initialize IAM as soon as object layer is initialized (#10700)

Allow requests to come in for users as soon as object layer and config are initialized, this allows users to be authenticated sooner and would succeed automatically on servers which are yet to fully initialize.
2025-11-07 04:42:56 -05:00 · 2020-10-19 09:54:40 -07:00
parent c107728676
commit b07df5cae1
9 changed files with 226 additions and 281 deletions
--- a/cmd/server-main.go
+++ b/cmd/server-main.go
@@ -327,9 +327,12 @@ func initAllSubsystems(ctx context.Context, newObject ObjectLayer) (err error) {
 			return fmt.Errorf("Unable to initialize config system: %w", err)
 		}
 		// Any other config errors we simply print a message and proceed forward.
-		logger.LogIf(ctx, err)
+		logger.LogIf(ctx, fmt.Errorf("Unable to initialize config, some features may be missing %w", err))
 	}

+	// Initialize IAM store
+	globalIAMSys.InitStore(newObject)
+
 	// Populate existing buckets to the etcd backend
 	if globalDNSConfig != nil {
 		// Background this operation.
@@ -385,6 +388,9 @@ func serverMain(ctx *cli.Context) {
 	// Initialize all help
 	initHelp()

+	// Initialize all sub-systems
+	newAllSubsystems()
+
 	var err error
 	globalProxyEndpoints, err = GetProxyEndpoints(globalEndpoints)
 	logger.FatalIf(err, "Invalid command line arguments")
@@ -427,9 +433,6 @@ func serverMain(ctx *cli.Context) {
 		globalReplicationState = newReplicationState()
 	}

-	// Initialize all sub-systems
-	newAllSubsystems()
-
 	// Configure server.
 	handler, err := configureServerHandler(globalEndpoints)
 	if err != nil {
@@ -476,11 +479,6 @@ func serverMain(ctx *cli.Context) {

 	logger.SetDeploymentID(globalDeploymentID)

-	// Once endpoints are finalized, initialize the new object api in safe mode.
-	globalObjLayerMutex.Lock()
-	globalObjectAPI = newObject
-	globalObjLayerMutex.Unlock()
-
 	go initDataCrawler(GlobalContext, newObject)

 	// Enable background operations for erasure coding
@@ -503,6 +501,11 @@ func serverMain(ctx *cli.Context) {
 		}
 	}

+	// Once the config is fully loaded, initialize the new object layer.
+	globalObjLayerMutex.Lock()
+	globalObjectAPI = newObject
+	globalObjLayerMutex.Unlock()
+
 	// Initialize users credentials and policies in background right after config has initialized.
 	go globalIAMSys.Init(GlobalContext, newObject)