mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2026-06-13 23:36:45 +03:00
Chris Lu
2458f6c81c
* feat(s3api): apply lifecycle TTL at write time The S3 server already has the bucket's lifecycle XML at PUT time (via the cached BucketConfig), so volume-TTL routing is just a per-write decision instead of something that needs a separate filer.conf projection kept in sync via operator commands. - BucketConfig caches the canonical Rules parsed from the lifecycle XML once on load (BucketConfigCache invalidates on Put/Delete Lifecycle, so the rules stay current automatically). - resolveLifecycleTTLForWrite walks the cached rules: longest-prefix match, applies tag and size filters against the request, returns Days * 86400. Versioned buckets, non-Expiration.Days rules, and unevaluable size filters (no Content-Length) yield 0 — the lifecycle worker handles those at scan time. - putToFiler resolves TTL once and passes it through both the AssignVolumeRequest (so chunks land on a TTL volume) and the new entry's Attributes.TtlSec (so the filer's RocksDB compaction also expires the metadata). Lifecycle XML PUT/DELETE now influences write routing immediately — no operator command, no filer.conf bookkeeping. The lifecycle worker remains authoritative for the cases the fast path can't cover (existing objects via bootstrap, versioned buckets, noncurrent retention, abort-MPU, tag/size filters that didn't hold at PUT time). CompleteMultipartUpload and CopyObject still need wiring; left for follow-ups so this PR stays scoped. * perf(s3api): pre-filter and sort lifecycle rules for the per-PUT TTL walk resolveLifecycleTTLForWrite walked every lifecycle rule on every PutObject, including disabled / non-Expiration.Days rules that could never fire on the fast path, and computed "longest prefix wins" via a running max instead of an early exit. Cache a pre-filtered + pre-sorted slice in BucketConfig: - buildTTLFastPathRules drops everything except Status=Enabled + ExpirationDays>0; - sorts by descending prefix length (stable, so equal-length rules keep their XML order). The resolver returns on first prefix+filter match. A bucket whose lifecycle XML has no Expiration.Days rules is now O(1); a typical bucket with one Expiration.Days rule walks one HasPrefix per PUT. The cache is built once per bucket-config load. PutBucketLifecycle / DeleteBucketLifecycle already invalidate the cache, so the fast-path slice stays current automatically. * refactor(s3api): LifecycleTTLResolver object + four review fixes Pulls the per-PUT TTL resolution into a dedicated type so the bucket config holds one object instead of a slice + magic-walk function: - LifecycleTTLResolver wraps the pre-filtered, pre-sorted rules. nil-safe Resolve so the call site doesn't have to special-case buckets with no eligible rules. Four review findings: 1. (high) drop tag-filtered rules from the fast path. Tags are mutable post-PUT via PutObjectTagging but volume TTL is irreversible — an object that matched at write time would still expire after the tag was removed. Worker re-evaluates current tags at scan time. Fast path now keeps only stable predicates: prefix and size. 2. (high) move TTL resolution out of putToFiler. MPU parts, copy-part destinations, and other transient writes called putToFiler with object="" — bucket-wide rules (empty Prefix) matched and bound a TTL clock starting at part-upload time, before CompleteMultipartUpload existed. putToFiler now takes an explicit ttlSec parameter; only the user-visible PutObject paths (PutObjectHandler, postpolicy) feed it from the resolver. MPU and copy-part pass 0. 3. (medium) AWS overlapping-rule precedence is "shorter expiration wins", not "longest prefix wins". Sort by ExpirationDays ascending so the first prefix match is also the shortest applicable rule. 4. (medium) overflow no longer caps at math.MaxInt32 seconds (~68y). A longer policy would have expired early. Return 0 instead so the worker enforces the actual policy on its own schedule. Versioning gate moves into the resolver constructor — versioned buckets get a nil resolver. The five putToFiler callers all updated: PutObjectHandler + postpolicy resolve via lifecycleTTLForObjectWrite, suspended/versioned wrappers pass 0 by construction, MPU part and copy-part SSE pass 0 with a one-line comment about why. * refactor(s3api): drop unused BucketConfig.LifecycleRules field The full canonical rule set was set on every bucket-config load but never read — resolveLifecycleTTLForWrite worked off the resolver's filtered slice, and the lifecycle worker reads bucket entries straight off the meta-log instead of this cache. Remove the field and its s3lifecycle import. * perf(s3api): pre-compute LifecycleTTLResolver hot-path fields Resolve was doing per-call work that's actually constant per bucket- config load: int64 multiplication, max-int32 overflow check, field indirections through *s3lifecycle.Rule. Move it to the constructor and pack the rule into a compact ttlRule (prefix + ttlSec int32 + sizeGT/sizeLT) so the inner loop is HasPrefix → optional size check → return. Drop overflowing rules at construction rather than handling per- resolve: capping would expire long policies early, and returning 0 in the inner loop would prevent any shorter overlapping rule from firing. Drop-at-construction composes correctly with the ascending sort. Benchmarks (Apple M4): NilReceiver 0.99 ns/op 0 B/op OneRuleMatching 2.75 ns/op 0 B/op FiveRulesNoMatch 13.5 ns/op 0 B/op * fix(s3api): refresh LifecycleTTL resolver on bucket-config update storeBucketLifecycleConfiguration writes to Entry.Extended via updateBucketConfig, which clones the cached BucketConfig and calls the user fn, then caches the result. The clone inherits the prior LifecycleTTL pointer and nothing rebuilt it from the new XML, so add/replace/delete of a lifecycle policy left the wrong resolver in cache until eviction. Same gap on the meta-log side: peer-driven updates flowed through updateBucketConfigCacheFromEntry without re-deriving the resolver. Centralize the Entry -> derived-field mapping in one helper that resets every Extended-backed field then repopulates from the entry, and call it from getBucketConfig (initial load), updateBucketConfig (after updateEntry succeeds, before caching), and updateBucketConfigCacheFromEntry (meta-log path). Reset is the load-bearing part: deleting the lifecycle XML must yield a nil resolver, since stamping a stale TTL onto subsequent writes is irreversible. * fix(s3api): PostPolicy passes object size, not multipart wire size lifecycleTTLForObjectWrite was reading r.ContentLength, which on the PostPolicy path is the multipart envelope (form fields + boundaries), not the uploaded object body. A size-filtered rule would evaluate against that inflated total and stamp (or skip) a TTL the policy didn't intend. Take the object size as an explicit parameter. PutObject still passes r.ContentLength (correct there); PostPolicy passes the fileSize already extracted from the form part. Negative size means unknown and continues to skip any size-filtered rule. * fix(s3api): treat Object Lock as versioned for lifecycle TTL fast path Object Lock requires versioning at the API level, but it can be enabled at create time without S3 ever writing the explicit Versioning header. The lifecycle resolver construction site only checked Versioning, so an Object-Lock bucket with no Versioning byte would still get a fast-path resolver and stamp volume TTL onto writes — destroying noncurrent versions when the volume expires. Mirror the OR already used in BucketIsVersioned: ObjectLockConfig non-nil counts as versioned for resolver construction. Existing explicit-Versioning paths are unchanged.
263 lines
9.9 KiB
Go
263 lines
9.9 KiB
Go
package s3api
|
|
|
|
import (
|
|
"math"
|
|
"testing"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3lifecycle"
|
|
)
|
|
|
|
func enabledRule(prefix string, days int) *s3lifecycle.Rule {
|
|
return &s3lifecycle.Rule{
|
|
ID: "r-" + prefix,
|
|
Status: s3lifecycle.StatusEnabled,
|
|
Prefix: prefix,
|
|
ExpirationDays: days,
|
|
}
|
|
}
|
|
|
|
func mustResolver(t *testing.T, rules ...*s3lifecycle.Rule) *LifecycleTTLResolver {
|
|
t.Helper()
|
|
return NewLifecycleTTLResolver(rules, false)
|
|
}
|
|
|
|
func TestNewLifecycleTTLResolver_NilOnEmpty(t *testing.T) {
|
|
if got := NewLifecycleTTLResolver(nil, false); got != nil {
|
|
t.Fatalf("nil rules → resolver=%v, want nil", got)
|
|
}
|
|
if got := NewLifecycleTTLResolver([]*s3lifecycle.Rule{}, false); got != nil {
|
|
t.Fatalf("empty rules → resolver=%v, want nil", got)
|
|
}
|
|
}
|
|
|
|
func TestNewLifecycleTTLResolver_NilOnVersionedBucket(t *testing.T) {
|
|
// Versioned buckets cannot use volume TTL — TTL volumes destroy
|
|
// noncurrent versions as a unit. Resolver collapses to nil so the
|
|
// PUT path's nil-receiver Resolve returns 0 without checking flags.
|
|
rules := []*s3lifecycle.Rule{enabledRule("logs/", 7)}
|
|
if got := NewLifecycleTTLResolver(rules, true); got != nil {
|
|
t.Fatalf("versioned bucket → resolver=%v, want nil", got)
|
|
}
|
|
}
|
|
|
|
func TestNewLifecycleTTLResolver_DropsTagFilteredRules(t *testing.T) {
|
|
// HIGH-priority finding: tag-filtered rules are unsafe on the fast
|
|
// path. Tags can be replaced via PutObjectTagging after the write,
|
|
// but the volume TTL is irreversible. Worker handles tag-filtered
|
|
// rules at scan time; the fast path drops them entirely.
|
|
tagRule := enabledRule("logs/", 7)
|
|
tagRule.FilterTags = map[string]string{"k": "v"}
|
|
plainRule := enabledRule("data/", 30)
|
|
|
|
r := mustResolver(t, tagRule, plainRule)
|
|
if r == nil {
|
|
t.Fatalf("plain rule should still produce a resolver")
|
|
}
|
|
// Tag-filtered key would have matched but is now invisible.
|
|
if got := r.Resolve("logs/foo", 1); got != 0 {
|
|
t.Fatalf("tag-filtered rule must not appear on fast path, got %d", got)
|
|
}
|
|
if got := r.Resolve("data/foo", 1); got != 30*86400 {
|
|
t.Fatalf("plain rule still applies, got %d", got)
|
|
}
|
|
}
|
|
|
|
func TestNewLifecycleTTLResolver_DropsDisabledAndNonExpirationDays(t *testing.T) {
|
|
disabled := enabledRule("logs/", 7)
|
|
disabled.Status = s3lifecycle.StatusDisabled
|
|
noExp := &s3lifecycle.Rule{
|
|
ID: "r", Status: s3lifecycle.StatusEnabled, Prefix: "logs/",
|
|
NoncurrentVersionExpirationDays: 7,
|
|
}
|
|
if got := NewLifecycleTTLResolver([]*s3lifecycle.Rule{disabled, noExp}, false); got != nil {
|
|
t.Fatalf("only-ineligible rules → resolver=%v, want nil", got)
|
|
}
|
|
}
|
|
|
|
func TestResolve_PrefixMatch(t *testing.T) {
|
|
r := mustResolver(t, enabledRule("logs/", 7))
|
|
if got := r.Resolve("logs/foo.txt", 1); got != 7*86400 {
|
|
t.Fatalf("want 7d in seconds, got %d", got)
|
|
}
|
|
if got := r.Resolve("data/foo.txt", 1); got != 0 {
|
|
t.Fatalf("non-matching prefix should yield 0, got %d", got)
|
|
}
|
|
}
|
|
|
|
func TestResolve_OverlappingRulesShorterExpirationWins(t *testing.T) {
|
|
// MEDIUM-priority finding: AWS overlapping-rule precedence is
|
|
// "shorter expiration wins". Sort ascending by ExpirationDays so
|
|
// the first prefix match is also the shortest applicable rule.
|
|
r := mustResolver(t,
|
|
enabledRule("logs/", 30), // broad, long
|
|
enabledRule("logs/critical/", 90), // specific, longer
|
|
enabledRule("logs/", 7), // broad, short
|
|
)
|
|
// "logs/foo" matches both broad rules; the shorter (7d) wins.
|
|
if got := r.Resolve("logs/foo", 1); got != 7*86400 {
|
|
t.Fatalf("shorter expiration must win, got %d (want 7d)", got)
|
|
}
|
|
// "logs/critical/x" matches all three; 7d still wins (shorter than
|
|
// the more specific 90d). Longest-prefix is NOT the AWS rule.
|
|
if got := r.Resolve("logs/critical/x", 1); got != 7*86400 {
|
|
t.Fatalf("shorter expiration must win across overlaps, got %d (want 7d)", got)
|
|
}
|
|
}
|
|
|
|
func TestResolve_OverflowDefersToWorker(t *testing.T) {
|
|
// MEDIUM-priority finding: capping at math.MaxInt32 seconds (~68y)
|
|
// would expire LONGER policies early. Return 0 instead so the
|
|
// worker enforces the actual policy on its own schedule.
|
|
bigDays := int(math.MaxInt32/secondsPerDay) + 1
|
|
r := mustResolver(t, enabledRule("anything", bigDays))
|
|
if got := r.Resolve("anything-x", 1); got != 0 {
|
|
t.Fatalf("overflow must yield 0 (worker handles), got %d", got)
|
|
}
|
|
}
|
|
|
|
func TestResolve_OverflowSkipsButShorterStillFires(t *testing.T) {
|
|
// Pathological case: short and overflowing rule on overlapping
|
|
// prefix. Ascending sort puts the short one first; the overflow
|
|
// rule never gets a chance to mis-cap.
|
|
bigDays := int(math.MaxInt32/secondsPerDay) + 1
|
|
r := mustResolver(t,
|
|
enabledRule("anything", bigDays),
|
|
enabledRule("anything", 7),
|
|
)
|
|
if got := r.Resolve("anything-x", 1); got != 7*86400 {
|
|
t.Fatalf("shorter rule must still fire on overlap, got %d", got)
|
|
}
|
|
}
|
|
|
|
func TestResolve_SizeFilter(t *testing.T) {
|
|
rule := enabledRule("logs/", 7)
|
|
rule.FilterSizeGreaterThan = 1024
|
|
r := mustResolver(t, rule)
|
|
|
|
// Below threshold → skip.
|
|
if got := r.Resolve("logs/foo", 100); got != 0 {
|
|
t.Fatalf("size <= threshold must skip, got %d", got)
|
|
}
|
|
// Above threshold → apply.
|
|
if got := r.Resolve("logs/foo", 2048); got != 7*86400 {
|
|
t.Fatalf("size > threshold must apply, got %d", got)
|
|
}
|
|
// Unknown size + size filter → skip (conservative).
|
|
if got := r.Resolve("logs/foo", -1); got != 0 {
|
|
t.Fatalf("unknown size with filter must skip, got %d", got)
|
|
}
|
|
}
|
|
|
|
func TestResolve_NilReceiverReturnsZero(t *testing.T) {
|
|
// nil-receiver-safe Resolve avoids the call site needing to check
|
|
// whether the bucket has a resolver at all.
|
|
var r *LifecycleTTLResolver
|
|
if got := r.Resolve("logs/foo", 1); got != 0 {
|
|
t.Fatalf("nil resolver must return 0, got %d", got)
|
|
}
|
|
}
|
|
|
|
func BenchmarkLifecycleTTLResolver_Resolve_NilReceiver(b *testing.B) {
|
|
// Common case: bucket has no lifecycle config → resolver is nil.
|
|
var r *LifecycleTTLResolver
|
|
b.ReportAllocs()
|
|
for i := 0; i < b.N; i++ {
|
|
_ = r.Resolve("logs/foo.txt", 4096)
|
|
}
|
|
}
|
|
|
|
func BenchmarkLifecycleTTLResolver_Resolve_OneRule(b *testing.B) {
|
|
// Typical case: one Expiration.Days rule that the key matches.
|
|
r := NewLifecycleTTLResolver([]*s3lifecycle.Rule{
|
|
enabledRule("logs/", 7),
|
|
}, false)
|
|
b.ReportAllocs()
|
|
for i := 0; i < b.N; i++ {
|
|
_ = r.Resolve("logs/foo.txt", 4096)
|
|
}
|
|
}
|
|
|
|
func BenchmarkLifecycleTTLResolver_Resolve_FiveRulesNoMatch(b *testing.B) {
|
|
// Worst typical case: walks all rules and none match.
|
|
r := NewLifecycleTTLResolver([]*s3lifecycle.Rule{
|
|
enabledRule("a/", 1),
|
|
enabledRule("b/", 7),
|
|
enabledRule("c/", 30),
|
|
enabledRule("d/", 90),
|
|
enabledRule("e/", 365),
|
|
}, false)
|
|
b.ReportAllocs()
|
|
for i := 0; i < b.N; i++ {
|
|
_ = r.Resolve("z/foo.txt", 4096)
|
|
}
|
|
}
|
|
|
|
func TestPopulateBucketConfigDerivedFields_RefreshesLifecycleTTL(t *testing.T) {
|
|
// Regression: storeBucketLifecycleConfiguration only updates
|
|
// Entry.Extended; if the cache-refresh path doesn't re-derive
|
|
// LifecycleTTL, an Add → Update → Delete dance would leave a stale
|
|
// resolver applying the wrong volume TTL to subsequent writes. Walk
|
|
// the three transitions and assert the resolver follows.
|
|
s := &S3ApiServer{}
|
|
|
|
xmlAdd := []byte(`<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Rule><ID>r</ID><Status>Enabled</Status><Filter><Prefix>logs/</Prefix></Filter><Expiration><Days>7</Days></Expiration></Rule></LifecycleConfiguration>`)
|
|
xmlReplace := []byte(`<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Rule><ID>r</ID><Status>Enabled</Status><Filter><Prefix>logs/</Prefix></Filter><Expiration><Days>30</Days></Expiration></Rule></LifecycleConfiguration>`)
|
|
|
|
cfg := &BucketConfig{Name: "bk", Entry: &filer_pb.Entry{Extended: map[string][]byte{}}}
|
|
|
|
// 1) No XML yet → no resolver.
|
|
s.populateBucketConfigDerivedFields(cfg)
|
|
if cfg.LifecycleTTL != nil {
|
|
t.Fatalf("no XML must yield nil resolver, got %v", cfg.LifecycleTTL)
|
|
}
|
|
|
|
// 2) Add: 7d.
|
|
cfg.Entry.Extended[bucketLifecycleConfigurationXMLKey] = xmlAdd
|
|
s.populateBucketConfigDerivedFields(cfg)
|
|
if got := cfg.LifecycleTTL.Resolve("logs/foo", 1); got != 7*86400 {
|
|
t.Fatalf("after add, want 7d, got %d", got)
|
|
}
|
|
|
|
// 3) Replace: 30d. The previous resolver must NOT linger.
|
|
cfg.Entry.Extended[bucketLifecycleConfigurationXMLKey] = xmlReplace
|
|
s.populateBucketConfigDerivedFields(cfg)
|
|
if got := cfg.LifecycleTTL.Resolve("logs/foo", 1); got != 30*86400 {
|
|
t.Fatalf("after replace, want 30d, got %d (stale resolver?)", got)
|
|
}
|
|
|
|
// 4) Delete: nil resolver. The most dangerous regression — leaving
|
|
// the old resolver here would keep stamping irreversible volume
|
|
// TTL onto writes after the policy was removed.
|
|
delete(cfg.Entry.Extended, bucketLifecycleConfigurationXMLKey)
|
|
s.populateBucketConfigDerivedFields(cfg)
|
|
if cfg.LifecycleTTL != nil {
|
|
t.Fatalf("after delete, want nil resolver, got %v", cfg.LifecycleTTL)
|
|
}
|
|
}
|
|
|
|
func TestPopulateBucketConfigDerivedFields_ObjectLockTreatedAsVersioned(t *testing.T) {
|
|
// Object Lock requires versioning, so a bucket with ObjectLock but
|
|
// no explicit Versioning header is still effectively versioned —
|
|
// volume TTL would expire all noncurrent versions as a unit. The
|
|
// resolver-construction site must mirror BucketIsVersioned and
|
|
// treat ObjectLockConfig != nil as versioned.
|
|
s := &S3ApiServer{}
|
|
xml := []byte(`<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Rule><ID>r</ID><Status>Enabled</Status><Filter><Prefix>logs/</Prefix></Filter><Expiration><Days>7</Days></Expiration></Rule></LifecycleConfiguration>`)
|
|
cfg := &BucketConfig{
|
|
Name: "bk",
|
|
Entry: &filer_pb.Entry{Extended: map[string][]byte{
|
|
s3_constants.ExtObjectLockEnabledKey: []byte(s3_constants.ObjectLockEnabled),
|
|
bucketLifecycleConfigurationXMLKey: xml,
|
|
}},
|
|
}
|
|
s.populateBucketConfigDerivedFields(cfg)
|
|
if cfg.ObjectLockConfig == nil {
|
|
t.Fatal("test setup: ObjectLockConfig should be parsed")
|
|
}
|
|
if cfg.LifecycleTTL != nil {
|
|
t.Fatalf("ObjectLock buckets must skip the fast-path resolver, got %v", cfg.LifecycleTTL)
|
|
}
|
|
}
|