chore: remove ~50k lines of unreachable dead code (#8913)

* chore: remove unreachable dead code across the codebase

Remove ~50,000 lines of unreachable code identified by static analysis.

Major removals:
- weed/filer/redis_lua: entire unused Redis Lua filer store implementation
- weed/wdclient/net2, resource_pool: unused connection/resource pool packages
- weed/plugin/worker/lifecycle: unused lifecycle plugin worker
- weed/s3api: unused S3 policy templates, presigned URL IAM, streaming copy,
  multipart IAM, key rotation, and various SSE helper functions
- weed/mq/kafka: unused partition mapping, compression, schema, and protocol functions
- weed/mq/offset: unused SQL storage and migration code
- weed/worker: unused registry, task, and monitoring functions
- weed/query: unused SQL engine, parquet scanner, and type functions
- weed/shell: unused EC proportional rebalance functions
- weed/storage/erasure_coding/distribution: unused distribution analysis functions
- Individual unreachable functions removed from 150+ files across admin,
  credential, filer, iam, kms, mount, mq, operation, pb, s3api, server,
  shell, storage, topology, and util packages

* fix(s3): reset shared memory store in IAM test to prevent flaky failure

TestLoadIAMManagerFromConfig_EmptyConfigWithFallbackKey was flaky because
the MemoryStore credential backend is a singleton registered via init().
Earlier tests that create anonymous identities pollute the shared store,
causing LookupAnonymous() to unexpectedly return true.

Fix by calling Reset() on the memory store before the test runs.

* style: run gofmt on changed files

* fix: restore KMS functions used by integration tests

* fix(plugin): prevent panic on send to closed worker session channel

The Plugin.sendToWorker method could panic with "send on closed channel"
when a worker disconnected while a message was being sent. The race was
between streamSession.close() closing the outgoing channel and sendToWorker
writing to it concurrently.

Add a done channel to streamSession that is closed before the outgoing
channel, and check it in sendToWorker's select to safely detect closed
sessions without panicking.

weed/s3api/policy/post-policy.go

@@ -1,321 +0,0 @@
-package policy
-
-/*
- * MinIO Go Library for Amazon S3 Compatible Cloud Storage
- * Copyright 2015-2017 MinIO, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import (
-	"encoding/base64"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
-)
-
-// expirationDateFormat date format for expiration key in json policy.
-const expirationDateFormat = "2006-01-02T15:04:05.999Z"
-
-// policyCondition explanation:
-// http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
-//
-// Example:
-//
-//	policyCondition {
-//	    matchType: "$eq",
-//	    key: "$Content-Type",
-//	    value: "image/png",
-//	}
-type policyCondition struct {
-	matchType string
-	condition string
-	value     string
-}
-
-// PostPolicy - Provides strict static type conversion and validation
-// for Amazon S3's POST policy JSON string.
-type PostPolicy struct {
-	// Expiration date and time of the POST policy.
-	expiration time.Time
-	// Collection of different policy conditions.
-	conditions []policyCondition
-	// ContentLengthRange minimum and maximum allowable size for the
-	// uploaded content.
-	contentLengthRange struct {
-		min int64
-		max int64
-	}
-
-	// Post form data.
-	formData map[string]string
-}
-
-// NewPostPolicy - Instantiate new post policy.
-func NewPostPolicy() *PostPolicy {
-	p := &PostPolicy{}
-	p.conditions = make([]policyCondition, 0)
-	p.formData = make(map[string]string)
-	return p
-}
-
-// SetExpires - Sets expiration time for the new policy.
-func (p *PostPolicy) SetExpires(t time.Time) error {
-	if t.IsZero() {
-		return errInvalidArgument("No expiry time set.")
-	}
-	p.expiration = t
-	return nil
-}
-
-// SetKey - Sets an object name for the policy based upload.
-func (p *PostPolicy) SetKey(key string) error {
-	if strings.TrimSpace(key) == "" || key == "" {
-		return errInvalidArgument("Object name is empty.")
-	}
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: "$key",
-		value:     key,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData["key"] = key
-	return nil
-}
-
-// SetKeyStartsWith - Sets an object name that an policy based upload
-// can start with.
-func (p *PostPolicy) SetKeyStartsWith(keyStartsWith string) error {
-	if strings.TrimSpace(keyStartsWith) == "" || keyStartsWith == "" {
-		return errInvalidArgument("Object prefix is empty.")
-	}
-	policyCond := policyCondition{
-		matchType: "starts-with",
-		condition: "$key",
-		value:     keyStartsWith,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData["key"] = keyStartsWith
-	return nil
-}
-
-// SetBucket - Sets bucket at which objects will be uploaded to.
-func (p *PostPolicy) SetBucket(bucketName string) error {
-	if strings.TrimSpace(bucketName) == "" || bucketName == "" {
-		return errInvalidArgument("Bucket name is empty.")
-	}
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: "$bucket",
-		value:     bucketName,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData["bucket"] = bucketName
-	return nil
-}
-
-// SetCondition - Sets condition for credentials, date and algorithm
-func (p *PostPolicy) SetCondition(matchType, condition, value string) error {
-	if strings.TrimSpace(value) == "" || value == "" {
-		return errInvalidArgument("No value specified for condition")
-	}
-
-	policyCond := policyCondition{
-		matchType: matchType,
-		condition: "$" + condition,
-		value:     value,
-	}
-	if condition == "X-Amz-Credential" || condition == "X-Amz-Date" || condition == "X-Amz-Algorithm" {
-		if err := p.addNewPolicy(policyCond); err != nil {
-			return err
-		}
-		p.formData[condition] = value
-		return nil
-	}
-	return errInvalidArgument("Invalid condition in policy")
-}
-
-// SetContentType - Sets content-type of the object for this policy
-// based upload.
-func (p *PostPolicy) SetContentType(contentType string) error {
-	if strings.TrimSpace(contentType) == "" || contentType == "" {
-		return errInvalidArgument("No content type specified.")
-	}
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: "$Content-Type",
-		value:     contentType,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData["Content-Type"] = contentType
-	return nil
-}
-
-// SetContentLengthRange - Set new min and max content length
-// condition for all incoming uploads.
-func (p *PostPolicy) SetContentLengthRange(min, max int64) error {
-	if min > max {
-		return errInvalidArgument("Minimum limit is larger than maximum limit.")
-	}
-	if min < 0 {
-		return errInvalidArgument("Minimum limit cannot be negative.")
-	}
-	if max < 0 {
-		return errInvalidArgument("Maximum limit cannot be negative.")
-	}
-	p.contentLengthRange.min = min
-	p.contentLengthRange.max = max
-	return nil
-}
-
-// SetSuccessActionRedirect - Sets the redirect success url of the object for this policy
-// based upload.
-func (p *PostPolicy) SetSuccessActionRedirect(redirect string) error {
-	if strings.TrimSpace(redirect) == "" || redirect == "" {
-		return errInvalidArgument("Redirect is empty")
-	}
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: "$success_action_redirect",
-		value:     redirect,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData["success_action_redirect"] = redirect
-	return nil
-}
-
-// SetSuccessStatusAction - Sets the status success code of the object for this policy
-// based upload.
-func (p *PostPolicy) SetSuccessStatusAction(status string) error {
-	if strings.TrimSpace(status) == "" || status == "" {
-		return errInvalidArgument("Status is empty")
-	}
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: "$success_action_status",
-		value:     status,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData["success_action_status"] = status
-	return nil
-}
-
-// SetUserMetadata - Set user metadata as a key/value couple.
-// Can be retrieved through a HEAD request or an event.
-func (p *PostPolicy) SetUserMetadata(key string, value string) error {
-	if strings.TrimSpace(key) == "" || key == "" {
-		return errInvalidArgument("Key is empty")
-	}
-	if strings.TrimSpace(value) == "" || value == "" {
-		return errInvalidArgument("Value is empty")
-	}
-	headerName := fmt.Sprintf("x-amz-meta-%s", key)
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: fmt.Sprintf("$%s", headerName),
-		value:     value,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData[headerName] = value
-	return nil
-}
-
-// SetUserData - Set user data as a key/value couple.
-// Can be retrieved through a HEAD request or an event.
-func (p *PostPolicy) SetUserData(key string, value string) error {
-	if key == "" {
-		return errInvalidArgument("Key is empty")
-	}
-	if value == "" {
-		return errInvalidArgument("Value is empty")
-	}
-	headerName := fmt.Sprintf("x-amz-%s", key)
-	policyCond := policyCondition{
-		matchType: "eq",
-		condition: fmt.Sprintf("$%s", headerName),
-		value:     value,
-	}
-	if err := p.addNewPolicy(policyCond); err != nil {
-		return err
-	}
-	p.formData[headerName] = value
-	return nil
-}
-
-// addNewPolicy - internal helper to validate adding new policies.
-func (p *PostPolicy) addNewPolicy(policyCond policyCondition) error {
-	if policyCond.matchType == "" || policyCond.condition == "" || policyCond.value == "" {
-		return errInvalidArgument("Policy fields are empty.")
-	}
-	p.conditions = append(p.conditions, policyCond)
-	return nil
-}
-
-// String function for printing policy in json formatted string.
-func (p PostPolicy) String() string {
-	return string(p.marshalJSON())
-}
-
-// marshalJSON - Provides Marshaled JSON in bytes.
-func (p PostPolicy) marshalJSON() []byte {
-	expirationStr := `"expiration":"` + p.expiration.Format(expirationDateFormat) + `"`
-	var conditionsStr string
-	conditions := []string{}
-	for _, po := range p.conditions {
-		conditions = append(conditions, fmt.Sprintf("[\"%s\",\"%s\",\"%s\"]", po.matchType, po.condition, po.value))
-	}
-	if p.contentLengthRange.min != 0 || p.contentLengthRange.max != 0 {
-		conditions = append(conditions, fmt.Sprintf("[\"content-length-range\", %d, %d]",
-			p.contentLengthRange.min, p.contentLengthRange.max))
-	}
-	if len(conditions) > 0 {
-		conditionsStr = `"conditions":[` + strings.Join(conditions, ",") + "]"
-	}
-	retStr := "{"
-	retStr = retStr + expirationStr + ","
-	retStr = retStr + conditionsStr
-	retStr = retStr + "}"
-	return []byte(retStr)
-}
-
-// base64 - Produces base64 of PostPolicy's Marshaled json.
-func (p PostPolicy) base64() string {
-	return base64.StdEncoding.EncodeToString(p.marshalJSON())
-}
-
-// errInvalidArgument - Invalid argument response.
-func errInvalidArgument(message string) error {
-	return s3err.RESTErrorResponse{
-		StatusCode: http.StatusBadRequest,
-		Code:       "InvalidArgument",
-		Message:    message,
-		RequestID:  "client",
-	}
-}

weed/s3api/policy/postpolicyform_test.go

@@ -1,106 +0,0 @@
-package policy
-
-/*
- * MinIO Cloud Storage, (C) 2016 MinIO, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import (
-	"encoding/base64"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-)
-
-// Test Post Policy parsing and checking conditions
-func TestPostPolicyForm(t *testing.T) {
-	pp := NewPostPolicy()
-	pp.SetBucket("testbucket")
-	pp.SetContentType("image/jpeg")
-	pp.SetUserMetadata("uuid", "14365123651274")
-	pp.SetKeyStartsWith("user/user1/filename")
-	pp.SetContentLengthRange(1048579, 10485760)
-	pp.SetSuccessStatusAction("201")
-
-	type testCase struct {
-		Bucket              string
-		Key                 string
-		XAmzDate            string
-		XAmzAlgorithm       string
-		XAmzCredential      string
-		XAmzMetaUUID        string
-		ContentType         string
-		SuccessActionStatus string
-		Policy              string
-		Expired             bool
-		expectedErr         error
-	}
-
-	testCases := []testCase{
-		// Everything is fine with this test
-		{Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", SuccessActionStatus: "201", XAmzCredential: "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: nil},
-		// Expired policy document
-		{Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", SuccessActionStatus: "201", XAmzCredential: "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", Expired: true, expectedErr: fmt.Errorf("Invalid according to Policy: Policy expired")},
-		// Different AMZ date
-		{Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "2017T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
-		// Key which doesn't start with user/user1/filename
-		{Bucket: "testbucket", Key: "myfile.txt", XAmzDate: "20160727T000000Z", XAmzMetaUUID: "14365123651274", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
-		// Incorrect bucket name.
-		{Bucket: "incorrect", Key: "user/user1/filename/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
-		// Incorrect key name
-		{Bucket: "testbucket", Key: "incorrect", XAmzDate: "20160727T000000Z", XAmzMetaUUID: "14365123651274", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
-		// Incorrect date
-		{Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "incorrect", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
-		// Incorrect ContentType
-		{Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "incorrect", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
-		// Incorrect Metadata
-		{Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "151274", SuccessActionStatus: "201", XAmzCredential: "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed: [eq, $x-amz-meta-uuid, 14365123651274]")},
-	}
-	// Validate all the test cases.
-	for i, tt := range testCases {
-		formValues := make(http.Header)
-		formValues.Set("Bucket", tt.Bucket)
-		formValues.Set("Key", tt.Key)
-		formValues.Set("Content-Type", tt.ContentType)
-		formValues.Set("X-Amz-Date", tt.XAmzDate)
-		formValues.Set("X-Amz-Meta-Uuid", tt.XAmzMetaUUID)
-		formValues.Set("X-Amz-Algorithm", tt.XAmzAlgorithm)
-		formValues.Set("X-Amz-Credential", tt.XAmzCredential)
-		if tt.Expired {
-			// Expired already.
-			pp.SetExpires(time.Now().UTC().AddDate(0, 0, -10))
-		} else {
-			// Expires in 10 days.
-			pp.SetExpires(time.Now().UTC().AddDate(0, 0, 10))
-		}
-
-		formValues.Set("Policy", base64.StdEncoding.EncodeToString([]byte(pp.String())))
-		formValues.Set("Success_action_status", tt.SuccessActionStatus)
-		policyBytes, err := base64.StdEncoding.DecodeString(base64.StdEncoding.EncodeToString([]byte(pp.String())))
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		postPolicyForm, err := ParsePostPolicyForm(string(policyBytes))
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		err = CheckPostPolicy(formValues, postPolicyForm)
-		if err != nil && tt.expectedErr != nil && err.Error() != tt.expectedErr.Error() {
-			t.Fatalf("Test %d:, Expected %s, got %s", i+1, tt.expectedErr.Error(), err.Error())
-		}
-	}
-}