Mirror
/
MinIO
mirror of https://github.com/minio/minio.git
2
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12018 Commits
4 Branches
520 Tags
175 MiB
Tree: RELEASE.20
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'RELEASE.20'
${ noResults }
MinIO/cmd/bucket-metadata.go

595 lines
18 KiB
Raw Permalink Normal View History

update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io>
4 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Add support for server side bucket replication (#9882)
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Bump up madmin-go and pkg deps (#17469)
2 years ago
Move dependency from minio-go v6 to v7 (#10042)
5 years ago
rename all remaining packages to internal/ (#12418) This is to ensure that there are no projects that try to import `minio/minio/pkg` into their own repo. Any such common packages should go to `https://github.com/minio/pkg`
4 years ago
ldap: Add user DN attributes list config param (#19758) This change uses the updated ldap library in minio/pkg (bumped up to v3). A new config parameter is added for LDAP configuration to specify extra user attributes to load from the LDAP server and to store them as additional claims for the user. A test is added in sts_handlers.go that shows how to access the LDAP attributes as a claim. This is in preparation for adding SSH pubkey authentication to MinIO's SFTP integration.
1 year ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
bucket-metadata: Reload events/repl-targets for all buckets (#20334) Currently, the bucket events and replication targets are only reloaded with buckets that failed to load during the first cluster startup, which is wrong because if one bucket change was done in one node but that node was not able to notify other nodes; the other nodes will reload the bucket metadata config but fails to set the events and bucket targets in the memory.
11 months ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
Update to minio/pkg/v2 (#17967)
2 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
site replication: fix healing of bucket deletes. (#15377) This PR changes the handling of bucket deletes for site replicated setups to hold on to deleted bucket state until it syncs to all the clusters participating in site replication.
3 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
5 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
bucket-metadata: Reload events/repl-targets for all buckets (#20334) Currently, the bucket events and replication targets are only reloaded with buckets that failed to load during the first cluster startup, which is wrong because if one bucket change was done in one node but that node was not able to notify other nodes; the other nodes will reload the bucket metadata config but fails to set the events and bucket targets in the memory.
11 months ago
simplify bucket metadata lookups for versioning/object locking (#17253)
2 years ago
site replication: fix healing of bucket deletes. (#15377) This PR changes the handling of bucket deletes for site replicated setups to hold on to deleted bucket state until it syncs to all the clusters participating in site replication.
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
fix: handle concurrent lockers with multiple optimizations (#10640) - select lockers which are non-local and online to have affinity towards remote servers for lock contention - optimize lock retry interval to avoid sending too many messages during lock contention, reduces average CPU usage as well - if bucket is not set, when deleteObject fails make sure setPutObjHeaders() honors lifecycle only if bucket name is set. - fix top locks to list out always the oldest lockers always, avoid getting bogged down into map's unordered nature.
5 years ago
logging: Add subsystem to log API (#19002) Create new code paths for multiple subsystems in the code. This will make maintaing this easier later. Also introduce bugLogIf() for errors that should not happen in the first place.
1 year ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
fix: handle concurrent lockers with multiple optimizations (#10640) - select lockers which are non-local and online to have affinity towards remote servers for lock contention - optimize lock retry interval to avoid sending too many messages during lock contention, reduces average CPU usage as well - if bucket is not set, when deleteObject fails make sure setPutObjHeaders() honors lifecycle only if bucket name is set. - fix top locks to list out always the oldest lockers always, avoid getting bogged down into map's unordered nature.
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
use readConfig/saveConfig to simplify I/O on usage/tracker info (#14019)
4 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
Reduce the number of calls to import bucket metadata (#17899) For each bucket, save the bucket metadata once, call the site replication hook once
2 years ago
Revert "s3: Put bucket tagging to return an error when bucket is not found (#13232)" This reverts commit 91567ba91615b4f12a12de31d64c03a3bc20f706. Revert because the error was incorrectly converted, there are callers that rely on errConfigNotFound and it also took away the migration code. Instead the correct fix is PutBucketTaggingHandler() which is already added.
4 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
site replication: fix healing of bucket deletes. (#15377) This PR changes the handling of bucket deletes for site replicated setups to hold on to deleted bucket state until it syncs to all the clusters participating in site replication.
3 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
optimize startup sequence performance (#19009) - bucket metadata does not need to look for legacy things anymore if b.Created is non-zero - stagger bucket metadata loads across lots of nodes to avoid the current thundering herd problem. - Remove deadlines for RenameData, RenameFile - these calls should not ever be timed out and should wait until completion or wait for client timeout. Do not choose timeouts for applications during the WRITE phase. - increase R/W buffer size, increase maxMergeMessages to 30
1 year ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
optimize startup sequence performance (#19009) - bucket metadata does not need to look for legacy things anymore if b.Created is non-zero - stagger bucket metadata loads across lots of nodes to avoid the current thundering herd problem. - Remove deadlines for RenameData, RenameFile - these calls should not ever be timed out and should wait until completion or wait for client timeout. Do not choose timeouts for applications during the WRITE phase. - increase R/W buffer size, increase maxMergeMessages to 30
1 year ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
optimize startup sequence performance (#19009) - bucket metadata does not need to look for legacy things anymore if b.Created is non-zero - stagger bucket metadata loads across lots of nodes to avoid the current thundering herd problem. - Remove deadlines for RenameData, RenameFile - these calls should not ever be timed out and should wait until completion or wait for client timeout. Do not choose timeouts for applications during the WRITE phase. - increase R/W buffer size, increase maxMergeMessages to 30
1 year ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
Add support for site replication healing (#14572) heal bucket metadata and IAM entries for sites participating in site replication from the site with the most updated entry. Co-authored-by: Harshavardhana <harsha@minio.io> Co-authored-by: Aditya Manthramurthy <aditya@minio.io>
3 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
optimize startup sequence performance (#19009) - bucket metadata does not need to look for legacy things anymore if b.Created is non-zero - stagger bucket metadata loads across lots of nodes to avoid the current thundering herd problem. - Remove deadlines for RenameData, RenameFile - these calls should not ever be timed out and should wait until completion or wait for client timeout. Do not choose timeouts for applications during the WRITE phase. - increase R/W buffer size, increase maxMergeMessages to 30
1 year ago
Add support for site replication healing (#14572) heal bucket metadata and IAM entries for sites participating in site replication from the site with the most updated entry. Co-authored-by: Harshavardhana <harsha@minio.io> Co-authored-by: Aditya Manthramurthy <aditya@minio.io>
3 years ago
site replication: fix healing of bucket deletes. (#15377) This PR changes the handling of bucket deletes for site replicated setups to hold on to deleted bucket state until it syncs to all the clusters participating in site replication.
3 years ago
Add support for site replication healing (#14572) heal bucket metadata and IAM entries for sites participating in site replication from the site with the most updated entry. Co-authored-by: Harshavardhana <harsha@minio.io> Co-authored-by: Aditya Manthramurthy <aditya@minio.io>
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
Update to minio/pkg/v2 (#17967)
2 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
auto enable versioning with object locking (#9967) this is to preserve versioning for object-locked buckets from current release code.
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
Add support for server side bucket replication (#9882)
5 years ago
Rename replication target handler (#10142) Rename replication target handler to a generic bucket target handler
5 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
Add support for server side bucket replication (#9882)
5 years ago
Refactor replication target management. (#10154) Generalize replication target management so that remote targets for a bucket can be managed with ARNs. `mc admin bucket remote` command will be used to manage targets.
5 years ago
Add support for server side bucket replication (#9882)
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Allow etcd, cache setup to exit when starting gateway mode (#9842) - Initialize etcd once per call - Fail etcd, cache setup pro-actively for gateway setups - Support deleting/updating bucket notification, tagging, lifecycle, sse-encryption
5 years ago
Add support for server side bucket replication (#9882)
5 years ago
Rename replication target handler (#10142) Rename replication target handler to a generic bucket target handler
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
use readConfig/saveConfig to simplify I/O on usage/tracker info (#14019)
4 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
optimize startup sequence performance (#19009) - bucket metadata does not need to look for legacy things anymore if b.Created is non-zero - stagger bucket metadata loads across lots of nodes to avoid the current thundering herd problem. - Remove deadlines for RenameData, RenameFile - these calls should not ever be timed out and should wait until completion or wait for client timeout. Do not choose timeouts for applications during the WRITE phase. - increase R/W buffer size, increase maxMergeMessages to 30
1 year ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
cleanup ignored static analysis (#16767)
2 years ago
fix: allow FS mode situations when conflicting files exist (#10185) conflicting files can exist on FS at `.minio.sys/buckets/testbucket/policy.json/`, this is an expected valid scenario for FS mode allow it to work, i.e ignore and move forward
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
optimize startup sequence performance (#19009) - bucket metadata does not need to look for legacy things anymore if b.Created is non-zero - stagger bucket metadata loads across lots of nodes to avoid the current thundering herd problem. - Remove deadlines for RenameData, RenameFile - these calls should not ever be timed out and should wait until completion or wait for client timeout. Do not choose timeouts for applications during the WRITE phase. - increase R/W buffer size, increase maxMergeMessages to 30
1 year ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
fix: Delete() of bucket metadata should not parse the config (#15904)
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Allow etcd, cache setup to exit when starting gateway mode (#9842) - Initialize etcd once per call - Fail etcd, cache setup pro-actively for gateway setups - Support deleting/updating bucket notification, tagging, lifecycle, sse-encryption
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
keep bucket metadata fields to be consistent (#9660) added bonus reload bucket metadata always after a successful MakeBucket, current we were only doing it with object locking enabled.
5 years ago
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Add support for server side bucket replication (#9882)
5 years ago
Rename replication target handler (#10142) Rename replication target handler to a generic bucket target handler
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
site replication: fix healing of bucket deletes. (#15377) This PR changes the handling of bucket deletes for site replicated setups to hold on to deleted bucket state until it syncs to all the clusters participating in site replication.
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
use readConfig/saveConfig to simplify I/O on usage/tracker info (#14019)
4 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
logging: Add subsystem to log API (#19002) Create new code paths for multiple subsystems in the code. This will make maintaing this easier later. Also introduce bugLogIf() for errors that should not happen in the first place.
1 year ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Add support for site replication healing (#14572) heal bucket metadata and IAM entries for sites participating in site replication from the site with the most updated entry. Co-authored-by: Harshavardhana <harsha@minio.io> Co-authored-by: Aditya Manthramurthy <aditya@minio.io>
3 years ago
fix: for unexpected errors in reading versioning config panic (#14994) We need to make sure if we cannot read bucket metadata for some reason, and bucket metadata is not missing and returning corrupted information we should panic such handlers to disallow I/O to protect the overall state on the system. In-case of such corruption we have a mechanism now to force recreate the metadata on the bucket, using `x-minio-force-create` header with `PUT /bucket` API call. Additionally fix the versioning config updated state to be set properly for the site replication healing to trigger correctly.
3 years ago
Add support for site replication healing (#14572) heal bucket metadata and IAM entries for sites participating in site replication from the site with the most updated entry. Co-authored-by: Harshavardhana <harsha@minio.io> Co-authored-by: Aditya Manthramurthy <aditya@minio.io>
3 years ago
fix: for unexpected errors in reading versioning config panic (#14994) We need to make sure if we cannot read bucket metadata for some reason, and bucket metadata is not missing and returning corrupted information we should panic such handlers to disallow I/O to protect the overall state on the system. In-case of such corruption we have a mechanism now to force recreate the metadata on the bucket, using `x-minio-force-create` header with `PUT /bucket` API call. Additionally fix the versioning config updated state to be set properly for the site replication healing to trigger correctly.
3 years ago
Add updatedAt for GetBucketLifecycleConfig (#17271)
2 years ago
fix: for unexpected errors in reading versioning config panic (#14994) We need to make sure if we cannot read bucket metadata for some reason, and bucket metadata is not missing and returning corrupted information we should panic such handlers to disallow I/O to protect the overall state on the system. In-case of such corruption we have a mechanism now to force recreate the metadata on the bucket, using `x-minio-force-create` header with `PUT /bucket` API call. Additionally fix the versioning config updated state to be set properly for the site replication healing to trigger correctly.
3 years ago
bucket-metadata: Reload events/repl-targets for all buckets (#20334) Currently, the bucket events and replication targets are only reloaded with buckets that failed to load during the first cluster startup, which is wrong because if one bucket change was done in one node but that node was not able to notify other nodes; the other nodes will reload the bucket metadata config but fails to set the events and bucket targets in the memory.
11 months ago
Add support for site replication healing (#14572) heal bucket metadata and IAM entries for sites participating in site replication from the site with the most updated entry. Co-authored-by: Harshavardhana <harsha@minio.io> Co-authored-by: Aditya Manthramurthy <aditya@minio.io>
3 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
simplify further bucket configuration properly (#9650) This PR is a continuation from #9586, now the entire parsing logic is fully merged into bucket metadata sub-system, simplify the quota API further by reducing the remove quota handler implementation.
5 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
use readConfig/saveConfig to simplify I/O on usage/tracker info (#14019)
4 years ago
migrate all bucket metadata into a single file (#9586) this is a major overhaul by migrating off all bucket metadata related configs into a single object '.metadata.bin' this allows us for faster bootups across 1000's of buckets and as well as keeps the code simple enough for future work and additions. Additionally also fixes #9396, #9394
5 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
kms: add `context.Context` to KMS API calls (#15327) This commit adds a `context.Context` to the the KMS `{Stat, CreateKey, GenerateKey}` API calls. The context will be used to terminate external calls as soon as the client requests gets canceled. A follow-up PR will add a `context.Context` to the remaining `DecryptKey` API call. Signed-off-by: Andreas Auernhammer <hi@aead.dev>
3 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
kms: add `context.Context` to KMS API calls (#15327) This commit adds a `context.Context` to the the KMS `{Stat, CreateKey, GenerateKey}` API calls. The context will be used to terminate external calls as soon as the client requests gets canceled. A follow-up PR will add a `context.Context` to the remaining `DecryptKey` API call. Signed-off-by: Andreas Auernhammer <hi@aead.dev>
3 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package.
4 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
kms: add support for MinKMS and remove some unused/broken code (#19368) This commit adds support for MinKMS. Now, there are three KMS implementations in `internal/kms`: Builtin, MinIO KES and MinIO KMS. Adding another KMS integration required some cleanup. In particular: - Various KMS APIs that haven't been and are not used have been removed. A lot of the code was broken anyway. - Metrics are now monitored by the `kms.KMS` itself. For basic metrics this is simpler than collecting metrics for external servers. In particular, each KES server returns its own metrics and no cluster-level view. - The builtin KMS now uses the same en/decryption implemented by MinKMS and KES. It still supports decryption of the previous ciphertext format. It's backwards compatible. - Data encryption keys now include a master key version since MinKMS supports multiple versions (~4 billion in total and 10000 concurrent) per key name. Signed-off-by: Andreas Auernhammer <github@aead.dev>
1 year ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
Various improvements in replication (#11949) - collect real time replication metrics for prometheus. - add pending_count, failed_count metric for total pending/failed replication operations. - add API to get replication metrics - add MRF worker to handle spill-over replication operations - multiple issues found with replication - fixes an issue when client sends a bucket name with `/` at the end from SetRemoteTarget API call make sure to trim the bucket name to avoid any extra `/`. - hold write locks in GetObjectNInfo during replication to ensure that object version stack is not overwritten while reading the content. - add additional protection during WriteMetadata() to ensure that we always write a valid FileInfo{} and avoid ever writing empty FileInfo{} to the lowest layers. Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io> Co-authored-by: Harshavardhana <harsha@minio.io>
4 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package.
4 years ago
fips: simplify TLS configuration (#15127) This commit simplifies the TLS configuration. It inlines the FIPS / non-FIPS code. Signed-off-by: Andreas Auernhammer <hi@aead.dev>
3 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
introduce new package pkg/kms (#12019) This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package.
4 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
kms: add support for MinKMS and remove some unused/broken code (#19368) This commit adds support for MinKMS. Now, there are three KMS implementations in `internal/kms`: Builtin, MinIO KES and MinIO KMS. Adding another KMS integration required some cleanup. In particular: - Various KMS APIs that haven't been and are not used have been removed. A lot of the code was broken anyway. - Metrics are now monitored by the `kms.KMS` itself. For basic metrics this is simpler than collecting metrics for external servers. In particular, each KES server returns its own metrics and no cluster-level view. - The builtin KMS now uses the same en/decryption implemented by MinKMS and KES. It still supports decryption of the previous ciphertext format. It's backwards compatible. - Data encryption keys now include a master key version since MinKMS supports multiple versions (~4 billion in total and 10000 concurrent) per key name. Signed-off-by: Andreas Auernhammer <github@aead.dev>
1 year ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
Various improvements in replication (#11949) - collect real time replication metrics for prometheus. - add pending_count, failed_count metric for total pending/failed replication operations. - add API to get replication metrics - add MRF worker to handle spill-over replication operations - multiple issues found with replication - fixes an issue when client sends a bucket name with `/` at the end from SetRemoteTarget API call make sure to trim the bucket name to avoid any extra `/`. - hold write locks in GetObjectNInfo during replication to ensure that object version stack is not overwritten while reading the content. - add additional protection during WriteMetadata() to ensure that we always write a valid FileInfo{} and avoid ever writing empty FileInfo{} to the lowest layers. Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io> Co-authored-by: Harshavardhana <harsha@minio.io>
4 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
fips: simplify TLS configuration (#15127) This commit simplifies the TLS configuration. It inlines the FIPS / non-FIPS code. Signed-off-by: Andreas Auernhammer <hi@aead.dev>
3 years ago
Encrypt remote target if kms is configured (#11034) Co-authored-by: Poorna Krishnamoorthy <poorna@minio.io>
5 years ago
  1. // Copyright (c) 2015-2021 MinIO, Inc.
  2. //
  3. // This file is part of MinIO Object Storage stack
  4. //
  5. // This program is free software: you can redistribute it and/or modify
  6. // it under the terms of the GNU Affero General Public License as published by
  7. // the Free Software Foundation, either version 3 of the License, or
  8. // (at your option) any later version.
  9. //
  10. // This program is distributed in the hope that it will be useful
  11. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. // GNU Affero General Public License for more details.
  14. //
  15. // You should have received a copy of the GNU Affero General Public License
  16. // along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. package cmd
  20. import (
  21. "bytes"
  22. "context"
  23. "crypto/rand"
  24. "encoding/binary"
  25. "encoding/json"
  26. "encoding/xml"
  27. "errors"
  28. "fmt"
  29. "path"
  30. "time"
  32. "github.com/minio/madmin-go/v3"
  33. "github.com/minio/minio-go/v7/pkg/tags"
  34. bucketsse "github.com/minio/minio/internal/bucket/encryption"
  35. "github.com/minio/minio/internal/bucket/lifecycle"
  36. objectlock "github.com/minio/minio/internal/bucket/object/lock"
  37. "github.com/minio/minio/internal/bucket/replication"
  38. "github.com/minio/minio/internal/bucket/versioning"
  39. "github.com/minio/minio/internal/crypto"
  40. "github.com/minio/minio/internal/event"
  41. "github.com/minio/minio/internal/fips"
  42. "github.com/minio/minio/internal/kms"
  43. "github.com/minio/minio/internal/logger"
  44. "github.com/minio/pkg/v3/policy"
  45. "github.com/minio/sio"
  46. )
  48. const (
  49. legacyBucketObjectLockEnabledConfigFile = "object-lock-enabled.json"
  50. legacyBucketObjectLockEnabledConfig = `{"x-amz-bucket-object-lock-enabled":true}`
  52. bucketMetadataFile = ".metadata.bin"
  53. bucketMetadataFormat = 1
  54. bucketMetadataVersion = 1
  55. )
  57. var (
  58. enabledBucketObjectLockConfig = []byte(`<ObjectLockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><ObjectLockEnabled>Enabled</ObjectLockEnabled></ObjectLockConfiguration>`)
  59. enabledBucketVersioningConfig = []byte(`<VersioningConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Status>Enabled</Status></VersioningConfiguration>`)
  60. )
  62. //go:generate msgp -file $GOFILE
  64. // BucketMetadata contains bucket metadata.
  65. // When adding/removing fields, regenerate the marshal code using the go generate above.
  66. // Only changing meaning of fields requires a version bump.
  67. // bucketMetadataFormat refers to the format.
  68. // bucketMetadataVersion can be used to track a rolling upgrade of a field.
  69. type BucketMetadata struct {
  70. Name string
  71. Created time.Time
  72. LockEnabled bool // legacy not used anymore.
  73. PolicyConfigJSON []byte
  74. NotificationConfigXML []byte
  75. LifecycleConfigXML []byte
  76. ObjectLockConfigXML []byte
  77. VersioningConfigXML []byte
  78. EncryptionConfigXML []byte
  79. TaggingConfigXML []byte
  80. QuotaConfigJSON []byte
  81. ReplicationConfigXML []byte
  82. BucketTargetsConfigJSON []byte
  83. BucketTargetsConfigMetaJSON []byte
  85. PolicyConfigUpdatedAt time.Time
  86. ObjectLockConfigUpdatedAt time.Time
  87. EncryptionConfigUpdatedAt time.Time
  88. TaggingConfigUpdatedAt time.Time
  89. QuotaConfigUpdatedAt time.Time
  90. ReplicationConfigUpdatedAt time.Time
  91. VersioningConfigUpdatedAt time.Time
  92. LifecycleConfigUpdatedAt time.Time
  93. NotificationConfigUpdatedAt time.Time
  94. BucketTargetsConfigUpdatedAt time.Time
  95. BucketTargetsConfigMetaUpdatedAt time.Time
  96. // Add a new UpdatedAt field and update lastUpdate function
  98. // Unexported fields. Must be updated atomically.
  99. policyConfig *policy.BucketPolicy
  100. notificationConfig *event.Config
  101. lifecycleConfig *lifecycle.Lifecycle
  102. objectLockConfig *objectlock.Config
  103. versioningConfig *versioning.Versioning
  104. sseConfig *bucketsse.BucketSSEConfig
  105. taggingConfig *tags.Tags
  106. quotaConfig *madmin.BucketQuota
  107. replicationConfig *replication.Config
  108. bucketTargetConfig *madmin.BucketTargets
  109. bucketTargetConfigMeta map[string]string
  110. }
  112. // newBucketMetadata creates BucketMetadata with the supplied name and Created to Now.
  113. func newBucketMetadata(name string) BucketMetadata {
  114. return BucketMetadata{
  115. Name: name,
  116. notificationConfig: &event.Config{
  117. XMLNS: "http://s3.amazonaws.com/doc/2006-03-01/",
  118. },
  119. quotaConfig: &madmin.BucketQuota{},
  120. versioningConfig: &versioning.Versioning{
  121. XMLNS: "http://s3.amazonaws.com/doc/2006-03-01/",
  122. },
  123. bucketTargetConfig: &madmin.BucketTargets{},
  124. bucketTargetConfigMeta: make(map[string]string),
  125. }
  126. }
  128. // Return the last update of this bucket metadata, which
  129. // means, the last update of any policy document.
  130. func (b BucketMetadata) lastUpdate() (t time.Time) {
  131. if b.PolicyConfigUpdatedAt.After(t) {
  132. t = b.PolicyConfigUpdatedAt
  133. }
  134. if b.ObjectLockConfigUpdatedAt.After(t) {
  135. t = b.ObjectLockConfigUpdatedAt
  136. }
  137. if b.EncryptionConfigUpdatedAt.After(t) {
  138. t = b.EncryptionConfigUpdatedAt
  139. }
  140. if b.TaggingConfigUpdatedAt.After(t) {
  141. t = b.TaggingConfigUpdatedAt
  142. }
  143. if b.QuotaConfigUpdatedAt.After(t) {
  144. t = b.QuotaConfigUpdatedAt
  145. }
  146. if b.ReplicationConfigUpdatedAt.After(t) {
  147. t = b.ReplicationConfigUpdatedAt
  148. }
  149. if b.VersioningConfigUpdatedAt.After(t) {
  150. t = b.VersioningConfigUpdatedAt
  151. }
  152. if b.LifecycleConfigUpdatedAt.After(t) {
  153. t = b.LifecycleConfigUpdatedAt
  154. }
  155. if b.NotificationConfigUpdatedAt.After(t) {
  156. t = b.NotificationConfigUpdatedAt
  157. }
  158. if b.BucketTargetsConfigUpdatedAt.After(t) {
  159. t = b.BucketTargetsConfigUpdatedAt
  160. }
  161. if b.BucketTargetsConfigMetaUpdatedAt.After(t) {
  162. t = b.BucketTargetsConfigMetaUpdatedAt
  163. }
  165. return
  166. }
  168. // Versioning returns true if versioning is enabled
  169. func (b BucketMetadata) Versioning() bool {
  170. return b.LockEnabled || (b.versioningConfig != nil && b.versioningConfig.Enabled()) || (b.objectLockConfig != nil && b.objectLockConfig.Enabled())
  171. }
  173. // ObjectLocking returns true if object locking is enabled
  174. func (b BucketMetadata) ObjectLocking() bool {
  175. return b.LockEnabled || (b.objectLockConfig != nil && b.objectLockConfig.Enabled())
  176. }
  178. // SetCreatedAt preserves the CreatedAt time for bucket across sites in site replication. It defaults to
  179. // creation time of bucket on this cluster in all other cases.
  180. func (b *BucketMetadata) SetCreatedAt(createdAt time.Time) {
  181. if b.Created.IsZero() {
  182. b.Created = UTCNow()
  183. }
  184. if !createdAt.IsZero() {
  185. b.Created = createdAt.UTC()
  186. }
  187. }
  189. // Load - loads the metadata of bucket by name from ObjectLayer api.
  190. // If an error is returned the returned metadata will be default initialized.
  191. func readBucketMetadata(ctx context.Context, api ObjectLayer, name string) (BucketMetadata, error) {
  192. if name == "" {
  193. internalLogIf(ctx, errors.New("bucket name cannot be empty"), logger.WarningKind)
  194. return BucketMetadata{}, errInvalidArgument
  195. }
  196. b := newBucketMetadata(name)
  197. configFile := path.Join(bucketMetaPrefix, name, bucketMetadataFile)
  198. data, err := readConfig(ctx, api, configFile)
  199. if err != nil {
  200. return b, err
  201. }
  202. if len(data) <= 4 {
  203. return b, fmt.Errorf("loadBucketMetadata: no data")
  204. }
  205. // Read header
  206. switch binary.LittleEndian.Uint16(data[0:2]) {
  207. case bucketMetadataFormat:
  208. default:
  209. return b, fmt.Errorf("loadBucketMetadata: unknown format: %d", binary.LittleEndian.Uint16(data[0:2]))
  210. }
  211. switch binary.LittleEndian.Uint16(data[2:4]) {
  212. case bucketMetadataVersion:
  213. default:
  214. return b, fmt.Errorf("loadBucketMetadata: unknown version: %d", binary.LittleEndian.Uint16(data[2:4]))
  215. }
  216. _, err = b.UnmarshalMsg(data[4:])
  217. return b, err
  218. }
  220. func loadBucketMetadataParse(ctx context.Context, objectAPI ObjectLayer, bucket string, parse bool) (BucketMetadata, error) {
  221. b, err := readBucketMetadata(ctx, objectAPI, bucket)
  222. b.Name = bucket // in-case parsing failed for some reason, make sure bucket name is not empty.
  223. if err != nil && !errors.Is(err, errConfigNotFound) {
  224. return b, err
  225. }
  226. if err == nil {
  227. b.defaultTimestamps()
  228. }
  230. // If bucket metadata is missing look for legacy files,
  231. // since we only ever had b.Created as non-zero when
  232. // migration was complete in 2020-May release. So this
  233. // a check to avoid migrating for buckets that already
  234. // have this field set.
  235. if b.Created.IsZero() {
  236. configs, err := b.getAllLegacyConfigs(ctx, objectAPI)
  237. if err != nil {
  238. return b, err
  239. }
  241. if len(configs) > 0 {
  242. // Old bucket without bucket metadata. Hence we migrate existing settings.
  243. if err = b.convertLegacyConfigs(ctx, objectAPI, configs); err != nil {
  244. return b, err
  245. }
  246. }
  247. }
  249. if parse {
  250. // nothing to update, parse and proceed.
  251. if err = b.parseAllConfigs(ctx, objectAPI); err != nil {
  252. return b, err
  253. }
  254. }
  256. // migrate unencrypted remote targets
  257. if err = b.migrateTargetConfig(ctx, objectAPI); err != nil {
  258. return b, err
  259. }
  261. return b, nil
  262. }
  264. // loadBucketMetadata loads and migrates to bucket metadata.
  265. func loadBucketMetadata(ctx context.Context, objectAPI ObjectLayer, bucket string) (BucketMetadata, error) {
  266. return loadBucketMetadataParse(ctx, objectAPI, bucket, true)
  267. }
  269. // parseAllConfigs will parse all configs and populate the private fields.
  270. // The first error encountered is returned.
  271. func (b *BucketMetadata) parseAllConfigs(ctx context.Context, objectAPI ObjectLayer) (err error) {
  272. if len(b.PolicyConfigJSON) != 0 {
  273. b.policyConfig, err = policy.ParseBucketPolicyConfig(bytes.NewReader(b.PolicyConfigJSON), b.Name)
  274. if err != nil {
  275. return err
  276. }
  277. } else {
  278. b.policyConfig = nil
  279. }
  281. if len(b.NotificationConfigXML) != 0 {
  282. if err = xml.Unmarshal(b.NotificationConfigXML, b.notificationConfig); err != nil {
  283. return err
  284. }
  285. }
  287. if len(b.LifecycleConfigXML) != 0 {
  288. b.lifecycleConfig, err = lifecycle.ParseLifecycleConfig(bytes.NewReader(b.LifecycleConfigXML))
  289. if err != nil {
  290. return err
  291. }
  292. } else {
  293. b.lifecycleConfig = nil
  294. }
  296. if len(b.EncryptionConfigXML) != 0 {
  297. b.sseConfig, err = bucketsse.ParseBucketSSEConfig(bytes.NewReader(b.EncryptionConfigXML))
  298. if err != nil {
  299. return err
  300. }
  301. } else {
  302. b.sseConfig = nil
  303. }
  305. if len(b.TaggingConfigXML) != 0 {
  306. b.taggingConfig, err = tags.ParseBucketXML(bytes.NewReader(b.TaggingConfigXML))
  307. if err != nil {
  308. return err
  309. }
  310. } else {
  311. b.taggingConfig = nil
  312. }
  314. if bytes.Equal(b.ObjectLockConfigXML, enabledBucketObjectLockConfig) {
  315. b.VersioningConfigXML = enabledBucketVersioningConfig
  316. }
  318. if len(b.ObjectLockConfigXML) != 0 {
  319. b.objectLockConfig, err = objectlock.ParseObjectLockConfig(bytes.NewReader(b.ObjectLockConfigXML))
  320. if err != nil {
  321. return err
  322. }
  323. } else {
  324. b.objectLockConfig = nil
  325. }
  327. if len(b.VersioningConfigXML) != 0 {
  328. b.versioningConfig, err = versioning.ParseConfig(bytes.NewReader(b.VersioningConfigXML))
  329. if err != nil {
  330. return err
  331. }
  332. }
  334. if len(b.QuotaConfigJSON) != 0 {
  335. b.quotaConfig, err = parseBucketQuota(b.Name, b.QuotaConfigJSON)
  336. if err != nil {
  337. return err
  338. }
  339. }
  341. if len(b.ReplicationConfigXML) != 0 {
  342. b.replicationConfig, err = replication.ParseConfig(bytes.NewReader(b.ReplicationConfigXML))
  343. if err != nil {
  344. return err
  345. }
  346. } else {
  347. b.replicationConfig = nil
  348. }
  350. if len(b.BucketTargetsConfigJSON) != 0 {
  351. b.bucketTargetConfig, err = parseBucketTargetConfig(b.Name, b.BucketTargetsConfigJSON, b.BucketTargetsConfigMetaJSON)
  352. if err != nil {
  353. return err
  354. }
  355. } else {
  356. b.bucketTargetConfig = &madmin.BucketTargets{}
  357. }
  358. return nil
  359. }
  361. func (b *BucketMetadata) getAllLegacyConfigs(ctx context.Context, objectAPI ObjectLayer) (map[string][]byte, error) {
  362. legacyConfigs := []string{
  363. legacyBucketObjectLockEnabledConfigFile,
  364. bucketPolicyConfig,
  365. bucketNotificationConfig,
  366. bucketLifecycleConfig,
  367. bucketQuotaConfigFile,
  368. bucketSSEConfig,
  369. bucketTaggingConfig,
  370. bucketReplicationConfig,
  371. bucketTargetsFile,
  372. objectLockConfig,
  373. }
  375. configs := make(map[string][]byte, len(legacyConfigs))
  377. // Handle migration from lockEnabled to newer format.
  378. if b.LockEnabled {
  379. configs[objectLockConfig] = enabledBucketObjectLockConfig
  380. b.LockEnabled = false // legacy value unset it
  381. // we are only interested in b.ObjectLockConfigXML or objectLockConfig value
  382. }
  384. for _, legacyFile := range legacyConfigs {
  385. configFile := path.Join(bucketMetaPrefix, b.Name, legacyFile)
  387. configData, info, err := readConfigWithMetadata(ctx, objectAPI, configFile, ObjectOptions{})
  388. if err != nil {
  389. if _, ok := err.(ObjectExistsAsDirectory); ok {
  390. // in FS mode it possible that we have actual
  391. // files in this folder with `.minio.sys/buckets/bucket/configFile`
  392. continue
  393. }
  394. if errors.Is(err, errConfigNotFound) {
  395. // legacy file config not found, proceed to look for new metadata.
  396. continue
  397. }
  399. return nil, err
  400. }
  401. configs[legacyFile] = configData
  402. b.Created = info.ModTime
  403. }
  405. return configs, nil
  406. }
  408. func (b *BucketMetadata) convertLegacyConfigs(ctx context.Context, objectAPI ObjectLayer, configs map[string][]byte) error {
  409. for legacyFile, configData := range configs {
  410. switch legacyFile {
  411. case legacyBucketObjectLockEnabledConfigFile:
  412. if string(configData) == legacyBucketObjectLockEnabledConfig {
  413. b.ObjectLockConfigXML = enabledBucketObjectLockConfig
  414. b.VersioningConfigXML = enabledBucketVersioningConfig
  415. b.LockEnabled = false // legacy value unset it
  416. // we are only interested in b.ObjectLockConfigXML
  417. }
  418. case bucketPolicyConfig:
  419. b.PolicyConfigJSON = configData
  420. case bucketNotificationConfig:
  421. b.NotificationConfigXML = configData
  422. case bucketLifecycleConfig:
  423. b.LifecycleConfigXML = configData
  424. case bucketSSEConfig:
  425. b.EncryptionConfigXML = configData
  426. case bucketTaggingConfig:
  427. b.TaggingConfigXML = configData
  428. case objectLockConfig:
  429. b.ObjectLockConfigXML = configData
  430. b.VersioningConfigXML = enabledBucketVersioningConfig
  431. case bucketQuotaConfigFile:
  432. b.QuotaConfigJSON = configData
  433. case bucketReplicationConfig:
  434. b.ReplicationConfigXML = configData
  435. case bucketTargetsFile:
  436. b.BucketTargetsConfigJSON = configData
  437. }
  438. }
  439. b.defaultTimestamps()
  441. if err := b.Save(ctx, objectAPI); err != nil {
  442. return err
  443. }
  445. for legacyFile := range configs {
  446. configFile := path.Join(bucketMetaPrefix, b.Name, legacyFile)
  447. if err := deleteConfig(ctx, objectAPI, configFile); err != nil && !errors.Is(err, errConfigNotFound) {
  448. internalLogIf(ctx, err, logger.WarningKind)
  449. }
  450. }
  452. return nil
  453. }
  455. // default timestamps to metadata Created timestamp if unset.
  456. func (b *BucketMetadata) defaultTimestamps() {
  457. if b.PolicyConfigUpdatedAt.IsZero() {
  458. b.PolicyConfigUpdatedAt = b.Created
  459. }
  461. if b.EncryptionConfigUpdatedAt.IsZero() {
  462. b.EncryptionConfigUpdatedAt = b.Created
  463. }
  465. if b.TaggingConfigUpdatedAt.IsZero() {
  466. b.TaggingConfigUpdatedAt = b.Created
  467. }
  469. if b.ObjectLockConfigUpdatedAt.IsZero() {
  470. b.ObjectLockConfigUpdatedAt = b.Created
  471. }
  473. if b.QuotaConfigUpdatedAt.IsZero() {
  474. b.QuotaConfigUpdatedAt = b.Created
  475. }
  477. if b.ReplicationConfigUpdatedAt.IsZero() {
  478. b.ReplicationConfigUpdatedAt = b.Created
  479. }
  481. if b.VersioningConfigUpdatedAt.IsZero() {
  482. b.VersioningConfigUpdatedAt = b.Created
  483. }
  485. if b.LifecycleConfigUpdatedAt.IsZero() {
  486. b.LifecycleConfigUpdatedAt = b.Created
  487. }
  489. if b.NotificationConfigUpdatedAt.IsZero() {
  490. b.NotificationConfigUpdatedAt = b.Created
  491. }
  493. if b.BucketTargetsConfigUpdatedAt.IsZero() {
  494. b.BucketTargetsConfigUpdatedAt = b.Created
  495. }
  497. if b.BucketTargetsConfigMetaUpdatedAt.IsZero() {
  498. b.BucketTargetsConfigMetaUpdatedAt = b.Created
  499. }
  500. }
  502. // Save config to supplied ObjectLayer api.
  503. func (b *BucketMetadata) Save(ctx context.Context, api ObjectLayer) error {
  504. if err := b.parseAllConfigs(ctx, api); err != nil {
  505. return err
  506. }
  508. data := make([]byte, 4, b.Msgsize()+4)
  510. // Initialize the header.
  511. binary.LittleEndian.PutUint16(data[0:2], bucketMetadataFormat)
  512. binary.LittleEndian.PutUint16(data[2:4], bucketMetadataVersion)
  514. // Marshal the bucket metadata
  515. data, err := b.MarshalMsg(data)
  516. if err != nil {
  517. return err
  518. }
  520. configFile := path.Join(bucketMetaPrefix, b.Name, bucketMetadataFile)
  521. return saveConfig(ctx, api, configFile, data)
  522. }
  524. // migrate config for remote targets by encrypting data if currently unencrypted and kms is configured.
  525. func (b *BucketMetadata) migrateTargetConfig(ctx context.Context, objectAPI ObjectLayer) error {
  526. var err error
  527. // early return if no targets or already encrypted
  528. if len(b.BucketTargetsConfigJSON) == 0 || GlobalKMS == nil || len(b.BucketTargetsConfigMetaJSON) != 0 {
  529. return nil
  530. }
  532. encBytes, metaBytes, err := encryptBucketMetadata(ctx, b.Name, b.BucketTargetsConfigJSON, kms.Context{b.Name: b.Name, bucketTargetsFile: bucketTargetsFile})
  533. if err != nil {
  534. return err
  535. }
  537. b.BucketTargetsConfigJSON = encBytes
  538. b.BucketTargetsConfigMetaJSON = metaBytes
  539. return b.Save(ctx, objectAPI)
  540. }
  542. // encrypt bucket metadata if kms is configured.
  543. func encryptBucketMetadata(ctx context.Context, bucket string, input []byte, kmsContext kms.Context) (output, metabytes []byte, err error) {
  544. if GlobalKMS == nil {
  545. output = input
  546. return
  547. }
  549. metadata := make(map[string]string)
  550. key, err := GlobalKMS.GenerateKey(ctx, &kms.GenerateKeyRequest{AssociatedData: kmsContext})
  551. if err != nil {
  552. return
  553. }
  555. outbuf := bytes.NewBuffer(nil)
  556. objectKey := crypto.GenerateKey(key.Plaintext, rand.Reader)
  557. sealedKey := objectKey.Seal(key.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, "")
  558. crypto.S3.CreateMetadata(metadata, key.KeyID, key.Ciphertext, sealedKey)
  559. _, err = sio.Encrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20, CipherSuites: fips.DARECiphers()})
  560. if err != nil {
  561. return output, metabytes, err
  562. }
  563. metabytes, err = json.Marshal(metadata)
  564. if err != nil {
  565. return
  566. }
  567. return outbuf.Bytes(), metabytes, nil
  568. }
  570. // decrypt bucket metadata if kms is configured.
  571. func decryptBucketMetadata(input []byte, bucket string, meta map[string]string, kmsContext kms.Context) ([]byte, error) {
  572. if GlobalKMS == nil {
  573. return nil, errKMSNotConfigured
  574. }
  575. keyID, kmsKey, sealedKey, err := crypto.S3.ParseMetadata(meta)
  576. if err != nil {
  577. return nil, err
  578. }
  579. extKey, err := GlobalKMS.Decrypt(context.TODO(), &kms.DecryptRequest{
  580. Name: keyID,
  581. Ciphertext: kmsKey,
  582. AssociatedData: kmsContext,
  583. })
  584. if err != nil {
  585. return nil, err
  586. }
  587. var objectKey crypto.ObjectKey
  588. if err = objectKey.Unseal(extKey, sealedKey, crypto.S3.String(), bucket, ""); err != nil {
  589. return nil, err
  590. }
  592. outbuf := bytes.NewBuffer(nil)
  593. _, err = sio.Decrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20, CipherSuites: fips.DARECiphers()})
  594. return outbuf.Bytes(), err
  595. }