2021-04-18 15:41:13 -04:00
|
|
|
// Copyright (c) 2015-2021 MinIO, Inc.
|
|
|
|
//
|
|
|
|
// This file is part of MinIO Object Storage stack
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2016-12-10 03:42:22 -05:00
|
|
|
|
|
|
|
package cmd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
2018-10-16 22:22:09 -04:00
|
|
|
"net/http/httptest"
|
2018-10-26 21:03:17 -04:00
|
|
|
"net/url"
|
2017-08-22 19:53:35 -04:00
|
|
|
"strconv"
|
2016-12-10 03:42:22 -05:00
|
|
|
"testing"
|
2018-08-17 15:52:14 -04:00
|
|
|
|
2021-06-01 17:59:40 -04:00
|
|
|
"github.com/minio/minio/internal/crypto"
|
perf: websocket grid connectivity for all internode communication (#18461)
This PR adds a WebSocket grid feature that allows servers to communicate via
a single two-way connection.
There are two request types:
* Single requests, which are `[]byte => ([]byte, error)`. This is for efficient small
roundtrips with small payloads.
* Streaming requests which are `[]byte, chan []byte => chan []byte (and error)`,
which allows for different combinations of full two-way streams with an initial payload.
Only a single stream is created between two machines - and there is, as such, no
server/client relation since both sides can initiate and handle requests. Which server
initiates the request is decided deterministically on the server names.
Requests are made through a mux client and server, which handles message
passing, congestion, cancelation, timeouts, etc.
If a connection is lost, all requests are canceled, and the calling server will try
to reconnect. Registered handlers can operate directly on byte
slices or use a higher-level generics abstraction.
There is no versioning of handlers/clients, and incompatible changes should
be handled by adding new handlers.
The request path can be changed to a new one for any protocol changes.
First, all servers create a "Manager." The manager must know its address
as well as all remote addresses. This will manage all connections.
To get a connection to any remote, ask the manager to provide it given
the remote address using.
```
func (m *Manager) Connection(host string) *Connection
```
All serverside handlers must also be registered on the manager. This will
make sure that all incoming requests are served. The number of in-flight
requests and responses must also be given for streaming requests.
The "Connection" returned manages the mux-clients. Requests issued
to the connection will be sent to the remote.
* `func (c *Connection) Request(ctx context.Context, h HandlerID, req []byte) ([]byte, error)`
performs a single request and returns the result. Any deadline provided on the request is
forwarded to the server, and canceling the context will make the function return at once.
* `func (c *Connection) NewStream(ctx context.Context, h HandlerID, payload []byte) (st *Stream, err error)`
will initiate a remote call and send the initial payload.
```Go
// A Stream is a two-way stream.
// All responses *must* be read by the caller.
// If the call is canceled through the context,
//The appropriate error will be returned.
type Stream struct {
// Responses from the remote server.
// Channel will be closed after an error or when the remote closes.
// All responses *must* be read by the caller until either an error is returned or the channel is closed.
// Canceling the context will cause the context cancellation error to be returned.
Responses <-chan Response
// Requests sent to the server.
// If the handler is defined with 0 incoming capacity this will be nil.
// Channel *must* be closed to signal the end of the stream.
// If the request context is canceled, the stream will no longer process requests.
Requests chan<- []byte
}
type Response struct {
Msg []byte
Err error
}
```
There are generic versions of the server/client handlers that allow the use of type
safe implementations for data types that support msgpack marshal/unmarshal.
2023-11-20 20:09:35 -05:00
|
|
|
"github.com/minio/minio/internal/grid"
|
2021-06-01 17:59:40 -04:00
|
|
|
xhttp "github.com/minio/minio/internal/http"
|
2016-12-10 03:42:22 -05:00
|
|
|
)
|
|
|
|
|
2017-09-01 15:16:54 -04:00
|
|
|
// Tests request guess function for net/rpc requests.
|
|
|
|
func TestGuessIsRPC(t *testing.T) {
|
|
|
|
if guessIsRPCReq(nil) {
|
|
|
|
t.Fatal("Unexpected return for nil request")
|
|
|
|
}
|
2018-12-05 17:28:48 -05:00
|
|
|
|
|
|
|
u, err := url.Parse("http://localhost:9000/minio/lock")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2017-09-01 15:16:54 -04:00
|
|
|
r := &http.Request{
|
|
|
|
Proto: "HTTP/1.0",
|
2018-06-06 04:51:56 -04:00
|
|
|
Method: http.MethodPost,
|
2018-12-05 17:28:48 -05:00
|
|
|
URL: u,
|
2017-09-01 15:16:54 -04:00
|
|
|
}
|
|
|
|
if !guessIsRPCReq(r) {
|
|
|
|
t.Fatal("Test shouldn't fail for a possible net/rpc request.")
|
|
|
|
}
|
|
|
|
r = &http.Request{
|
|
|
|
Proto: "HTTP/1.1",
|
|
|
|
Method: http.MethodGet,
|
2024-07-26 08:55:01 -04:00
|
|
|
URL: u,
|
2017-09-01 15:16:54 -04:00
|
|
|
}
|
2024-07-26 08:55:01 -04:00
|
|
|
if !guessIsRPCReq(r) {
|
|
|
|
t.Fatal("Test shouldn't fail for a possible net/rpc request.")
|
2017-09-01 15:16:54 -04:00
|
|
|
}
|
perf: websocket grid connectivity for all internode communication (#18461)
This PR adds a WebSocket grid feature that allows servers to communicate via
a single two-way connection.
There are two request types:
* Single requests, which are `[]byte => ([]byte, error)`. This is for efficient small
roundtrips with small payloads.
* Streaming requests which are `[]byte, chan []byte => chan []byte (and error)`,
which allows for different combinations of full two-way streams with an initial payload.
Only a single stream is created between two machines - and there is, as such, no
server/client relation since both sides can initiate and handle requests. Which server
initiates the request is decided deterministically on the server names.
Requests are made through a mux client and server, which handles message
passing, congestion, cancelation, timeouts, etc.
If a connection is lost, all requests are canceled, and the calling server will try
to reconnect. Registered handlers can operate directly on byte
slices or use a higher-level generics abstraction.
There is no versioning of handlers/clients, and incompatible changes should
be handled by adding new handlers.
The request path can be changed to a new one for any protocol changes.
First, all servers create a "Manager." The manager must know its address
as well as all remote addresses. This will manage all connections.
To get a connection to any remote, ask the manager to provide it given
the remote address using.
```
func (m *Manager) Connection(host string) *Connection
```
All serverside handlers must also be registered on the manager. This will
make sure that all incoming requests are served. The number of in-flight
requests and responses must also be given for streaming requests.
The "Connection" returned manages the mux-clients. Requests issued
to the connection will be sent to the remote.
* `func (c *Connection) Request(ctx context.Context, h HandlerID, req []byte) ([]byte, error)`
performs a single request and returns the result. Any deadline provided on the request is
forwarded to the server, and canceling the context will make the function return at once.
* `func (c *Connection) NewStream(ctx context.Context, h HandlerID, payload []byte) (st *Stream, err error)`
will initiate a remote call and send the initial payload.
```Go
// A Stream is a two-way stream.
// All responses *must* be read by the caller.
// If the call is canceled through the context,
//The appropriate error will be returned.
type Stream struct {
// Responses from the remote server.
// Channel will be closed after an error or when the remote closes.
// All responses *must* be read by the caller until either an error is returned or the channel is closed.
// Canceling the context will cause the context cancellation error to be returned.
Responses <-chan Response
// Requests sent to the server.
// If the handler is defined with 0 incoming capacity this will be nil.
// Channel *must* be closed to signal the end of the stream.
// If the request context is canceled, the stream will no longer process requests.
Requests chan<- []byte
}
type Response struct {
Msg []byte
Err error
}
```
There are generic versions of the server/client handlers that allow the use of type
safe implementations for data types that support msgpack marshal/unmarshal.
2023-11-20 20:09:35 -05:00
|
|
|
r = &http.Request{
|
|
|
|
Proto: "HTTP/1.1",
|
|
|
|
Method: http.MethodGet,
|
|
|
|
URL: &url.URL{Path: grid.RoutePath},
|
|
|
|
}
|
|
|
|
if !guessIsRPCReq(r) {
|
|
|
|
t.Fatal("Grid RPC path not detected")
|
|
|
|
}
|
2017-09-01 15:16:54 -04:00
|
|
|
}
|
|
|
|
|
2017-08-22 19:53:35 -04:00
|
|
|
var isHTTPHeaderSizeTooLargeTests = []struct {
|
|
|
|
header http.Header
|
|
|
|
shouldFail bool
|
|
|
|
}{
|
|
|
|
{header: generateHeader(0, 0), shouldFail: false},
|
|
|
|
{header: generateHeader(1024, 0), shouldFail: false},
|
|
|
|
{header: generateHeader(2048, 0), shouldFail: false},
|
|
|
|
{header: generateHeader(8*1024+1, 0), shouldFail: true},
|
|
|
|
{header: generateHeader(0, 1024), shouldFail: false},
|
|
|
|
{header: generateHeader(0, 2048), shouldFail: true},
|
|
|
|
{header: generateHeader(0, 2048+1), shouldFail: true},
|
|
|
|
}
|
|
|
|
|
|
|
|
func generateHeader(size, usersize int) http.Header {
|
|
|
|
header := http.Header{}
|
|
|
|
for i := 0; i < size; i++ {
|
2020-09-01 19:58:13 -04:00
|
|
|
header.Set(strconv.Itoa(i), "")
|
2017-08-22 19:53:35 -04:00
|
|
|
}
|
|
|
|
userlength := 0
|
|
|
|
for i := 0; userlength < usersize; i++ {
|
|
|
|
userlength += len(userMetadataKeyPrefixes[0] + strconv.Itoa(i))
|
2020-09-01 19:58:13 -04:00
|
|
|
header.Set(userMetadataKeyPrefixes[0]+strconv.Itoa(i), "")
|
2017-08-22 19:53:35 -04:00
|
|
|
}
|
|
|
|
return header
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestIsHTTPHeaderSizeTooLarge(t *testing.T) {
|
|
|
|
for i, test := range isHTTPHeaderSizeTooLargeTests {
|
|
|
|
if res := isHTTPHeaderSizeTooLarge(test.header); res != test.shouldFail {
|
|
|
|
t.Errorf("Test %d: Expected %v got %v", i, res, test.shouldFail)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-11-07 18:18:59 -05:00
|
|
|
|
|
|
|
var containsReservedMetadataTests = []struct {
|
|
|
|
header http.Header
|
|
|
|
shouldFail bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
header: http.Header{"X-Minio-Key": []string{"value"}},
|
|
|
|
},
|
|
|
|
{
|
2020-12-22 12:19:32 -05:00
|
|
|
header: http.Header{crypto.MetaIV: []string{"iv"}},
|
2024-03-28 13:44:56 -04:00
|
|
|
shouldFail: false,
|
2017-11-07 18:18:59 -05:00
|
|
|
},
|
|
|
|
{
|
2020-12-22 12:19:32 -05:00
|
|
|
header: http.Header{crypto.MetaAlgorithm: []string{crypto.InsecureSealAlgorithm}},
|
2024-03-28 13:44:56 -04:00
|
|
|
shouldFail: false,
|
2017-11-07 18:18:59 -05:00
|
|
|
},
|
|
|
|
{
|
2020-12-22 12:19:32 -05:00
|
|
|
header: http.Header{crypto.MetaSealedKeySSEC: []string{"mac"}},
|
2024-03-28 13:44:56 -04:00
|
|
|
shouldFail: false,
|
2017-11-07 18:18:59 -05:00
|
|
|
},
|
|
|
|
{
|
|
|
|
header: http.Header{ReservedMetadataPrefix + "Key": []string{"value"}},
|
|
|
|
shouldFail: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestContainsReservedMetadata(t *testing.T) {
|
2020-06-12 23:04:01 -04:00
|
|
|
for _, test := range containsReservedMetadataTests {
|
|
|
|
test := test
|
|
|
|
t.Run("", func(t *testing.T) {
|
|
|
|
contains := containsReservedMetadata(test.header)
|
|
|
|
if contains && !test.shouldFail {
|
|
|
|
t.Errorf("contains reserved header but should not fail")
|
|
|
|
} else if !contains && test.shouldFail {
|
|
|
|
t.Errorf("does not contain reserved header but failed")
|
|
|
|
}
|
|
|
|
})
|
2017-11-07 18:18:59 -05:00
|
|
|
}
|
|
|
|
}
|
2018-10-16 22:22:09 -04:00
|
|
|
|
|
|
|
var sseTLSHandlerTests = []struct {
|
2018-10-26 21:03:17 -04:00
|
|
|
URL *url.URL
|
2018-10-16 22:22:09 -04:00
|
|
|
Header http.Header
|
|
|
|
IsTLS, ShouldFail bool
|
|
|
|
}{
|
2020-12-22 12:19:32 -05:00
|
|
|
{URL: &url.URL{}, Header: http.Header{}, IsTLS: false, ShouldFail: false}, // 0
|
|
|
|
{URL: &url.URL{}, Header: http.Header{xhttp.AmzServerSideEncryptionCustomerAlgorithm: []string{"AES256"}}, IsTLS: false, ShouldFail: true}, // 1
|
|
|
|
{URL: &url.URL{}, Header: http.Header{xhttp.AmzServerSideEncryptionCustomerAlgorithm: []string{"AES256"}}, IsTLS: true, ShouldFail: false}, // 2
|
|
|
|
{URL: &url.URL{}, Header: http.Header{xhttp.AmzServerSideEncryptionCustomerKey: []string{""}}, IsTLS: true, ShouldFail: false}, // 3
|
|
|
|
{URL: &url.URL{}, Header: http.Header{xhttp.AmzServerSideEncryptionCopyCustomerAlgorithm: []string{""}}, IsTLS: false, ShouldFail: true}, // 4
|
2018-10-16 22:22:09 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestSSETLSHandler(t *testing.T) {
|
2020-12-22 00:42:38 -05:00
|
|
|
defer func(isSSL bool) { globalIsTLS = isSSL }(globalIsTLS) // reset globalIsTLS after test
|
2018-10-16 22:22:09 -04:00
|
|
|
|
|
|
|
var okHandler http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
}
|
|
|
|
for i, test := range sseTLSHandlerTests {
|
2020-12-22 00:42:38 -05:00
|
|
|
globalIsTLS = test.IsTLS
|
2018-10-16 22:22:09 -04:00
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r := new(http.Request)
|
|
|
|
r.Header = test.Header
|
2018-10-26 21:03:17 -04:00
|
|
|
r.URL = test.URL
|
2018-10-16 22:22:09 -04:00
|
|
|
|
2023-07-08 10:31:42 -04:00
|
|
|
h := setRequestValidityMiddleware(okHandler)
|
2018-10-16 22:22:09 -04:00
|
|
|
h.ServeHTTP(w, r)
|
|
|
|
|
|
|
|
switch {
|
|
|
|
case test.ShouldFail && w.Code == http.StatusOK:
|
|
|
|
t.Errorf("Test %d: should fail but status code is HTTP %d", i, w.Code)
|
|
|
|
case !test.ShouldFail && w.Code != http.StatusOK:
|
|
|
|
t.Errorf("Test %d: should not fail but status code is HTTP %d and not 200 OK", i, w.Code)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|