* implement sse-c
* fix Content-Range
* adding tests
* Update s3_sse_c_test.go
* copy sse-c objects
* adding tests
* refactor
* multi reader
* remove extra write header call
* refactor
* SSE-C encrypted objects do not support HTTP Range requests
* robust
* fix server starts
* Update Makefile
* Update Makefile
* ci: remove SSE-C integration tests and workflows; delete test/s3/encryption/
* s3: SSE-C MD5 must be base64 (case-sensitive); fix validation, comparisons, metadata storage; update tests
* minor
* base64
* Update SSE-C_IMPLEMENTATION.md
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update weed/s3api/s3api_object_handlers.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update SSE-C_IMPLEMENTATION.md
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* address comments
* fix test
* fix compilation
* Bucket Default Encryption
To complete the SSE-KMS implementation for production use:
Add AWS KMS Provider - Implement weed/kms/aws/aws_kms.go using AWS SDK
Integrate with S3 Handlers - Update PUT/GET object handlers to use SSE-KMS
Add Multipart Upload Support - Extend SSE-KMS to multipart uploads
Configuration Integration - Add KMS configuration to filer.toml
Documentation - Update SeaweedFS wiki with SSE-KMS usage examples
* store bucket sse config in proto
* add more tests
* Update SSE-C_IMPLEMENTATION.md
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Fix rebase errors and restore structured BucketMetadata API
Merge Conflict Fixes:
- Fixed merge conflicts in header.go (SSE-C and SSE-KMS headers)
- Fixed merge conflicts in s3api_errors.go (SSE-C and SSE-KMS error codes)
- Fixed merge conflicts in s3_sse_c.go (copy strategy constants)
- Fixed merge conflicts in s3api_object_handlers_copy.go (copy strategy usage)
API Restoration:
- Restored BucketMetadata struct with Tags, CORS, and Encryption fields
- Restored structured API functions: GetBucketMetadata, SetBucketMetadata, UpdateBucketMetadata
- Restored helper functions: UpdateBucketTags, UpdateBucketCORS, UpdateBucketEncryption
- Restored clear functions: ClearBucketTags, ClearBucketCORS, ClearBucketEncryption
Handler Updates:
- Updated GetBucketTaggingHandler to use GetBucketMetadata() directly
- Updated PutBucketTaggingHandler to use UpdateBucketTags()
- Updated DeleteBucketTaggingHandler to use ClearBucketTags()
- Updated CORS handlers to use UpdateBucketCORS() and ClearBucketCORS()
- Updated loadCORSFromBucketContent to use GetBucketMetadata()
Internal Function Updates:
- Updated getBucketMetadata() to return *BucketMetadata struct
- Updated setBucketMetadata() to accept *BucketMetadata struct
- Updated getBucketEncryptionMetadata() to use GetBucketMetadata()
- Updated setBucketEncryptionMetadata() to use SetBucketMetadata()
Benefits:
- Resolved all rebase conflicts while preserving both SSE-C and SSE-KMS functionality
- Maintained consistent structured API throughout the codebase
- Eliminated intermediate wrapper functions for cleaner code
- Proper error handling with better granularity
- All tests passing and build successful
The bucket metadata system now uses a unified, type-safe, structured API
that supports tags, CORS, and encryption configuration consistently.
* Fix updateEncryptionConfiguration for first-time bucket encryption setup
- Change getBucketEncryptionMetadata to getBucketMetadata to avoid failures when no encryption config exists
- Change setBucketEncryptionMetadata to setBucketMetadataWithEncryption for consistency
- This fixes the critical issue where bucket encryption configuration failed for buckets without existing encryption
Fixes: https://github.com/seaweedfs/seaweedfs/pull/7144#discussion_r2285669572
* Fix rebase conflicts and maintain structured BucketMetadata API
Resolved Conflicts:
- Fixed merge conflicts in s3api_bucket_config.go between structured API (HEAD) and old intermediate functions
- Kept modern structured API approach: UpdateBucketCORS, ClearBucketCORS, UpdateBucketEncryption
- Removed old intermediate functions: setBucketTags, deleteBucketTags, setBucketMetadataWithEncryption
API Consistency Maintained:
- updateCORSConfiguration: Uses UpdateBucketCORS() directly
- removeCORSConfiguration: Uses ClearBucketCORS() directly
- updateEncryptionConfiguration: Uses UpdateBucketEncryption() directly
- All structured API functions preserved: GetBucketMetadata, SetBucketMetadata, UpdateBucketMetadata
Benefits:
- Maintains clean separation between API layers
- Preserves atomic metadata updates with proper error handling
- Eliminates function indirection for better performance
- Consistent API usage pattern throughout codebase
- All tests passing and build successful
The bucket metadata system continues to use the unified, type-safe, structured API
that properly handles tags, CORS, and encryption configuration without any
intermediate wrapper functions.
* Fix complex rebase conflicts and maintain clean structured BucketMetadata API
Resolved Complex Conflicts:
- Fixed merge conflicts between modern structured API (HEAD) and mixed approach
- Removed duplicate function declarations that caused compilation errors
- Consistently chose structured API approach over intermediate functions
Fixed Functions:
- BucketMetadata struct: Maintained clean field alignment
- loadCORSFromBucketContent: Uses GetBucketMetadata() directly
- updateCORSConfiguration: Uses UpdateBucketCORS() directly
- removeCORSConfiguration: Uses ClearBucketCORS() directly
- getBucketMetadata: Returns *BucketMetadata struct consistently
- setBucketMetadata: Accepts *BucketMetadata struct consistently
Removed Duplicates:
- Eliminated duplicate GetBucketMetadata implementations
- Eliminated duplicate SetBucketMetadata implementations
- Eliminated duplicate UpdateBucketMetadata implementations
- Eliminated duplicate helper functions (UpdateBucketTags, etc.)
API Consistency Achieved:
- Single, unified BucketMetadata struct for all operations
- Atomic updates through UpdateBucketMetadata with function callbacks
- Type-safe operations with proper error handling
- No intermediate wrapper functions cluttering the API
Benefits:
- Clean, maintainable codebase with no function duplication
- Consistent structured API usage throughout all bucket operations
- Proper error handling and type safety
- Build successful and all tests passing
The bucket metadata system now has a completely clean, structured API
without any conflicts, duplicates, or inconsistencies.
* Update remaining functions to use new structured BucketMetadata APIs directly
Updated functions to follow the pattern established in bucket config:
- getEncryptionConfiguration() -> Uses GetBucketMetadata() directly
- removeEncryptionConfiguration() -> Uses ClearBucketEncryption() directly
Benefits:
- Consistent API usage pattern across all bucket metadata operations
- Simpler, more readable code that leverages the structured API
- Eliminates calls to intermediate legacy functions
- Better error handling and logging consistency
- All tests pass with improved functionality
This completes the transition to using the new structured BucketMetadata API
throughout the entire bucket configuration and encryption subsystem.
* Fix GitHub PR #7144 code review comments
Address all code review comments from Gemini Code Assist bot:
1. **High Priority - SSE-KMS Key Validation**: Fixed ValidateSSEKMSKey to allow empty KMS key ID
- Empty key ID now indicates use of default KMS key (consistent with AWS behavior)
- Updated ParseSSEKMSHeaders to call validation after parsing
- Enhanced isValidKMSKeyID to reject keys with spaces and invalid characters
2. **Medium Priority - KMS Registry Error Handling**: Improved error collection in CloseAll
- Now collects all provider close errors instead of only returning the last one
- Uses proper error formatting with %w verb for error wrapping
- Returns single error for one failure, combined message for multiple failures
3. **Medium Priority - Local KMS Aliases Consistency**: Fixed alias handling in CreateKey
- Now updates the aliases slice in-place to maintain consistency
- Ensures both p.keys map and key.Aliases slice use the same prefixed format
All changes maintain backward compatibility and improve error handling robustness.
Tests updated and passing for all scenarios including edge cases.
* Use errors.Join for KMS registry error handling
Replace manual string building with the more idiomatic errors.Join function:
- Removed manual error message concatenation with strings.Builder
- Simplified error handling logic by using errors.Join(allErrors...)
- Removed unnecessary string import
- Added errors import for errors.Join
This approach is cleaner, more idiomatic, and automatically handles:
- Returning nil for empty error slice
- Returning single error for one-element slice
- Properly formatting multiple errors with newlines
The errors.Join function was introduced in Go 1.20 and is the
recommended way to combine multiple errors.
* Update registry.go
* Fix GitHub PR #7144 latest review comments
Address all new code review comments from Gemini Code Assist bot:
1. **High Priority - SSE-KMS Detection Logic**: Tightened IsSSEKMSEncrypted function
- Now relies only on the canonical x-amz-server-side-encryption header
- Removed redundant check for x-amz-encrypted-data-key metadata
- Prevents misinterpretation of objects with inconsistent metadata state
- Updated test case to reflect correct behavior (encrypted data key only = false)
2. **Medium Priority - UUID Validation**: Enhanced KMS key ID validation
- Replaced simplistic length/hyphen count check with proper regex validation
- Added regexp import for robust UUID format checking
- Regex pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$
- Prevents invalid formats like '------------------------------------' from passing
3. **Medium Priority - Alias Mutation Fix**: Avoided input slice modification
- Changed CreateKey to not mutate the input aliases slice in-place
- Uses local variable for modified alias to prevent side effects
- Maintains backward compatibility while being safer for callers
All changes improve code robustness and follow AWS S3 standards more closely.
Tests updated and passing for all scenarios including edge cases.
* Fix failing SSE tests
Address two failing test cases:
1. **TestSSEHeaderConflicts**: Fixed SSE-C and SSE-KMS mutual exclusion
- Modified IsSSECRequest to return false if SSE-KMS headers are present
- Modified IsSSEKMSRequest to return false if SSE-C headers are present
- This prevents both detection functions from returning true simultaneously
- Aligns with AWS S3 behavior where SSE-C and SSE-KMS are mutually exclusive
2. **TestBucketEncryptionEdgeCases**: Fixed XML namespace validation
- Added namespace validation in encryptionConfigFromXMLBytes function
- Now rejects XML with invalid namespaces (only allows empty or AWS standard namespace)
- Validates XMLName.Space to ensure proper XML structure
- Prevents acceptance of malformed XML with incorrect namespaces
Both fixes improve compliance with AWS S3 standards and prevent invalid
configurations from being accepted. All SSE and bucket encryption tests
now pass successfully.
* Fix GitHub PR #7144 latest review comments
Address two new code review comments from Gemini Code Assist bot:
1. **High Priority - Race Condition in UpdateBucketMetadata**: Fixed thread safety issue
- Added per-bucket locking mechanism to prevent race conditions
- Introduced bucketMetadataLocks map with RWMutex for each bucket
- Added getBucketMetadataLock helper with double-checked locking pattern
- UpdateBucketMetadata now uses bucket-specific locks to serialize metadata updates
- Prevents last-writer-wins scenarios when concurrent requests update different metadata parts
2. **Medium Priority - KMS Key ARN Validation**: Improved robustness of ARN validation
- Enhanced isValidKMSKeyID function to strictly validate ARN structure
- Changed from 'len(parts) >= 6' to 'len(parts) != 6' for exact part count
- Added proper resource validation for key/ and alias/ prefixes
- Prevents malformed ARNs with incorrect structure from being accepted
- Now validates: arn:aws:kms:region:account:key/keyid or arn:aws:kms:region:account:alias/aliasname
Both fixes improve system reliability and prevent edge cases that could cause
data corruption or security issues. All existing tests continue to pass.
* format
* address comments
* Configuration Adapter
* Regex Optimization
* Caching Integration
* add negative cache for non-existent buckets
* remove bucketMetadataLocks
* address comments
* address comments
* copying objects with sse-kms
* copying strategy
* store IV in entry metadata
* implement compression reader
* extract json map as sse kms context
* bucket key
* comments
* rotate sse chunks
* KMS Data Keys use AES-GCM + nonce
* add comments
* Update weed/s3api/s3_sse_kms.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update s3api_object_handlers_put.go
* get IV from response header
* set sse headers
* Update s3api_object_handlers.go
* deterministic JSON marshaling
* store iv in entry metadata
* address comments
* not used
* store iv in destination metadata
ensures that SSE-C copy operations with re-encryption (decrypt/re-encrypt scenario) now properly store the destination encryption metadata
* add todo
* address comments
* SSE-S3 Deserialization
* add BucketKMSCache to BucketConfig
* fix test compilation
* already not empty
* use constants
* fix: critical metadata (encrypted data keys, encryption context, etc.) was never stored during PUT/copy operations
* address comments
* fix tests
* Fix SSE-KMS Copy Re-encryption
* Cache now persists across requests
* fix test
* iv in metadata only
* SSE-KMS copy operations should follow the same pattern as SSE-C
* fix size overhead calculation
* Filer-Side SSE Metadata Processing
* SSE Integration Tests
* fix tests
* clean up
* Update s3_sse_multipart_test.go
* add s3 sse tests
* unused
* add logs
* Update Makefile
* Update Makefile
* s3 health check
* The tests were failing because they tried to run both SSE-C and SSE-KMS tests
* Update weed/s3api/s3_sse_c.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update Makefile
* add back
* Update Makefile
* address comments
* fix tests
* Update s3-sse-tests.yml
* Update s3-sse-tests.yml
* fix sse-kms for PUT operation
* IV
* Update auth_credentials.go
* fix multipart with kms
* constants
* multipart sse kms
Modified handleSSEKMSResponse to detect multipart SSE-KMS objects
Added createMultipartSSEKMSDecryptedReader to handle each chunk independently
Each chunk now gets its own decrypted reader before combining into the final stream
* validate key id
* add SSEType
* permissive kms key format
* Update s3_sse_kms_test.go
* format
* assert equal
* uploading SSE-KMS metadata per chunk
* persist sse type and metadata
* avoid re-chunk multipart uploads
* decryption process to use stored PartOffset values
* constants
* sse-c multipart upload
* Unified Multipart SSE Copy
* purge
* fix fatalf
* avoid io.MultiReader which does not close underlying readers
* unified cross-encryption
* fix Single-object SSE-C
* adjust constants
* range read sse files
* remove debug logs
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* fix: parse filename in PUT + refactor
* fix: master iu public url with http
* fix: better parsing and handle disposition header
* fix: take mime type from file extension if not set
* listing files to convert to parquet
* write parquet files
* save logs into parquet files
* pass by value
* compact logs into parquet format
* can skip existing files
* refactor
* refactor
* fix compilation
* when no partition found
* refactor
* add untested parquet file read
* rename package
* refactor
* rename files
* remove unused
* add merged log read func
* parquet wants to know the file size
* rewind by time
* pass in stop ts
* add stop ts
* adjust log
* minor
* adjust log
* skip .parquet files when reading message logs
* skip non message files
* Update subscriber_record.go
* send messages
* skip message data with only ts
* skip non log files
* update parquet-go package
* ensure a valid record type
* add new field to a record type
* Update read_parquet_to_log.go
* fix parquet file name generation
* separating reading parquet and logs
* add key field
* add skipped logs
* use in memory cache
* refactor
* refactor
* refactor
* refactor, and change compact log
* refactor
* rename
* refactor
* fix format
* prefix v to version directory
* Added global http client
* Added Do func for global http client
* Changed the code to use the global http client
* Fix http client in volume uploader
* Fixed pkg name
* Fixed http util funcs
* Fixed http client for bench_filer_upload
* Fixed http client for stress_filer_upload
* Fixed http client for filer_server_handlers_proxy
* Fixed http client for command_fs_merge_volumes
* Fixed http client for command_fs_merge_volumes and command_volume_fsck
* Fixed http client for s3api_server
* Added init global client for main funcs
* Rename global_client to client
* Changed:
- fixed NewHttpClient;
- added CheckIsHttpsClientEnabled func
- updated security.toml in scaffold
* Reduce the visibility of some functions in the util/http/client pkg
* Added the loadSecurityConfig function
* Use util.LoadSecurityConfiguration() in NewHttpClient func
* Added context for the MasterClient's methods to avoid endless loops
* Returned WithClient function. Added WithClientCustomGetMaster function
* Hid unused ctx arguments
* Using a common context for the KeepConnectedToMaster and WaitUntilConnected functions
* Changed the context termination check in the tryConnectToMaster function
* Added a child context to the tryConnectToMaster function
* Added a common context for KeepConnectedToMaster and WaitUntilConnected functions in benchmark
* grow volumes if no writable volumes in current dataCenter
https://github.com/seaweedfs/seaweedfs/issues/3886
* fix tests with volume grow
* automatic volume grow one volume
* add ErrorChunkAssign metrics
* fix: disallow file name too long when writing a file
* bool LongerName to MaxFilenameLength
---------
Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
* compare chunks by timestamp
* fix slab clearing error
* fix test compilation
* move oldest chunk to sealed, instead of by fullness
* lock on fh.entryViewCache
* remove verbose logs
* revert slat clearing
* less logs
* less logs
* track write and read by timestamp
* remove useless logic
* add entry lock on file handle release
* use mem chunk only, swap file chunk has problems
* comment out code that maybe used later
* add debug mode to compare data read and write
* more efficient readResolvedChunks with linked list
* small optimization
* fix test compilation
* minor fix on writer
* add SeparateGarbageChunks
* group chunks into sections
* turn off debug mode
* fix tests
* fix tests
* tmp enable swap file chunk
* Revert "tmp enable swap file chunk"
This reverts commit 985137ec472924e4815f258189f6ca9f2168a0a7.
* simple refactoring
* simple refactoring
* do not re-use swap file chunk. Sealed chunks should not be re-used.
* comment out debugging facilities
* either mem chunk or swap file chunk is fine now
* remove orderedMutex as *semaphore.Weighted
not found impactful
* optimize size calculation for changing large files
* optimize performance to avoid going through the long list of chunks
* still problems with swap file chunk
* rename
* tiny optimization
* swap file chunk save only successfully read data
* fix
* enable both mem and swap file chunk
* resolve chunks with range
* rename
* fix chunk interval list
* also change file handle chunk group when adding chunks
* pick in-active chunk with time-decayed counter
* fix compilation
* avoid nil with empty fh.entry
* refactoring
* rename
* rename
* refactor visible intervals to *list.List
* refactor chunkViews to *list.List
* add IntervalList for generic interval list
* change visible interval to use IntervalList in generics
* cahnge chunkViews to *IntervalList[*ChunkView]
* use NewFileChunkSection to create
* rename variables
* refactor
* fix renaming leftover
* renaming
* renaming
* add insert interval
* interval list adds lock
* incrementally add chunks to readers
Fixes:
1. set start and stop offset for the value object
2. clone the value object
3. use pointer instead of copy-by-value when passing to interval.Value
4. use insert interval since adding chunk could be out of order
* fix tests compilation
* fix tests compilation
* remove old raft servers if they don't answer to pings for too long
add ping durations as options
rename ping fields
fix some todos
get masters through masterclient
raft remove server from leader
use raft servers to ping them
CheckMastersAlive for hashicorp raft only
* prepare blocking ping
* pass waitForReady as param
* pass waitForReady through all functions
* waitForReady works
* refactor
* remove unneeded params
* rollback unneeded changes
* fix
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
