simplify context timeout for readiness (#9772)

additionally also add CORS support to restrict
for specific origin, adds a new config and
updated the documentation as well

cmd/config-current.go

@@ -365,13 +365,7 @@ func lookupConfigs(s config.Config) {
 		logger.LogIf(ctx, fmt.Errorf("Invalid api configuration: %w", err))
 	}
 
-	apiRequestsMax := apiConfig.APIRequestsMax
-	if len(globalEndpoints.Hosts()) > 0 {
-		apiRequestsMax /= len(globalEndpoints.Hosts())
-	}
-
-	globalAPIThrottling.init(apiRequestsMax, apiConfig.APIRequestsDeadline)
-	globalReadyDeadline = apiConfig.APIReadyDeadline
+	globalAPIConfig.init(apiConfig)
 
 	if globalIsXL {
 		globalStorageClass, err = storageclass.LookupConfig(s[config.StorageClassSubSys][config.Default],

cmd/config/api/api.go

@@ -20,16 +20,24 @@ import (
 	"encoding/json"
 	"errors"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/minio/minio/cmd/config"
 	"github.com/minio/minio/pkg/env"
 )
 
+// API sub-system constants
 const (
 	apiRequestsMax      = "requests_max"
 	apiRequestsDeadline = "requests_deadline"
 	apiReadyDeadline    = "ready_deadline"
+	apiCorsAllowOrigin  = "cors_allow_origin"
+
+	EnvAPIRequestsMax      = "MINIO_API_REQUESTS_MAX"
+	EnvAPIRequestsDeadline = "MINIO_API_REQUESTS_DEADLINE"
+	EnvAPIReadyDeadline    = "MINIO_API_READY_DEADLINE"
+	EnvAPICorsAllowOrigin  = "MINIO_API_CORS_ALLOW_ORIGIN"
 )
 
 // DefaultKVS - default storage class config
@@ -47,6 +55,10 @@ var (
 			Key:   apiReadyDeadline,
 			Value: "10s",
 		},
+		config.KV{
+			Key:   apiCorsAllowOrigin,
+			Value: "*",
+		},
 	}
 )
 
@@ -55,6 +67,7 @@ type Config struct {
 	APIRequestsMax      int           `json:"requests_max"`
 	APIRequestsDeadline time.Duration `json:"requests_deadline"`
 	APIReadyDeadline    time.Duration `json:"ready_deadline"`
+	APICorsAllowOrigin  []string      `json:"cors_allow_origin"`
 }
 
 // UnmarshalJSON - Validate SS and RRS parity when unmarshalling JSON.
@@ -75,7 +88,7 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
 	}
 
 	// Check environment variables parameters
-	requestsMax, err := strconv.Atoi(env.Get(config.EnvAPIRequestsMax, kvs.Get(apiRequestsMax)))
+	requestsMax, err := strconv.Atoi(env.Get(EnvAPIRequestsMax, kvs.Get(apiRequestsMax)))
 	if err != nil {
 		return cfg, err
 	}
@@ -84,20 +97,21 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
 		return cfg, errors.New("invalid API max requests value")
 	}
 
-	requestsDeadline, err := time.ParseDuration(env.Get(config.EnvAPIRequestsDeadline, kvs.Get(apiRequestsDeadline)))
+	requestsDeadline, err := time.ParseDuration(env.Get(EnvAPIRequestsDeadline, kvs.Get(apiRequestsDeadline)))
 	if err != nil {
 		return cfg, err
 	}
 
-	readyDeadline, err := time.ParseDuration(env.Get(config.EnvAPIReadyDeadline, kvs.Get(apiReadyDeadline)))
+	readyDeadline, err := time.ParseDuration(env.Get(EnvAPIReadyDeadline, kvs.Get(apiReadyDeadline)))
 	if err != nil {
 		return cfg, err
 	}
 
-	cfg = Config{
+	corsAllowOrigin := strings.Split(env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin)), ",")
+	return Config{
 		APIRequestsMax:      requestsMax,
 		APIRequestsDeadline: requestsDeadline,
 		APIReadyDeadline:    readyDeadline,
-	}
-	return cfg, nil
+		APICorsAllowOrigin:  corsAllowOrigin,
+	}, nil
 }

cmd/config/api/help.go

@@ -39,5 +39,11 @@ var (
 			Optional:    true,
 			Type:        "duration",
 		},
+		config.HelpKV{
+			Key:         apiCorsAllowOrigin,
+			Description: `set comma separated list of origins allowed for CORS requests e.g. "https://example1.com,https://example2.com"`,
+			Optional:    true,
+			Type:        "csv",
+		},
 	}
 )

cmd/config/constants.go

@@ -34,11 +34,6 @@ const (
 	EnvEndpoints    = "MINIO_ENDPOINTS"
 	EnvFSOSync      = "MINIO_FS_OSYNC"
 
-	// API sub-system
-	EnvAPIRequestsMax      = "MINIO_API_REQUESTS_MAX"
-	EnvAPIRequestsDeadline = "MINIO_API_REQUESTS_DEADLINE"
-	EnvAPIReadyDeadline    = "MINIO_API_READY_DEADLINE"
-
 	EnvUpdate = "MINIO_UPDATE"
 
 	EnvWorm   = "MINIO_WORM"   // legacy

cmd/generic-handlers.go

@@ -30,6 +30,7 @@ import (
 	"github.com/minio/minio/cmd/http/stats"
 	"github.com/minio/minio/cmd/logger"
 	"github.com/minio/minio/pkg/handlers"
+	"github.com/minio/minio/pkg/wildcard"
 	"github.com/rs/cors"
 )
 
@@ -410,7 +411,14 @@ func setCorsHandler(h http.Handler) http.Handler {
 	}
 
 	c := cors.New(cors.Options{
-		AllowedOrigins: []string{"*"},
+		AllowOriginFunc: func(origin string) bool {
+			for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() {
+				if wildcard.MatchSimple(allowedOrigin, origin) {
+					return true
+				}
+			}
+			return false
+		},
 		AllowedMethods: []string{
 			http.MethodGet,
 			http.MethodPut,

cmd/globals.go

@@ -154,9 +154,9 @@ var (
 	globalLifecycleSys       *LifecycleSys
 	globalBucketSSEConfigSys *BucketSSEConfigSys
 
-	// globalAPIThrottling controls S3 requests throttling when
-	// enabled in the config or in the shell environment.
-	globalAPIThrottling apiThrottling
+	// globalAPIConfig controls S3 API requests throttling,
+	// healthcheck readiness deadlines and cors settings.
+	globalAPIConfig apiConfig
 
 	globalStorageClass storageclass.Config
 	globalLDAPConfig   xldap.Config
@@ -275,8 +275,6 @@ var (
 	// If writes to FS backend should be O_SYNC.
 	globalFSOSync bool
 
-	// Deadline by which /minio/health/ready should respond.
-	globalReadyDeadline time.Duration
 	// Add new variable global values here.
 )
 

cmd/handler-api.go

@@ -20,34 +20,61 @@ import (
 	"net/http"
 	"sync"
 	"time"
+
+	"github.com/minio/minio/cmd/config/api"
 )
 
-type apiThrottling struct {
-	mu      sync.RWMutex
-	enabled bool
+type apiConfig struct {
+	mu sync.RWMutex
 
 	requestsDeadline time.Duration
 	requestsPool     chan struct{}
+	readyDeadline    time.Duration
+	corsAllowOrigins []string
 }
 
-func (t *apiThrottling) init(max int, deadline time.Duration) {
-	if max <= 0 {
-		return
-	}
-
+func (t *apiConfig) init(cfg api.Config) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 
-	t.requestsPool = make(chan struct{}, max)
-	t.requestsDeadline = deadline
-	t.enabled = true
+	t.readyDeadline = cfg.APIReadyDeadline
+	t.corsAllowOrigins = cfg.APICorsAllowOrigin
+	if cfg.APIRequestsMax <= 0 {
+		return
+	}
+
+	apiRequestsMax := cfg.APIRequestsMax
+	if len(globalEndpoints.Hosts()) > 0 {
+		apiRequestsMax /= len(globalEndpoints.Hosts())
+	}
+
+	t.requestsPool = make(chan struct{}, apiRequestsMax)
+	t.requestsDeadline = cfg.APIRequestsDeadline
 }
 
-func (t *apiThrottling) get() (chan struct{}, <-chan time.Time) {
+func (t *apiConfig) getCorsAllowOrigins() []string {
 	t.mu.RLock()
 	defer t.mu.RUnlock()
 
-	if !t.enabled {
+	return t.corsAllowOrigins
+}
+
+func (t *apiConfig) getReadyDeadline() time.Duration {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	if t.readyDeadline == 0 {
+		return 10 * time.Second
+	}
+
+	return t.readyDeadline
+}
+
+func (t *apiConfig) getRequestsPool() (chan struct{}, <-chan time.Time) {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	if t.requestsPool == nil {
 		return nil, nil
 	}
 
@@ -57,7 +84,7 @@ func (t *apiThrottling) get() (chan struct{}, <-chan time.Time) {
 // maxClients throttles the S3 API calls
 func maxClients(f http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		pool, deadlineTimer := globalAPIThrottling.get()
+		pool, deadlineTimer := globalAPIConfig.getRequestsPool()
 		if pool == nil {
 			f.ServeHTTP(w, r)
 			return

cmd/healthcheck-handler.go

@@ -17,6 +17,7 @@
 package cmd
 
 import (
+	"context"
 	"net/http"
 )
 
@@ -28,7 +29,15 @@ func ReadinessCheckHandler(w http.ResponseWriter, r *http.Request) {
 
 	objLayer := newObjectLayerWithoutSafeModeFn()
 	// Service not initialized yet
-	if objLayer == nil || !objLayer.IsReady(ctx) {
+	if objLayer == nil {
+		writeResponse(w, http.StatusServiceUnavailable, nil, mimeNone)
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(ctx, globalAPIConfig.getReadyDeadline())
+	defer cancel()
+
+	if !objLayer.IsReady(ctx) {
 		writeResponse(w, http.StatusServiceUnavailable, nil, mimeNone)
 		return
 	}

cmd/notification.go

@@ -1164,7 +1164,7 @@ func (sys *NotificationSys) ServerInfo() []madmin.ServerProperties {
 }
 
 // GetLocalDiskIDs - return disk ids of the local disks of the peers.
-func (sys *NotificationSys) GetLocalDiskIDs() []string {
+func (sys *NotificationSys) GetLocalDiskIDs(ctx context.Context) []string {
 	var diskIDs []string
 	var mu sync.Mutex
 
@@ -1176,7 +1176,7 @@ func (sys *NotificationSys) GetLocalDiskIDs() []string {
 		wg.Add(1)
 		go func(client *peerRESTClient) {
 			defer wg.Done()
-			ids := client.GetLocalDiskIDs()
+			ids := client.GetLocalDiskIDs(ctx)
 			mu.Lock()
 			diskIDs = append(diskIDs, ids...)
 			mu.Unlock()

cmd/peer-rest-client.go

@@ -677,19 +677,7 @@ func (client *peerRESTClient) BackgroundHealStatus() (madmin.BgHealState, error)
 }
 
 // GetLocalDiskIDs - get a peer's local disks' IDs.
-func (client *peerRESTClient) GetLocalDiskIDs() []string {
-	doneCh := make(chan struct{})
-	defer close(doneCh)
-
-	ctx, cancel := context.WithCancel(GlobalContext)
-	go func() {
-		select {
-		case <-doneCh:
-			return
-		case <-time.After(globalReadyDeadline):
-			cancel()
-		}
-	}()
+func (client *peerRESTClient) GetLocalDiskIDs(ctx context.Context) []string {
 	respBody, err := client.callWithContext(ctx, peerRESTMethodGetLocalDiskIDs, nil, nil, -1)
 	if err != nil {
 		return nil

cmd/xl-v1.go

@@ -403,7 +403,7 @@ func (xl xlObjects) crawlAndGetDataUsage(ctx context.Context, buckets []BucketIn
 	return nil
 }
 
-// IsReady - No Op.
+// IsReady - shouldn't be called will panic.
 func (xl xlObjects) IsReady(ctx context.Context) bool {
 	logger.CriticalIf(ctx, NotImplemented{})
 	return true

cmd/xl-zones.go

@@ -1615,7 +1615,7 @@ func (z *xlZones) IsReady(ctx context.Context) bool {
 		erasureSetUpCount[i] = make([]int, len(z.zones[i].sets))
 	}
 
-	diskIDs := globalNotificationSys.GetLocalDiskIDs()
+	diskIDs := globalNotificationSys.GetLocalDiskIDs(ctx)
 
 	diskIDs = append(diskIDs, getLocalDiskIDs(z)...)