Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate that shared cache bucket is usable #1141

Merged
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Add some clarifications requested in PR
Signed-off-by: Simon Beal <[email protected]>
muddyfish committed Nov 18, 2024

Verified

This commit was signed with the committer’s verified signature.
muddyfish Simon Beal
commit 7a265f5cfd20e6ce2ba76b18785d3b7a75e339c8
6 changes: 4 additions & 2 deletions mountpoint-s3/src/cli.rs
Original file line number Diff line number Diff line change
@@ -896,7 +896,8 @@ where
(None, Some((config, bucket_name, cache_bucket_name))) => {
tracing::trace!("using S3 Express One Zone bucket as a cache for object content");
let express_cache = ExpressDataCache::new(client.clone(), config, bucket_name, cache_bucket_name);
block_on(express_cache.verify_cache_valid())?;
block_on(express_cache.verify_cache_valid())
.with_context(|| format!("initial PutObject failed for shared cache bucket {cache_bucket_name}"))?;

let prefetcher = caching_prefetch(express_cache, runtime, prefetcher_config);
let fuse_session = create_filesystem(
@@ -936,7 +937,8 @@ where
tracing::trace!("using both local disk and S3 Express One Zone bucket as a cache for object content");
let (managed_cache_dir, disk_cache) = create_disk_cache(cache_dir_path, disk_data_cache_config)?;
let express_cache = ExpressDataCache::new(client.clone(), config, bucket_name, cache_bucket_name);
block_on(express_cache.verify_cache_valid())?;
block_on(express_cache.verify_cache_valid())
.with_context(|| format!("initial PutObject failed for shared cache bucket {cache_bucket_name}"))?;
let cache = MultilevelDataCache::new(Arc::new(disk_cache), express_cache, runtime.clone());

let prefetcher = caching_prefetch(cache, runtime, prefetcher_config);
3 changes: 3 additions & 0 deletions mountpoint-s3/src/data_cache/express_data_cache.rs
Original file line number Diff line number Diff line change
@@ -84,6 +84,9 @@ where
self.bucket_name, self.config.block_size
);

// put_object is sufficient for validating cache, as S3 Directory buckets only support
// read-only, or read-write. Write implies read access.
// Validating we're in a directory bucket by using the `EXPRESS_ONEZONE` storage class.
self.client
.put_object_single(
&self.bucket_name,
19 changes: 13 additions & 6 deletions mountpoint-s3/tests/fuse_tests/cache_test.rs
Original file line number Diff line number Diff line change
@@ -1,17 +1,11 @@
use crate::common::cache::CacheTestWrapper;
use crate::common::creds::get_scoped_down_credentials;
use crate::common::fuse::create_fuse_session;
use crate::common::fuse::s3_session::create_crt_client;
use crate::common::s3::{get_test_bucket, get_test_prefix};

use mountpoint_s3::data_cache::{DataCache, DiskDataCache, DiskDataCacheConfig};
use mountpoint_s3::prefetch::caching_prefetch;
use mountpoint_s3_client::config::S3ClientAuthConfig;
use mountpoint_s3_client::error::ObjectClientError;
use mountpoint_s3_client::S3CrtClient;
use mountpoint_s3_client::S3RequestError::{CrtError, ResponseError};
use mountpoint_s3_crt::auth::credentials::{CredentialsProvider, CredentialsProviderStaticOptions};
use mountpoint_s3_crt::common::allocator::Allocator;

use fuser::BackgroundSession;
use rand::{Rng, RngCore, SeedableRng};
@@ -150,7 +144,11 @@ fn disk_cache_write_read(key_suffix: &str, key_size: usize, object_size: usize)
}

#[tokio::test]
#[cfg(all(feature = "s3_tests", feature = "s3express_tests"))]
async fn express_cache_verify_fail_non_express() {
use mountpoint_s3_client::error::ObjectClientError;
use mountpoint_s3_client::S3RequestError::ResponseError;

let client = create_crt_client(CLIENT_PART_SIZE, CLIENT_PART_SIZE, Default::default());
let bucket_name = get_standard_bucket();
let cache_bucket_name = get_standard_bucket();
@@ -170,10 +168,19 @@ async fn express_cache_verify_fail_non_express() {
}

#[tokio::test]
#[cfg(all(feature = "s3_tests", feature = "s3express_tests"))]
async fn express_cache_verify_fail_forbidden() {
use crate::common::creds::get_scoped_down_credentials;
use mountpoint_s3_client::config::S3ClientAuthConfig;
use mountpoint_s3_client::error::ObjectClientError;
use mountpoint_s3_client::S3RequestError::CrtError;
use mountpoint_s3_crt::auth::credentials::{CredentialsProvider, CredentialsProviderStaticOptions};
use mountpoint_s3_crt::common::allocator::Allocator;

let bucket_name = get_standard_bucket();
let cache_bucket_name = get_express_bucket();

// No `s3express:CreateSession` in this policy, so we should get a forbidden error.
let policy = r#"{"Statement": [
vladem marked this conversation as resolved.
Show resolved Hide resolved
{"Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:AbortMultipartUpload"], "Resource": "arn:aws:s3:::__BUCKET__/*"},
{"Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::__BUCKET__"}

Unchanged files with check annotations Beta

use fuser::{Filesystem, Session};

Check warning on line 1 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused imports: `Filesystem` and `Session`

Check warning on line 1 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused imports: `Filesystem` and `Session`
use std::rc::Rc;

Check warning on line 2 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `std::rc::Rc`

Check warning on line 2 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `std::rc::Rc`
use std::thread;

Check warning on line 3 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `std::thread`

Check warning on line 3 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `std::thread`
use std::time::Duration;

Check warning on line 4 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `std::time::Duration`

Check warning on line 4 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `std::time::Duration`
use tempfile::TempDir;

Check warning on line 5 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `tempfile::TempDir`

Check warning on line 5 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (MacOS)

unused import: `tempfile::TempDir`
#[test]
#[cfg(target_os = "linux")]
fn unmount_no_send() {
// Rc to make this !Send
struct NoSendFS(Rc<()>);

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / S3 Express One Zone tests (Ubuntu x86, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / S3 Express One Zone tests (Ubuntu x86, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / Tests (Ubuntu x86, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / Tests (Ubuntu x86, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / S3 Express One Zone tests (Amazon Linux arm, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / S3 Express One Zone tests (Amazon Linux arm, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Check all targets

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / Tests (Amazon Linux arm, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / Tests (Amazon Linux arm, FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / S3 Express One Zone tests (Ubuntu x86, FUSE 3)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / S3 Express One Zone tests (Ubuntu x86, FUSE 3)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / Tests (Ubuntu x86, FUSE 3)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Integration / Tests (Ubuntu x86, FUSE 3)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (FUSE 2)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (FUSE 3)

field `0` is never read

Check warning on line 11 in vendor/fuser/tests/integration_tests.rs

GitHub Actions / Tests (FUSE 3)

field `0` is never read
impl Filesystem for NoSendFS {}
#[cfg(target_os = "macos")]
SetVolName(SetVolName<'a>),
#[cfg(target_os = "macos")]
GetXTimes(GetXTimes<'a>),

Check warning on line 1947 in vendor/fuser/src/ll/request.rs

GitHub Actions / Tests (MacOS)

field `0` is never read

Check warning on line 1947 in vendor/fuser/src/ll/request.rs

GitHub Actions / Tests (MacOS)

field `0` is never read
#[cfg(target_os = "macos")]
Exchange(Exchange<'a>),
name: &OsStr,
new_parent: u64,
new_name: &OsStr,
flags: u32,

Check warning on line 1098 in vendor/fuser/examples/simple.rs

GitHub Actions / Tests (MacOS)

unused variable: `flags`

Check warning on line 1098 in vendor/fuser/examples/simple.rs

GitHub Actions / Tests (MacOS)

unused variable: `flags`
reply: ReplyEmpty,
) {
let mut inode_attrs = match self.lookup_name(parent, name) {
}
}
fn get_groups(pid: u32) -> Vec<u32> {

Check warning on line 1924 in vendor/fuser/examples/simple.rs

GitHub Actions / Tests (MacOS)

unused variable: `pid`

Check warning on line 1924 in vendor/fuser/examples/simple.rs

GitHub Actions / Tests (MacOS)

unused variable: `pid`
#[cfg(not(target_os = "macos"))]
{
let path = format!("/proc/{pid}/task/{pid}/status");
enum RestorationOptions {
None,
RestoreAndWait,
RestoreInProgress,

Check warning on line 123 in mountpoint-s3/tests/fuse_tests/read_test.rs

GitHub Actions / Tests (FUSE 2)

variant `RestoreInProgress` is never constructed

Check warning on line 123 in mountpoint-s3/tests/fuse_tests/read_test.rs

GitHub Actions / Tests (FUSE 2)

variant `RestoreInProgress` is never constructed

Check warning on line 123 in mountpoint-s3/tests/fuse_tests/read_test.rs

GitHub Actions / Tests (FUSE 3)

variant `RestoreInProgress` is never constructed

Check warning on line 123 in mountpoint-s3/tests/fuse_tests/read_test.rs

GitHub Actions / Tests (FUSE 3)

variant `RestoreInProgress` is never constructed
}
#[cfg(not(feature = "s3express_tests"))]