Resolved merge conflicts in:
- weed/admin/static/js/modal-alerts.js: Adopted incoming improvements and HTML support.
- weed/admin/view/app/collection_details.templ: Switched to showAlert info type.
- weed/admin/view/app/file_browser.templ: Used descriptive delete message.
- weed/admin/view/app/maintenance_workers.templ: Used encoding and headers in pauseWorker.
- weed/admin/view/app/object_store_users.templ: Restored accidentally deleted delete functions and used encodeURIComponent.
- weed/admin/view/app/policies.templ: Standardized on showAlert and descriptive confirmations.
Regenerated all templ files.
* Add IAM gRPC service definition
- Add GetConfiguration/PutConfiguration for config management
- Add CreateUser/GetUser/UpdateUser/DeleteUser/ListUsers for user management
- Add CreateAccessKey/DeleteAccessKey/GetUserByAccessKey for access key management
- Methods mirror existing IAM HTTP API functionality
* Add IAM gRPC handlers on filer server
- Implement IamGrpcServer with CredentialManager integration
- Handle configuration get/put operations
- Handle user CRUD operations
- Handle access key create/delete operations
- All methods delegate to CredentialManager for actual storage
* Wire IAM gRPC service to filer server
- Add CredentialManager field to FilerOption and FilerServer
- Import credential store implementations in filer command
- Initialize CredentialManager from credential.toml if available
- Register IAM gRPC service on filer gRPC server
- Enable credential management via gRPC alongside existing filer services
* Regenerate IAM protobuf with gRPC service methods
* fix: compilation error in DeleteUser
* fix: address code review comments for IAM migration
* feat: migrate policies to multi-file layout and fix identity duplicated content
* refactor: remove configuration.json and migrate Service Accounts to multi-file layout
* refactor: standardize Service Accounts as distinct store entities and fix Admin Server persistence
* config: set ServiceAccountsDirectory to /etc/iam/service_accounts
* Fix Chrome dialog auto-dismiss with Bootstrap modals
- Add modal-alerts.js library with Bootstrap modal replacements
- Replace all 15 confirm() calls with showConfirm/showDeleteConfirm
- Auto-override window.alert() for all alert() calls
- Fixes Chrome 132+ aggressively blocking native dialogs
* Upgrade Bootstrap from 5.3.2 to 5.3.8
* Fix syntax error in object_store_users.templ - remove duplicate closing braces
* create policy
* display errors
* migrate to multi-file policies
* address PR feedback: use showDeleteConfirm and showErrorMessage in policies.templ, refine migration check
* Update policies_templ.go
* add service account to iam grpc
* iam: fix potential path traversal in policy names by validating name pattern
* iam: add GetServiceAccountByAccessKey to CredentialStore interface
* iam: implement service account support for PostgresStore
Includes full CRUD operations and efficient lookup by access key.
* iam: implement GetServiceAccountByAccessKey for filer_etc, grpc, and memory stores
Provides efficient lookup of service accounts by access key where possible,
with linear scan fallbacks for file-based stores.
* iam: remove filer_multiple support
Deleted its implementation and references in imports, scaffold config,
and core interface constants. Redundant with filer_etc.
* clear comment
* dash: robustify service account construction
- Guard against nil sa.Credential when constructing responses
- Fix Expiration logic to only set if > 0, avoiding Unix epoch 1970
- Ensure consistency across Get, Create, and Update handlers
* credential/filer_etc: improve error propagation in configuration handlers
- Return error from loadServiceAccountsFromMultiFile to callers
- Ensure listEntries errors in SaveConfiguration (cleanup logic) are
propagated unless they are "not found" failures.
- Fixes potential silent failures during IAM configuration sync.
* credential/filer_etc: add existence check to CreateServiceAccount
Ensures consistency with other stores by preventing accidental overwrite
of existing service accounts during creation.
* credential/memory: improve store robustness and Reset logic
- Enforce ID immutability in UpdateServiceAccount to prevent orphans
- Update Reset() to also clear the policies map, ensuring full state
cleanup for tests.
* dash: improve service account robustness and policy docs
- Wrap parent user lookup errors to preserve context
- Strictly validate Status field in UpdateServiceAccount
- Add deprecation comments to legacy policy management methods
* credential/filer_etc: protect against path traversal in service accounts
Implemented ID validation (alphanumeric, underscores, hyphens) and applied
it to Get, Save, and Delete operations to ensure no directory traversal
via saId.json filenames.
* credential/postgres: improve robustness and cleanup comments
- Removed brainstorming comments in GetServiceAccountByAccessKey
- Added missing rows.Err() check during iteration
- Properly propagate Scan and Unmarshal errors instead of swallowing them
* admin: unify UI alerts and confirmations using Bootstrap modals
- Updated modal-alerts.js with improved automated alert type detection
- Replaced native alert() and confirm() with showAlert(), showConfirm(),
and showDeleteConfirm() across various Templ components
- Improved UX for delete operations by providing better context and styling
- Ensured consistent error reporting across IAM and Maintenance views
* admin: additional UI consistency fixes for alerts and confirmations
- Replaced native alert() and confirm() with Bootstrap modals in:
- EC volumes (repair flow)
- Collection details (repair flow)
- File browser (properties and delete)
- Maintenance config schema (save and reset)
- Improved delete confirmation in file browser with item context
- Ensured consistent success/error/info styling for all feedbacks
* make
* iam: add GetServiceAccountByAccessKey RPC and update GetConfiguration
* iam: implement GetServiceAccountByAccessKey on server and client
* iam: centralize policy and service account validation
* iam: optimize MemoryStore service account lookups with indexing
* iam: fix postgres service_accounts table and optimize lookups
* admin: refactor modal alerts and clean up dashboard logic
* admin: fix EC shards table layout mismatch
* admin: URL-encode IAM path parameters for safety
* admin: implement pauseWorker logic in maintenance view
* iam: add rows.Err() check to postgres ListServiceAccounts
* iam: standardize ErrServiceAccountNotFound across credential stores
* iam: map ErrServiceAccountNotFound to codes.NotFound in DeleteServiceAccount
* iam: refine service account store logic, errors and schema
* iam: add validation to GetServiceAccountByAccessKey
* admin: refine modal titles and ensure URL safety
* admin: address bot review comments for alerts and async usage
* iam: fix syntax error by restoring missing function declaration
* [FilerEtcStore] improve error handling in CreateServiceAccount
Refine error handling to provide clearer messages when checking for
existing service accounts.
* [PostgresStore] add nil guards and validation to service account methods
Ensure input parameters are not nil and required IDs are present
to prevent runtime panics and ensure data integrity.
* [JS] add shared IAM utility script
Consolidate common IAM operations like deleteUser and deleteAccessKey
into a shared utility script for better maintainability.
* [View] include shared IAM utilities in layout
Include iam-utils.js in the main layout to make IAM functions
available across all administrative pages.
* [View] refactor IAM logic and restore async in EC Shards view
Remove redundant local IAM functions and ensure that delete
confirmation callbacks are properly marked as async.
* [View] consolidate IAM logic in Object Store Users view
Remove redundant local definitions of deleteUser and deleteAccessKey,
relying on the shared utilities instead.
* [View] update generated templ files for UI consistency
* credential/postgres: remove redundant name column from service_accounts table
The id is already used as the unique identifier and was being copied to the name column.
This removes the name column from the schema and updates the INSERT/UPDATE queries.
* credential/filer_etc: improve logging for policy migration failures
Added Errorf log if AtomicRenameEntry fails during migration to ensure visibility of common failure points.
* credential: allow uppercase characters in service account ID username
Updated ServiceAccountIdPattern to allow [A-Za-z0-9_-]+ for the username component,
matching the actual service account creation logic which uses the parent user name directly.
* Update object_store_users_templ.go
* admin: fix ec_shards pagination to handle numeric page arguments
Updated goToPage in cluster_ec_shards.templ to accept either an Event
or a numeric page argument. This prevents errors when goToPage(1)
is called directly. Corrected both the .templ source and generated Go code.
* credential/filer_etc: improve service account storage robustness
Added nil guard to saveServiceAccount, updated GetServiceAccount
to return ErrServiceAccountNotFound for empty data, and improved
deleteServiceAccount to handle response-level Filer errors.
* admin: add Service Account management UI
Add admin UI for managing service accounts:
New files:
- handlers/service_account_handlers.go - HTTP handlers
- dash/service_account_management.go - CRUD operations
- view/app/service_accounts.templ - UI template
Changes:
- dash/types.go - Add ServiceAccount and related types
- handlers/admin_handlers.go - Register routes and handlers
- view/layout/layout.templ - Add sidebar navigation link
Service accounts are stored as special identities with "sa:" prefix
in their name, using ABIA access key prefix. They can be created,
listed, enabled/disabled, and deleted through the admin UI.
Features:
- Create service accounts linked to parent users
- View and manage service account status
- Delete service accounts
- Service accounts inherit parent user permissions
Note: STS configuration is read-only (configured via JSON file).
Full STS integration requires changes from PR #7901.
* admin: use dropdown for parent user selection
Change the Parent User field from text input to dropdown when
creating a service account. The dropdown is populated with all
existing Object Store users.
Changes:
- Add AvailableUsers field to ServiceAccountsData type
- Populate available users in getServiceAccountsData handler
- Update template to use <select> element with user options
* admin: show secret access key on service account creation
Display both access key and secret access key when creating a
service account, with proper AWS CLI usage instructions.
Changes:
- Add SecretAccessKey field to ServiceAccount type (only populated on creation)
- Return secret key from CreateServiceAccount
- Add credentials modal with copy-to-clipboard buttons
- Show AWS CLI usage example with actual credentials
- Modal is non-dismissible until user confirms they saved credentials
The secret key is only shown once during creation for security.
After creation, only the access key ID is visible in the list.
* admin: address code review comments for service account management
- Persist creation dates in identity actions (createdAt:timestamp)
- Replace magic number slicing with len(accessKeyPrefix)
- Add bounds checking after strings.SplitN
- Use accessKeyPrefix constant instead of hardcoded "ABIA"
Creation dates are now stored as actions (e.g., "createdAt:1735473600")
and will persist across restarts. Helper functions getCreationDate()
and setCreationDate() manage the timestamp storage.
Addresses review comments from gemini-code-assist[bot] and coderabbitai[bot]
* admin: fix XSS vulnerabilities in service account details
Replace innerHTML with template literals with safe DOM creation.
The createSADetailsContent function now uses createElement and
textContent to prevent XSS attacks from malicious service account
data (id, description, parent_user, etc.).
Also added try-catch for date parsing to prevent exceptions on
malformed input.
Addresses security review comments from coderabbitai[bot]
* admin: add context.Context to service account management methods
Addressed PR #7902 review feedback:
1. All service account management methods now accept context.Context as
first parameter to enable cancellation, deadlines, and tracing
2. Removed all context.Background() calls
3. Updated handlers to pass c.Request.Context() from HTTP requests
Methods updated:
- GetServiceAccounts
- GetServiceAccountDetails
- CreateServiceAccount
- UpdateServiceAccount
- DeleteServiceAccount
- GetServiceAccountByAccessKey
Note: Creation date persistence was already implemented using the
createdAt:<timestamp> action pattern as suggested in the review.
* admin: fix render flow to prevent partial HTML writes
Fixed ShowServiceAccounts handler to render template to an in-memory
buffer first before writing to the response. This prevents partial HTML
writes followed by JSON error responses, which would result in invalid
mixed content.
Changes:
- Render to bytes.Buffer first
- Only write to c.Writer if render succeeds
- Use c.AbortWithStatus on error instead of attempting JSON response
- Prevents any additional headers/body writes after partial write
* admin: fix error handling, date validation, and event parameters
Addressed multiple code review issues:
1. Proper 404 vs 500 error handling:
- Added ErrServiceAccountNotFound sentinel error
- GetServiceAccountDetails now wraps errors with sentinel
- Handler uses errors.Is() to distinguish not-found from internal errors
- Returns 404 only for missing resources, 500 for other errors
- Logs internal errors before returning 500
2. Date validation in JavaScript:
- Validate expiration date before using it
- Check !isNaN(date.getTime()) to ensure valid date
- Return validation error if date is invalid
- Prevents invalid Date construction
3. Event parameter handling:
- copyToClipboard now accepts event parameter
- Updated onclick attributes to pass event object
- Prevents reliance on window.event
- More explicit and reliable event handling
* admin: replace deprecated execCommand with Clipboard API
Replaced deprecated document.execCommand('copy') with modern
navigator.clipboard.writeText() API for better security and UX.
Changes:
- Made copyToClipboard async to support Clipboard API
- Use navigator.clipboard.writeText() as primary method
- Fallback to execCommand if Clipboard API fails (older browsers)
- Added console warning when fallback is used
- Maintains same visual feedback behavior
* admin: improve security and UX for error handling
Addressed code review feedback:
1. Security: Remove sensitive error details from API responses
- CreateServiceAccount: Return generic error message
- UpdateServiceAccount: Return generic error message
- DeleteServiceAccount: Return generic error message
- Detailed errors still logged server-side via glog.Errorf()
- Prevents exposure of internal system details to clients
2. UX: Replace alert() with Bootstrap toast notifications
- Implemented showToast() function using Bootstrap 5 toasts
- Non-blocking, modern notification system
- Auto-dismiss after 5 seconds
- Proper HTML escaping to prevent XSS
- Toast container positioned at top-right
- Success (green) and error (red) variants
* admin: complete error handling improvements
Addressed remaining security review feedback:
1. GetServiceAccounts: Remove error details from response
- Log errors server-side via glog.Errorf()
- Return generic error message to client
2. UpdateServiceAccount & DeleteServiceAccount:
- Wrap not-found errors with ErrServiceAccountNotFound sentinel
- Enables proper 404 vs 500 distinction in handlers
3. Update & Delete handlers:
- Added errors.Is() check for ErrServiceAccountNotFound
- Return 404 for missing resources
- Return 500 for internal errors with logging
- Consistent with GetServiceAccountDetails behavior
All handlers now properly distinguish not-found (404) from internal
errors (500) and never expose sensitive error details to clients.
* admin: implement expiration support and improve code quality
Addressed final code review feedback:
1. Expiration Support:
- Added expiration helper functions (getExpiration, setExpiration)
- Implemented expiration in CreateServiceAccount
- Implemented expiration in UpdateServiceAccount
- Added Expiration field to ServiceAccount struct
- Parse and validate RFC3339 expiration dates
2. Constants for Magic Strings:
- Added StatusActive, StatusInactive constants
- Added disabledAction, serviceAccountPrefix constants
- Replaced all magic strings with constants throughout
- Improves maintainability and prevents typos
3. Helper Function to Reduce Duplication:
- Created identityToServiceAccount() helper
- Reduces code duplication across Get/Update/Delete methods
- Centralizes ServiceAccount struct building logic
4. Fixed time.Now() Fallback:
- Changed from time.Now() to time.Time{} for legacy accounts
- Prevents creation date from changing on each fetch
- UI can display zero time as "N/A" or blank
All code quality issues addressed!
* admin: fix StatusActive reference in handler
Use dash.StatusActive to properly reference the constant from the dash package.
* admin: regenerate templ files
Regenerated all templ Go files after recent template changes.
The AWS CLI usage example already uses proper <pre><code> formatting
which preserves line breaks for better readability.
* admin: add explicit white-space CSS to AWS CLI example
Added style="white-space: pre-wrap;" to the pre tag to ensure
line breaks are preserved and displayed correctly in all browsers.
This forces the browser to respect the newlines in the code block.
* admin: fix AWS CLI example to display on separate lines
Replaced pre/code block with individual div elements for each line.
This ensures each command displays on its own line regardless of
how templ processes whitespace. Each line is now a separate div
with font-monospace styling for code appearance.
* make
* admin: filter service accounts from parent user dropdown
Service accounts should not appear as selectable parent users when
creating new service accounts. Added filter to GetObjectStoreUsers()
to skip identities with "sa:" prefix, ensuring only actual IAM users
are shown in the parent user dropdown.
* admin: address code review feedback
- Use constants for magic strings in service account management
- Add Expiration field to service account responses
- Add nil checks and context propagation
- Improve templates (date validation, async clipboard, toast notifications)
* Update service_accounts_templ.go
* initial design
* added simulation as tests
* reorganized the codebase to move the simulation framework and tests into their own dedicated package
* integration test. ec worker task
* remove "enhanced" reference
* start master, volume servers, filer
Current Status
✅ Master: Healthy and running (port 9333)
✅ Filer: Healthy and running (port 8888)
✅ Volume Servers: All 6 servers running (ports 8080-8085)
🔄 Admin/Workers: Will start when dependencies are ready
* generate write load
* tasks are assigned
* admin start wtih grpc port. worker has its own working directory
* Update .gitignore
* working worker and admin. Task detection is not working yet.
* compiles, detection uses volumeSizeLimitMB from master
* compiles
* worker retries connecting to admin
* build and restart
* rendering pending tasks
* skip task ID column
* sticky worker id
* test canScheduleTaskNow
* worker reconnect to admin
* clean up logs
* worker register itself first
* worker can run ec work and report status
but:
1. one volume should not be repeatedly worked on.
2. ec shards needs to be distributed and source data should be deleted.
* move ec task logic
* listing ec shards
* local copy, ec. Need to distribute.
* ec is mostly working now
* distribution of ec shards needs improvement
* need configuration to enable ec
* show ec volumes
* interval field UI component
* rename
* integration test with vauuming
* garbage percentage threshold
* fix warning
* display ec shard sizes
* fix ec volumes list
* Update ui.go
* show default values
* ensure correct default value
* MaintenanceConfig use ConfigField
* use schema defined defaults
* config
* reduce duplication
* refactor to use BaseUIProvider
* each task register its schema
* checkECEncodingCandidate use ecDetector
* use vacuumDetector
* use volumeSizeLimitMB
* remove
remove
* remove unused
* refactor
* use new framework
* remove v2 reference
* refactor
* left menu can scroll now
* The maintenance manager was not being initialized when no data directory was configured for persistent storage.
* saving config
* Update task_config_schema_templ.go
* enable/disable tasks
* protobuf encoded task configurations
* fix system settings
* use ui component
* remove logs
* interface{} Reduction
* reduce interface{}
* reduce interface{}
* avoid from/to map
* reduce interface{}
* refactor
* keep it DRY
* added logging
* debug messages
* debug level
* debug
* show the log caller line
* use configured task policy
* log level
* handle admin heartbeat response
* Update worker.go
* fix EC rack and dc count
* Report task status to admin server
* fix task logging, simplify interface checking, use erasure_coding constants
* factor in empty volume server during task planning
* volume.list adds disk id
* track disk id also
* fix locking scheduled and manual scanning
* add active topology
* simplify task detector
* ec task completed, but shards are not showing up
* implement ec in ec_typed.go
* adjust log level
* dedup
* implementing ec copying shards and only ecx files
* use disk id when distributing ec shards
🎯 Planning: ActiveTopology creates DestinationPlan with specific TargetDisk
📦 Task Creation: maintenance_integration.go creates ECDestination with DiskId
🚀 Task Execution: EC task passes DiskId in VolumeEcShardsCopyRequest
💾 Volume Server: Receives disk_id and stores shards on specific disk (vs.store.Locations[req.DiskId])
📂 File System: EC shards and metadata land in the exact disk directory planned
* Delete original volume from all locations
* clean up existing shard locations
* local encoding and distributing
* Update docker/admin_integration/EC-TESTING-README.md
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* check volume id range
* simplify
* fix tests
* fix types
* clean up logs and tests
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* add a menu item "Message Queue"
* add a menu item "Message Queue"
* move the "brokers" link under it.
* add "topics", "subscribers". Add pages for them.
* refactor
* show topic details
* admin display publisher and subscriber info
* remove publisher and subscribers from the topic row pull down
* collecting more stats from publishers and subscribers
* fix layout
* fix publisher name
* add local listeners for mq broker and agent
* render consumer group offsets
* remove subscribers from left menu
* topic with retention
* support editing topic retention
* show retention when listing topics
* create bucket
* Update s3_buckets_templ.go
* embed the static assets into the binary
fix https://github.com/seaweedfs/seaweedfs/issues/6964
* add ui for maintenance
* valid config loading. fix workers page.
* refactor
* grpc between admin and workers
* add a long-running bidirectional grpc call between admin and worker
* use the grpc call to heartbeat
* use the grpc call to communicate
* worker can remove the http client
* admin uses http port + 10000 as its default grpc port
* one task one package
* handles connection failures gracefully with exponential backoff
* grpc with insecure tls
* grpc with optional tls
* fix detecting tls
* change time config from nano seconds to seconds
* add tasks with 3 interfaces
* compiles reducing hard coded
* remove a couple of tasks
* remove hard coded references
* reduce hard coded values
* remove hard coded values
* remove hard coded from templ
* refactor maintenance package
* fix import cycle
* simplify
* simplify
* auto register
* auto register factory
* auto register task types
* self register types
* refactor
* simplify
* remove one task
* register ui
* lazy init executor factories
* use registered task types
* DefaultWorkerConfig remove hard coded task types
* remove more hard coded
* implement get maintenance task
* dynamic task configuration
* "System Settings" should only have system level settings
* adjust menu for tasks
* ensure menu not collapsed
* render job configuration well
* use templ for ui of task configuration
* fix ordering
* fix bugs
* saving duration in seconds
* use value and unit for duration
* Delete WORKER_REFACTORING_PLAN.md
* Delete maintenance.json
* Delete custom_worker_example.go
* remove address from workers
* remove old code from ec task
* remove creating collection button
* reconnect with exponential backoff
* worker use security.toml
* start admin server with tls info from security.toml
* fix "weed admin" cli description
