key, eventTs, and the original reason — same shape the rest of the package uses.
238 lines
8.2 KiB
Go
238 lines
8.2 KiB
Go
package iamapi
|
|
|
|
// https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
"github.com/seaweedfs/seaweedfs/weed/credential"
|
|
"github.com/seaweedfs/seaweedfs/weed/filer"
|
|
"github.com/seaweedfs/seaweedfs/weed/glog"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api"
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/policy_engine"
|
|
. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
|
|
"github.com/seaweedfs/seaweedfs/weed/util"
|
|
"github.com/seaweedfs/seaweedfs/weed/util/request_id"
|
|
"github.com/seaweedfs/seaweedfs/weed/wdclient"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/protobuf/proto"
|
|
)
|
|
|
|
type IamS3ApiConfig interface {
|
|
GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
|
|
PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
|
|
GetPolicies(policies *Policies) (err error)
|
|
PutPolicies(policies *Policies) (err error)
|
|
}
|
|
|
|
type IamS3ApiConfigure struct {
|
|
option *IamServerOption
|
|
masterClient *wdclient.MasterClient
|
|
credentialManager *credential.CredentialManager
|
|
}
|
|
|
|
type IamServerOption struct {
|
|
Masters map[string]pb.ServerAddress
|
|
Filers []pb.ServerAddress
|
|
Port int
|
|
GrpcDialOption grpc.DialOption
|
|
}
|
|
|
|
type IamApiServer struct {
|
|
s3ApiConfig IamS3ApiConfig
|
|
iam *s3api.IdentityAccessManagement
|
|
shutdownContext context.Context
|
|
shutdownCancel context.CancelFunc
|
|
masterClient *wdclient.MasterClient
|
|
}
|
|
|
|
var s3ApiConfigure IamS3ApiConfig
|
|
|
|
func NewIamApiServer(router *mux.Router, option *IamServerOption) (iamApiServer *IamApiServer, err error) {
|
|
return NewIamApiServerWithStore(router, option, "")
|
|
}
|
|
|
|
func NewIamApiServerWithStore(router *mux.Router, option *IamServerOption, explicitStore string) (iamApiServer *IamApiServer, err error) {
|
|
if len(option.Filers) == 0 {
|
|
return nil, fmt.Errorf("at least one filer address is required")
|
|
}
|
|
|
|
masterClient := wdclient.NewMasterClient(option.GrpcDialOption, "", "iam", "", "", "", *pb.NewServiceDiscoveryFromMap(option.Masters))
|
|
|
|
// Create a cancellable context for the master client connection
|
|
// This allows graceful shutdown via Shutdown() method
|
|
shutdownCtx, shutdownCancel := context.WithCancel(context.Background())
|
|
|
|
// Start KeepConnectedToMaster for volume location lookups
|
|
// IAM config files are typically small and inline, but if they ever have chunks,
|
|
// ReadEntry→StreamContent needs masterClient for volume lookups
|
|
glog.V(0).Infof("IAM API starting master client connection for volume location lookups")
|
|
go masterClient.KeepConnectedToMaster(shutdownCtx)
|
|
|
|
configure := &IamS3ApiConfigure{
|
|
option: option,
|
|
masterClient: masterClient,
|
|
}
|
|
|
|
s3ApiConfigure = configure
|
|
|
|
s3Option := s3api.S3ApiServerOption{
|
|
Filers: option.Filers,
|
|
GrpcDialOption: option.GrpcDialOption,
|
|
}
|
|
|
|
// Initialize FilerClient for IAM - explicit filers only (no discovery as FilerGroup unspecified)
|
|
filerClient := wdclient.NewFilerClient(option.Filers, option.GrpcDialOption, "")
|
|
iam := s3api.NewIdentityAccessManagementWithStore(&s3Option, filerClient, explicitStore)
|
|
configure.credentialManager = iam.GetCredentialManager()
|
|
|
|
iamApiServer = &IamApiServer{
|
|
s3ApiConfig: s3ApiConfigure,
|
|
iam: iam,
|
|
shutdownContext: shutdownCtx,
|
|
shutdownCancel: shutdownCancel,
|
|
masterClient: masterClient,
|
|
}
|
|
|
|
// Keep attempting to load configuration from filer now that we have a client
|
|
go func() {
|
|
if err := iam.LoadS3ApiConfigurationFromCredentialManager(); err != nil {
|
|
glog.Warningf("Failed to load IAM config from credential manager after client update: %v", err)
|
|
}
|
|
}()
|
|
|
|
iamApiServer.registerRouter(router)
|
|
|
|
return iamApiServer, nil
|
|
}
|
|
|
|
func (iama *IamApiServer) registerRouter(router *mux.Router) {
|
|
// API Router
|
|
apiRouter := router.PathPrefix("/").Subrouter()
|
|
apiRouter.Use(request_id.Middleware)
|
|
// ListBuckets
|
|
|
|
// apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_ADMIN), "LIST"))
|
|
apiRouter.Methods(http.MethodPost).Path("/").HandlerFunc(iama.iam.Auth(iama.DoActions, ACTION_ADMIN))
|
|
//
|
|
// NotFound
|
|
apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
|
|
}
|
|
|
|
// Shutdown gracefully stops the IAM API server and releases resources.
|
|
// It cancels the master client connection goroutine and closes gRPC connections.
|
|
// This method is safe to call multiple times.
|
|
//
|
|
// Note: This method is called via defer in weed/command/iam.go for best-effort cleanup.
|
|
// For proper graceful shutdown on SIGTERM/SIGINT, signal handling should be added to
|
|
// the command layer to call this method before process exit.
|
|
func (iama *IamApiServer) Shutdown() {
|
|
if iama.shutdownCancel != nil {
|
|
glog.V(0).Infof("IAM API server shutting down, stopping master client connection")
|
|
iama.shutdownCancel()
|
|
}
|
|
if iama.iam != nil {
|
|
iama.iam.Shutdown()
|
|
}
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
|
|
return iama.GetS3ApiConfigurationFromCredentialManager(s3cfg)
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
|
|
return iama.PutS3ApiConfigurationToCredentialManager(s3cfg)
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) GetS3ApiConfigurationFromCredentialManager(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
|
|
config, err := iama.credentialManager.LoadConfiguration(context.Background())
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load configuration from credential manager: %w", err)
|
|
}
|
|
// Use proto.Merge to avoid copying the sync.Mutex embedded in the message
|
|
proto.Merge(s3cfg, config)
|
|
return nil
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) PutS3ApiConfigurationToCredentialManager(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
|
|
return iama.credentialManager.SaveConfiguration(context.Background(), s3cfg)
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) GetS3ApiConfigurationFromFiler(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
|
|
var buf bytes.Buffer
|
|
err = pb.WithOneOfGrpcFilerClients(false, iama.option.Filers, iama.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
|
|
if err = filer.ReadEntry(iama.masterClient, client, filer.IamConfigDirectory, filer.IamIdentityFile, &buf); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if buf.Len() > 0 {
|
|
if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) PutS3ApiConfigurationToFiler(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
|
|
buf := bytes.Buffer{}
|
|
if err := filer.ProtoToText(&buf, s3cfg); err != nil {
|
|
return fmt.Errorf("ProtoToText: %s", err)
|
|
}
|
|
return pb.WithOneOfGrpcFilerClients(false, iama.option.Filers, iama.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
|
|
err = util.Retry("saveIamIdentity", func() error {
|
|
return filer.SaveInsideFiler(context.Background(), client, filer.IamConfigDirectory, filer.IamIdentityFile, buf.Bytes())
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) GetPolicies(policies *Policies) (err error) {
|
|
var buf bytes.Buffer
|
|
err = pb.WithOneOfGrpcFilerClients(false, iama.option.Filers, iama.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
|
|
if err = filer.ReadEntry(iama.masterClient, client, filer.IamConfigDirectory, filer.IamPoliciesFile, &buf); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil && err != filer_pb.ErrNotFound {
|
|
return err
|
|
}
|
|
if err == filer_pb.ErrNotFound || buf.Len() == 0 {
|
|
policies.Policies = make(map[string]policy_engine.PolicyDocument)
|
|
return nil
|
|
}
|
|
if err := json.Unmarshal(buf.Bytes(), policies); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (iama *IamS3ApiConfigure) PutPolicies(policies *Policies) (err error) {
|
|
var b []byte
|
|
if b, err = json.Marshal(policies); err != nil {
|
|
return err
|
|
}
|
|
return pb.WithOneOfGrpcFilerClients(false, iama.option.Filers, iama.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
|
|
if err := filer.SaveInsideFiler(context.Background(), client, filer.IamConfigDirectory, filer.IamPoliciesFile, b); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
}
|