chore: remove ~50k lines of unreachable dead code (#8913)

* chore: remove unreachable dead code across the codebase

Remove ~50,000 lines of unreachable code identified by static analysis.

Major removals:
- weed/filer/redis_lua: entire unused Redis Lua filer store implementation
- weed/wdclient/net2, resource_pool: unused connection/resource pool packages
- weed/plugin/worker/lifecycle: unused lifecycle plugin worker
- weed/s3api: unused S3 policy templates, presigned URL IAM, streaming copy,
  multipart IAM, key rotation, and various SSE helper functions
- weed/mq/kafka: unused partition mapping, compression, schema, and protocol functions
- weed/mq/offset: unused SQL storage and migration code
- weed/worker: unused registry, task, and monitoring functions
- weed/query: unused SQL engine, parquet scanner, and type functions
- weed/shell: unused EC proportional rebalance functions
- weed/storage/erasure_coding/distribution: unused distribution analysis functions
- Individual unreachable functions removed from 150+ files across admin,
  credential, filer, iam, kms, mount, mq, operation, pb, s3api, server,
  shell, storage, topology, and util packages

* fix(s3): reset shared memory store in IAM test to prevent flaky failure

TestLoadIAMManagerFromConfig_EmptyConfigWithFallbackKey was flaky because
the MemoryStore credential backend is a singleton registered via init().
Earlier tests that create anonymous identities pollute the shared store,
causing LookupAnonymous() to unexpectedly return true.

Fix by calling Reset() on the memory store before the test runs.

* style: run gofmt on changed files

* fix: restore KMS functions used by integration tests

* fix(plugin): prevent panic on send to closed worker session channel

The Plugin.sendToWorker method could panic with "send on closed channel"
when a worker disconnected while a message was being sent. The race was
between streamSession.close() closing the outgoing channel and sendToWorker
writing to it concurrently.

Add a done channel to streamSession that is closed before the outgoing
channel, and check it in sendToWorker's select to safely detect closed
sessions without panicking.

weed/credential/config_loader.go

@@ -57,42 +57,6 @@ func LoadCredentialConfiguration() (*CredentialConfig, error) {
 	}, nil
 }
 
-// GetCredentialStoreConfig extracts credential store configuration from command line flags
-// This is used when credential store is configured via command line instead of credential.toml
-func GetCredentialStoreConfig(store string, config util.Configuration, prefix string) *CredentialConfig {
-	if store == "" {
-		return nil
-	}
-
-	return &CredentialConfig{
-		Store:  store,
-		Config: config,
-		Prefix: prefix,
-	}
-}
-
-// MergeCredentialConfig merges command line credential config with credential.toml config
-// Command line flags take priority over credential.toml
-func MergeCredentialConfig(cmdLineStore string, cmdLineConfig util.Configuration, cmdLinePrefix string) (*CredentialConfig, error) {
-	// If command line credential store is specified, use it
-	if cmdLineStore != "" {
-		glog.V(0).Infof("Using command line credential configuration: store=%s", cmdLineStore)
-		return GetCredentialStoreConfig(cmdLineStore, cmdLineConfig, cmdLinePrefix), nil
-	}
-
-	// Otherwise, try to load from credential.toml
-	config, err := LoadCredentialConfiguration()
-	if err != nil {
-		return nil, err
-	}
-
-	if config == nil {
-		glog.V(1).Info("No credential store configured")
-	}
-
-	return config, nil
-}
-
 // NewCredentialManagerWithDefaults creates a credential manager with fallback to defaults
 // If explicitStore is provided, it will be used regardless of credential.toml
 // If explicitStore is empty, it tries credential.toml first, then defaults to "filer_etc"

weed/credential/filer_etc/filer_etc_policy.go

@@ -207,32 +207,6 @@ func (store *FilerEtcStore) loadPoliciesFromMultiFile(ctx context.Context, polic
 	})
 }
 
-func (store *FilerEtcStore) migratePoliciesToMultiFile(ctx context.Context, policies map[string]policy_engine.PolicyDocument) error {
-	glog.Infof("Migrating IAM policies to multi-file layout...")
-
-	// 1. Save all policies to individual files
-	for name, policy := range policies {
-		if err := store.savePolicy(ctx, name, policy); err != nil {
-			return err
-		}
-	}
-
-	// 2. Rename legacy file
-	return store.withFilerClient(func(client filer_pb.SeaweedFilerClient) error {
-		_, err := client.AtomicRenameEntry(ctx, &filer_pb.AtomicRenameEntryRequest{
-			OldDirectory: filer.IamConfigDirectory,
-			OldName:      filer.IamPoliciesFile,
-			NewDirectory: filer.IamConfigDirectory,
-			NewName:      IamLegacyPoliciesOldFile,
-		})
-		if err != nil {
-			glog.Errorf("Failed to rename legacy IAM policies file %s/%s to %s: %v",
-				filer.IamConfigDirectory, filer.IamPoliciesFile, IamLegacyPoliciesOldFile, err)
-		}
-		return err
-	})
-}
-
 func (store *FilerEtcStore) savePolicy(ctx context.Context, name string, document policy_engine.PolicyDocument) error {
 	if err := validatePolicyName(name); err != nil {
 		return err

weed/credential/migration.go

@@ -1,221 +0,0 @@
-package credential
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/seaweedfs/seaweedfs/weed/glog"
-	"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
-	"github.com/seaweedfs/seaweedfs/weed/util"
-)
-
-// MigrateCredentials migrates credentials from one store to another
-func MigrateCredentials(fromStoreName, toStoreName CredentialStoreTypeName, configuration util.Configuration, fromPrefix, toPrefix string) error {
-	ctx := context.Background()
-
-	// Create source credential manager
-	fromCM, err := NewCredentialManager(fromStoreName, configuration, fromPrefix)
-	if err != nil {
-		return fmt.Errorf("failed to create source credential manager (%s): %v", fromStoreName, err)
-	}
-	defer fromCM.Shutdown()
-
-	// Create destination credential manager
-	toCM, err := NewCredentialManager(toStoreName, configuration, toPrefix)
-	if err != nil {
-		return fmt.Errorf("failed to create destination credential manager (%s): %v", toStoreName, err)
-	}
-	defer toCM.Shutdown()
-
-	// Load configuration from source
-	glog.Infof("Loading configuration from %s store...", fromStoreName)
-	config, err := fromCM.LoadConfiguration(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to load configuration from source store: %w", err)
-	}
-
-	if config == nil || len(config.Identities) == 0 {
-		glog.Info("No identities found in source store")
-		return nil
-	}
-
-	glog.Infof("Found %d identities in source store", len(config.Identities))
-
-	// Migrate each identity
-	var migrated, failed int
-	for _, identity := range config.Identities {
-		glog.V(1).Infof("Migrating user: %s", identity.Name)
-
-		// Check if user already exists in destination
-		existingUser, err := toCM.GetUser(ctx, identity.Name)
-		if err != nil && err != ErrUserNotFound {
-			glog.Errorf("Failed to check if user %s exists in destination: %v", identity.Name, err)
-			failed++
-			continue
-		}
-
-		if existingUser != nil {
-			glog.Warningf("User %s already exists in destination store, skipping", identity.Name)
-			continue
-		}
-
-		// Create user in destination
-		err = toCM.CreateUser(ctx, identity)
-		if err != nil {
-			glog.Errorf("Failed to create user %s in destination store: %v", identity.Name, err)
-			failed++
-			continue
-		}
-
-		migrated++
-		glog.V(1).Infof("Successfully migrated user: %s", identity.Name)
-	}
-
-	glog.Infof("Migration completed: %d migrated, %d failed", migrated, failed)
-
-	if failed > 0 {
-		return fmt.Errorf("migration completed with %d failures", failed)
-	}
-
-	return nil
-}
-
-// ExportCredentials exports credentials from a store to a configuration
-func ExportCredentials(storeName CredentialStoreTypeName, configuration util.Configuration, prefix string) (*iam_pb.S3ApiConfiguration, error) {
-	ctx := context.Background()
-
-	// Create credential manager
-	cm, err := NewCredentialManager(storeName, configuration, prefix)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create credential manager (%s): %v", storeName, err)
-	}
-	defer cm.Shutdown()
-
-	// Load configuration
-	config, err := cm.LoadConfiguration(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load configuration: %w", err)
-	}
-
-	return config, nil
-}
-
-// ImportCredentials imports credentials from a configuration to a store
-func ImportCredentials(storeName CredentialStoreTypeName, configuration util.Configuration, prefix string, config *iam_pb.S3ApiConfiguration) error {
-	ctx := context.Background()
-
-	// Create credential manager
-	cm, err := NewCredentialManager(storeName, configuration, prefix)
-	if err != nil {
-		return fmt.Errorf("failed to create credential manager (%s): %v", storeName, err)
-	}
-	defer cm.Shutdown()
-
-	// Import each identity
-	var imported, failed int
-	for _, identity := range config.Identities {
-		glog.V(1).Infof("Importing user: %s", identity.Name)
-
-		// Check if user already exists
-		existingUser, err := cm.GetUser(ctx, identity.Name)
-		if err != nil && err != ErrUserNotFound {
-			glog.Errorf("Failed to check if user %s exists: %v", identity.Name, err)
-			failed++
-			continue
-		}
-
-		if existingUser != nil {
-			glog.Warningf("User %s already exists, skipping", identity.Name)
-			continue
-		}
-
-		// Create user
-		err = cm.CreateUser(ctx, identity)
-		if err != nil {
-			glog.Errorf("Failed to create user %s: %v", identity.Name, err)
-			failed++
-			continue
-		}
-
-		imported++
-		glog.V(1).Infof("Successfully imported user: %s", identity.Name)
-	}
-
-	glog.Infof("Import completed: %d imported, %d failed", imported, failed)
-
-	if failed > 0 {
-		return fmt.Errorf("import completed with %d failures", failed)
-	}
-
-	return nil
-}
-
-// ValidateCredentials validates that all credentials in a store are accessible
-func ValidateCredentials(storeName CredentialStoreTypeName, configuration util.Configuration, prefix string) error {
-	ctx := context.Background()
-
-	// Create credential manager
-	cm, err := NewCredentialManager(storeName, configuration, prefix)
-	if err != nil {
-		return fmt.Errorf("failed to create credential manager (%s): %v", storeName, err)
-	}
-	defer cm.Shutdown()
-
-	// Load configuration
-	config, err := cm.LoadConfiguration(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to load configuration: %w", err)
-	}
-
-	if config == nil || len(config.Identities) == 0 {
-		glog.Info("No identities found in store")
-		return nil
-	}
-
-	glog.Infof("Validating %d identities...", len(config.Identities))
-
-	// Validate each identity
-	var validated, failed int
-	for _, identity := range config.Identities {
-		// Check if user can be retrieved
-		user, err := cm.GetUser(ctx, identity.Name)
-		if err != nil {
-			glog.Errorf("Failed to retrieve user %s: %v", identity.Name, err)
-			failed++
-			continue
-		}
-
-		if user == nil {
-			glog.Errorf("User %s not found", identity.Name)
-			failed++
-			continue
-		}
-
-		// Validate access keys
-		for _, credential := range identity.Credentials {
-			accessKeyUser, err := cm.GetUserByAccessKey(ctx, credential.AccessKey)
-			if err != nil {
-				glog.Errorf("Failed to retrieve user by access key %s: %v", credential.AccessKey, err)
-				failed++
-				continue
-			}
-
-			if accessKeyUser == nil || accessKeyUser.Name != identity.Name {
-				glog.Errorf("Access key %s does not map to correct user %s", credential.AccessKey, identity.Name)
-				failed++
-				continue
-			}
-		}
-
-		validated++
-		glog.V(1).Infof("Successfully validated user: %s", identity.Name)
-	}
-
-	glog.Infof("Validation completed: %d validated, %d failed", validated, failed)
-
-	if failed > 0 {
-		return fmt.Errorf("validation completed with %d failures", failed)
-	}
-
-	return nil
-}