From 5485422b21fb09ded6f0274521467d4ea1a18e20 Mon Sep 17 00:00:00 2001 From: Nick Pillitteri Date: Fri, 7 Jul 2023 09:59:12 -0400 Subject: [PATCH] Use patched version of Thanos objstore --- go.mod | 2 + go.sum | 5 ++- .../thanos-io/objstore/CHANGELOG.md | 3 ++ vendor/github.com/thanos-io/objstore/Makefile | 2 +- .../github.com/thanos-io/objstore/README.md | 40 +++++++++++++++++- vendor/github.com/thanos-io/objstore/inmem.go | 5 +++ .../github.com/thanos-io/objstore/objstore.go | 42 ++++++++++++++----- .../thanos-io/objstore/prefixed_bucket.go | 5 +++ .../objstore/providers/azure/azure.go | 5 +++ .../providers/filesystem/filesystem.go | 5 +++ .../thanos-io/objstore/providers/gcs/gcs.go | 5 +++ .../thanos-io/objstore/providers/s3/s3.go | 13 +++++- .../objstore/providers/swift/swift.go | 5 +++ .../github.com/thanos-io/objstore/testing.go | 4 ++ .../github.com/thanos-io/objstore/tracing.go | 4 ++ vendor/modules.txt | 3 +- 16 files changed, 130 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 1229c5393a6..ff1bf156747 100644 --- a/go.mod +++ b/go.mod @@ -270,3 +270,5 @@ replace github.com/munnerz/goautoneg => github.com/charleskorn/goautoneg v0.0.0- // Replace opentracing-contrib/go-stdlib with a fork until https://github.com/opentracing-contrib/go-stdlib/pull/68 is merged. replace github.com/opentracing-contrib/go-stdlib => github.com/grafana/opentracing-contrib-go-stdlib v0.0.0-20230509071955-f410e79da956 + +replace github.com/thanos-io/objstore => github.com/56quarters/objstore v0.0.0-20230706223159-32218870d09b diff --git a/go.sum b/go.sum index 93971eeace0..c7ebd54011b 100644 --- a/go.sum +++ b/go.sum @@ -395,6 +395,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/56quarters/objstore v0.0.0-20230706223159-32218870d09b h1:YaWc9Soyo4qjMqCW4Y/QvyNbGTeWktuqj6wdPnxq2Lk= +github.com/56quarters/objstore v0.0.0-20230706223159-32218870d09b/go.mod h1:5V7lzXuaxwt6XFQoA/zJrhdnQrxq1+r0bwQ1iYOq3gM= github.com/Azure/azure-sdk-for-go v67.2.0+incompatible h1:Uu/Ww6ernvPTrpq31kITVTIm/I5jlJ1wjtEH/bmSB2k= github.com/Azure/azure-sdk-for-go v67.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk= @@ -951,6 +953,7 @@ github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfE github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= github.com/hetznercloud/hcloud-go v1.47.0 h1:WMZDwLPtMZwOLWIgERHrrrTzRFdHx0hTygYVQ4VWHW4= +github.com/huaweicloud/huaweicloud-sdk-go-obs v3.23.3+incompatible h1:tKTaPHNVwikS3I1rdyf1INNvgJXWSf/+TzqsiGbrgnQ= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -1252,8 +1255,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/tencentyun/cos-go-sdk-v5 v0.7.40 h1:W6vDGKCHe4wBACI1d2UgE6+50sJFhRWU4O8IB2ozzxM= -github.com/thanos-io/objstore v0.0.0-20230201072718-11ffbc490204 h1:W4w5Iph7j32Sf1QFWLJDCqvO0WgZS0jHGID+qnq3wV0= -github.com/thanos-io/objstore v0.0.0-20230201072718-11ffbc490204/go.mod h1:STSgpY8M6EKF2G/raUFdbIMf2U9GgYlEjAEHJxjvpAo= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= diff --git a/vendor/github.com/thanos-io/objstore/CHANGELOG.md b/vendor/github.com/thanos-io/objstore/CHANGELOG.md index 39c0f77fa3f..270f6d4f029 100644 --- a/vendor/github.com/thanos-io/objstore/CHANGELOG.md +++ b/vendor/github.com/thanos-io/objstore/CHANGELOG.md @@ -20,6 +20,9 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re - [#32](https://github.com/thanos-io/objstore/pull/32) Swift: Support authentication using application credentials. - [#41](https://github.com/thanos-io/objstore/pull/41) S3: Support S3 session token. - [#43](https://github.com/thanos-io/objstore/pull/43) filesystem: abort filesystem bucket operations if the context has been cancelled +- [#44](https://github.com/thanos-io/objstore/pull/44) Add new metric to count total number of fetched bytes from bucket +- [#50](https://github.com/thanos-io/objstore/pull/50) Add Huawei Cloud OBS Object Storage Support +- [#59](https://github.com/thanos-io/objstore/pull/59) Adding method `IsCustomerManagedKeyError` on the bucket interface. ### Changed - [#38](https://github.com/thanos-io/objstore/pull/38) *: Upgrade minio-go version to `v7.0.45`. diff --git a/vendor/github.com/thanos-io/objstore/Makefile b/vendor/github.com/thanos-io/objstore/Makefile index 72d88f6b8c4..09fd0d3ea8d 100644 --- a/vendor/github.com/thanos-io/objstore/Makefile +++ b/vendor/github.com/thanos-io/objstore/Makefile @@ -5,7 +5,7 @@ MDOX_VALIDATE_CONFIG ?= .mdox.validate.yaml .PHONY: test-local test-local: - THANOS_TEST_OBJSTORE_SKIP=GCS,S3,AZURE,SWIFT,COS,ALIYUNOSS,BOS,OCI $(MAKE) test + THANOS_TEST_OBJSTORE_SKIP=GCS,S3,AZURE,SWIFT,COS,ALIYUNOSS,BOS,OCI,OBS $(MAKE) test .PHONY: test test: diff --git a/vendor/github.com/thanos-io/objstore/README.md b/vendor/github.com/thanos-io/objstore/README.md index 3ee3c37570e..5cf090e3a4e 100644 --- a/vendor/github.com/thanos-io/objstore/README.md +++ b/vendor/github.com/thanos-io/objstore/README.md @@ -128,6 +128,7 @@ Current object storage client implementations: | [Baidu BOS](#baidu-bos) | Beta | Production Usage | no | @yahaa | | [Local Filesystem](#filesystem) | Stable | Testing and Demo only | yes | @bwplotka | | [Oracle Cloud Infrastructure Object Storage](#oracle-cloud-infrastructure-object-storage) | Beta | Production Usage | yes | @aarontams,@gaurav-05,@ericrrath | +| [HuaweiCloud OBS](#huaweicloud-obs) | Beta | Production Usage | no | @setoru | **Missing support to some object storage?** Check out [how to add your client section](#how-to-add-a-new-client-to-thanos) @@ -289,7 +290,7 @@ Example working AWS IAM policy for user: To test the policy, set env vars for S3 access for *empty, not used* bucket as well as: ``` -THANOS_TEST_OBJSTORE_SKIP=GCS,AZURE,SWIFT,COS,ALIYUNOSS,OCI +THANOS_TEST_OBJSTORE_SKIP=GCS,AZURE,SWIFT,COS,ALIYUNOSS,OCI,OBS THANOS_ALLOW_EXISTING_BUCKET_USE=true ``` @@ -323,7 +324,7 @@ We need access to CreateBucket and DeleteBucket and access to all buckets: } ``` -With this policy you should be able to run set `THANOS_TEST_OBJSTORE_SKIP=GCS,AZURE,SWIFT,COS,ALIYUNOSS,OCI` and unset `S3_BUCKET` and run all tests using `make test`. +With this policy you should be able to run set `THANOS_TEST_OBJSTORE_SKIP=GCS,AZURE,SWIFT,COS,ALIYUNOSS,OCI,OBS` and unset `S3_BUCKET` and run all tests using `make test`. Details about AWS policies: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html @@ -640,6 +641,41 @@ config: You can also include any of the optional configuration just like the example in `Default Provider`. +##### HuaweiCloud OBS + +To use HuaweiCloud OBS as an object store, you should apply for a HuaweiCloud Account to create an object storage bucket at first. +More details: [HuaweiCloud OBS](https://support.huaweicloud.com/obs/index.html) + +To configure HuaweiCloud Account to use OBS as storage store you need to set these parameters in YAML format stored in a file: + +```yaml mdox-exec="go run scripts/cfggen/main.go --name=cos.Config" +type: OBS +config: + bucket: "" + endpoint: "" + access_key: "" + secret_key: "" + http_config: + idle_conn_timeout: 1m30s + response_header_timeout: 2m + insecure_skip_verify: false + tls_handshake_timeout: 10s + expect_continue_timeout: 1s + max_idle_conns: 100 + max_idle_conns_per_host: 100 + max_conns_per_host: 0 + tls_config: + ca_file: "" + cert_file: "" + key_file: "" + server_name: "" + insecure_skip_verify: false + disable_compression: false +prefix: "" +``` + +The `access_key` and `secret_key` field is required. The `http_config` field is optional for optimize HTTP transport settings. + #### How to add a new client to Thanos? Following checklist allows adding new Go code client to supported providers: diff --git a/vendor/github.com/thanos-io/objstore/inmem.go b/vendor/github.com/thanos-io/objstore/inmem.go index ac36e7f469f..aee4aec6cfa 100644 --- a/vendor/github.com/thanos-io/objstore/inmem.go +++ b/vendor/github.com/thanos-io/objstore/inmem.go @@ -207,6 +207,11 @@ func (b *InMemBucket) IsObjNotFoundErr(err error) bool { return errors.Is(err, errNotFound) } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (b *InMemBucket) IsCustomerManagedKeyError(_ error) bool { + return false +} + func (b *InMemBucket) Close() error { return nil } // Name returns the bucket name. diff --git a/vendor/github.com/thanos-io/objstore/objstore.go b/vendor/github.com/thanos-io/objstore/objstore.go index 8e0701abc2e..fb9b0bac8d0 100644 --- a/vendor/github.com/thanos-io/objstore/objstore.go +++ b/vendor/github.com/thanos-io/objstore/objstore.go @@ -45,7 +45,7 @@ type Bucket interface { Upload(ctx context.Context, name string, r io.Reader) error // Delete removes the object with the given name. - // If object does not exists in the moment of deletion, Delete should throw error. + // If object does not exist in the moment of deletion, Delete should throw error. Delete(ctx context.Context, name string) error // Name returns the bucket name for the provider. @@ -57,11 +57,11 @@ type InstrumentedBucket interface { Bucket // WithExpectedErrs allows to specify a filter that marks certain errors as expected, so it will not increment - // thanos_objstore_bucket_operation_failures_total metric. + // objstore_bucket_operation_failures_total metric. WithExpectedErrs(IsOpFailureExpectedFunc) Bucket // ReaderWithExpectedErrs allows to specify a filter that marks certain errors as expected, so it will not increment - // thanos_objstore_bucket_operation_failures_total metric. + // objstore_bucket_operation_failures_total metric. // TODO(bwplotka): Remove this when moved to Go 1.14 and replace with InstrumentedBucketReader. ReaderWithExpectedErrs(IsOpFailureExpectedFunc) BucketReader } @@ -85,6 +85,9 @@ type BucketReader interface { // IsObjNotFoundErr returns true if error means that object is not found. Relevant to Get operations. IsObjNotFoundErr(err error) bool + // IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. + IsCustomerManagedKeyError(err error) bool + // Attributes returns information about the specified object. Attributes(ctx context.Context, name string) (ObjectAttributes, error) } @@ -94,7 +97,7 @@ type InstrumentedBucketReader interface { BucketReader // ReaderWithExpectedErrs allows to specify a filter that marks certain errors as expected, so it will not increment - // thanos_objstore_bucket_operation_failures_total metric. + // objstore_bucket_operation_failures_total metric. ReaderWithExpectedErrs(IsOpFailureExpectedFunc) BucketReader } @@ -392,7 +395,7 @@ func DownloadDir(ctx context.Context, logger log.Logger, bkt BucketReader, origi return nil } -// IsOpFailureExpectedFunc allows to mark certain errors as expected, so they will not increment thanos_objstore_bucket_operation_failures_total metric. +// IsOpFailureExpectedFunc allows to mark certain errors as expected, so they will not increment objstore_bucket_operation_failures_total metric. type IsOpFailureExpectedFunc func(error) bool var _ InstrumentedBucket = &metricBucket{} @@ -404,26 +407,32 @@ func BucketWithMetrics(name string, b Bucket, reg prometheus.Registerer) *metric bkt: b, isOpFailureExpected: func(err error) bool { return false }, ops: promauto.With(reg).NewCounterVec(prometheus.CounterOpts{ - Name: "thanos_objstore_bucket_operations_total", + Name: "objstore_bucket_operations_total", Help: "Total number of all attempted operations against a bucket.", ConstLabels: prometheus.Labels{"bucket": name}, }, []string{"operation"}), opsFailures: promauto.With(reg).NewCounterVec(prometheus.CounterOpts{ - Name: "thanos_objstore_bucket_operation_failures_total", + Name: "objstore_bucket_operation_failures_total", Help: "Total number of operations against a bucket that failed, but were not expected to fail in certain way from caller perspective. Those errors have to be investigated.", ConstLabels: prometheus.Labels{"bucket": name}, }, []string{"operation"}), + opsFetchedBytes: promauto.With(reg).NewCounterVec(prometheus.CounterOpts{ + Name: "objstore_bucket_operation_fetched_bytes_total", + Help: "Total number of bytes fetched from bucket, per operation.", + ConstLabels: prometheus.Labels{"bucket": name}, + }, []string{"operation"}), + opsDuration: promauto.With(reg).NewHistogramVec(prometheus.HistogramOpts{ - Name: "thanos_objstore_bucket_operation_duration_seconds", + Name: "objstore_bucket_operation_duration_seconds", Help: "Duration of successful operations against the bucket", ConstLabels: prometheus.Labels{"bucket": name}, Buckets: []float64{0.001, 0.01, 0.1, 0.3, 0.6, 1, 3, 6, 9, 20, 30, 60, 90, 120}, }, []string{"operation"}), lastSuccessfulUploadTime: promauto.With(reg).NewGaugeVec(prometheus.GaugeOpts{ - Name: "thanos_objstore_bucket_last_successful_upload_time", + Name: "objstore_bucket_last_successful_upload_time", Help: "Second timestamp of the last successful upload to the bucket.", }, []string{"bucket"}), } @@ -439,6 +448,7 @@ func BucketWithMetrics(name string, b Bucket, reg prometheus.Registerer) *metric bkt.ops.WithLabelValues(op) bkt.opsFailures.WithLabelValues(op) bkt.opsDuration.WithLabelValues(op) + bkt.opsFetchedBytes.WithLabelValues(op) } bkt.lastSuccessfulUploadTime.WithLabelValues(b.Name()) return bkt @@ -451,6 +461,8 @@ type metricBucket struct { opsFailures *prometheus.CounterVec isOpFailureExpected IsOpFailureExpectedFunc + opsFetchedBytes *prometheus.CounterVec + opsDuration *prometheus.HistogramVec lastSuccessfulUploadTime *prometheus.GaugeVec } @@ -460,6 +472,7 @@ func (b *metricBucket) WithExpectedErrs(fn IsOpFailureExpectedFunc) Bucket { bkt: b.bkt, ops: b.ops, opsFailures: b.opsFailures, + opsFetchedBytes: b.opsFetchedBytes, isOpFailureExpected: fn, opsDuration: b.opsDuration, lastSuccessfulUploadTime: b.lastSuccessfulUploadTime, @@ -516,6 +529,7 @@ func (b *metricBucket) Get(ctx context.Context, name string) (io.ReadCloser, err b.opsDuration, b.opsFailures, b.isOpFailureExpected, + b.opsFetchedBytes, ), nil } @@ -536,6 +550,7 @@ func (b *metricBucket) GetRange(ctx context.Context, name string, off, length in b.opsDuration, b.opsFailures, b.isOpFailureExpected, + b.opsFetchedBytes, ), nil } @@ -591,6 +606,10 @@ func (b *metricBucket) IsObjNotFoundErr(err error) bool { return b.bkt.IsObjNotFoundErr(err) } +func (b *metricBucket) IsCustomerManagedKeyError(err error) bool { + return b.bkt.IsCustomerManagedKeyError(err) +} + func (b *metricBucket) Close() error { return b.bkt.Close() } @@ -611,9 +630,10 @@ type timingReadCloser struct { duration *prometheus.HistogramVec failed *prometheus.CounterVec isFailureExpected IsOpFailureExpectedFunc + fetchedBytes *prometheus.CounterVec } -func newTimingReadCloser(rc io.ReadCloser, op string, dur *prometheus.HistogramVec, failed *prometheus.CounterVec, isFailureExpected IsOpFailureExpectedFunc) *timingReadCloser { +func newTimingReadCloser(rc io.ReadCloser, op string, dur *prometheus.HistogramVec, failed *prometheus.CounterVec, isFailureExpected IsOpFailureExpectedFunc, fetchedBytes *prometheus.CounterVec) *timingReadCloser { // Initialize the metrics with 0. dur.WithLabelValues(op) failed.WithLabelValues(op) @@ -627,6 +647,7 @@ func newTimingReadCloser(rc io.ReadCloser, op string, dur *prometheus.HistogramV duration: dur, failed: failed, isFailureExpected: isFailureExpected, + fetchedBytes: fetchedBytes, } } @@ -648,6 +669,7 @@ func (rc *timingReadCloser) Close() error { func (rc *timingReadCloser) Read(b []byte) (n int, err error) { n, err = rc.ReadCloser.Read(b) + rc.fetchedBytes.WithLabelValues(rc.op).Add(float64(n)) // Report metric just once. if !rc.alreadyGotErr && err != nil && err != io.EOF { if !rc.isFailureExpected(err) { diff --git a/vendor/github.com/thanos-io/objstore/prefixed_bucket.go b/vendor/github.com/thanos-io/objstore/prefixed_bucket.go index 130f14d439d..41448011729 100644 --- a/vendor/github.com/thanos-io/objstore/prefixed_bucket.go +++ b/vendor/github.com/thanos-io/objstore/prefixed_bucket.go @@ -74,6 +74,11 @@ func (p *PrefixedBucket) IsObjNotFoundErr(err error) bool { return p.bkt.IsObjNotFoundErr(err) } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (p *PrefixedBucket) IsCustomerManagedKeyError(err error) bool { + return p.bkt.IsCustomerManagedKeyError(err) +} + // Attributes returns information about the specified object. func (p PrefixedBucket) Attributes(ctx context.Context, name string) (ObjectAttributes, error) { return p.bkt.Attributes(ctx, conditionalPrefix(p.prefix, name)) diff --git a/vendor/github.com/thanos-io/objstore/providers/azure/azure.go b/vendor/github.com/thanos-io/objstore/providers/azure/azure.go index 23e66169db6..a5f41ed1769 100644 --- a/vendor/github.com/thanos-io/objstore/providers/azure/azure.go +++ b/vendor/github.com/thanos-io/objstore/providers/azure/azure.go @@ -235,6 +235,11 @@ func (b *Bucket) IsObjNotFoundErr(err error) bool { return bloberror.HasCode(err, bloberror.BlobNotFound) || bloberror.HasCode(err, bloberror.InvalidURI) } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (b *Bucket) IsCustomerManagedKeyError(_ error) bool { + return false +} + func (b *Bucket) getBlobReader(ctx context.Context, name string, httpRange blob.HTTPRange) (io.ReadCloser, error) { level.Debug(b.logger).Log("msg", "getting blob", "blob", name, "offset", httpRange.Offset, "length", httpRange.Count) if name == "" { diff --git a/vendor/github.com/thanos-io/objstore/providers/filesystem/filesystem.go b/vendor/github.com/thanos-io/objstore/providers/filesystem/filesystem.go index 3206b91e717..8ccd33b10f6 100644 --- a/vendor/github.com/thanos-io/objstore/providers/filesystem/filesystem.go +++ b/vendor/github.com/thanos-io/objstore/providers/filesystem/filesystem.go @@ -258,6 +258,11 @@ func (b *Bucket) IsObjNotFoundErr(err error) bool { return os.IsNotExist(errors.Cause(err)) } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (b *Bucket) IsCustomerManagedKeyError(_ error) bool { + return false +} + func (b *Bucket) Close() error { return nil } // Name returns the bucket name. diff --git a/vendor/github.com/thanos-io/objstore/providers/gcs/gcs.go b/vendor/github.com/thanos-io/objstore/providers/gcs/gcs.go index 947e641a30f..8b107c83d82 100644 --- a/vendor/github.com/thanos-io/objstore/providers/gcs/gcs.go +++ b/vendor/github.com/thanos-io/objstore/providers/gcs/gcs.go @@ -188,6 +188,11 @@ func (b *Bucket) IsObjNotFoundErr(err error) bool { return errors.Is(err, storage.ErrObjectNotExist) } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (b *Bucket) IsCustomerManagedKeyError(_ error) bool { + return false +} + func (b *Bucket) Close() error { return b.closer.Close() } diff --git a/vendor/github.com/thanos-io/objstore/providers/s3/s3.go b/vendor/github.com/thanos-io/objstore/providers/s3/s3.go index 729ee7eb6de..337bd0d8127 100644 --- a/vendor/github.com/thanos-io/objstore/providers/s3/s3.go +++ b/vendor/github.com/thanos-io/objstore/providers/s3/s3.go @@ -98,6 +98,9 @@ const ( // Storage class header. amzStorageClass = "X-Amz-Storage-Class" + + // amzKmsKeyAccessDeniedErrorMessage is the error message returned by s3 when the permissions to the KMS key is revoked. + amzKmsKeyAccessDeniedErrorMessage = "The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access." ) var DefaultConfig = Config{ @@ -144,7 +147,7 @@ type Config struct { } // SSEConfig deals with the configuration of SSE for Minio. The following options are valid: -// kmsencryptioncontext == https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html#s3-encryption-context +// KMSEncryptionContext == https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html#s3-encryption-context type SSEConfig struct { Type string `yaml:"type"` KMSKeyID string `yaml:"kms_key_id"` @@ -415,7 +418,7 @@ func (b *Bucket) Iter(ctx context.Context, dir string, f func(string) error, opt } } - return nil + return ctx.Err() } func (b *Bucket) getRange(ctx context.Context, name string, off, length int64) (io.ReadCloser, error) { @@ -538,6 +541,12 @@ func (b *Bucket) IsObjNotFoundErr(err error) bool { return minio.ToErrorResponse(errors.Cause(err)).Code == "NoSuchKey" } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (b *Bucket) IsCustomerManagedKeyError(err error) bool { + errResponse := minio.ToErrorResponse(errors.Cause(err)) + return errResponse.Code == "AccessDenied" && errResponse.Message == amzKmsKeyAccessDeniedErrorMessage +} + func (b *Bucket) Close() error { return nil } // getServerSideEncryption returns the SSE to use. diff --git a/vendor/github.com/thanos-io/objstore/providers/swift/swift.go b/vendor/github.com/thanos-io/objstore/providers/swift/swift.go index f30c655dc74..c24d03fd2d5 100644 --- a/vendor/github.com/thanos-io/objstore/providers/swift/swift.go +++ b/vendor/github.com/thanos-io/objstore/providers/swift/swift.go @@ -290,6 +290,11 @@ func (c *Container) IsObjNotFoundErr(err error) bool { return errors.Is(err, swift.ObjectNotFound) } +// IsCustomerManagedKeyError returns true if the permissions for key used to encrypt the object was revoked. +func (b *Container) IsCustomerManagedKeyError(_ error) bool { + return false +} + // Upload writes the contents of the reader as an object into the container. func (c *Container) Upload(_ context.Context, name string, r io.Reader) (err error) { size, err := objstore.TryToGetSize(r) diff --git a/vendor/github.com/thanos-io/objstore/testing.go b/vendor/github.com/thanos-io/objstore/testing.go index d750142af1d..4e41b278825 100644 --- a/vendor/github.com/thanos-io/objstore/testing.go +++ b/vendor/github.com/thanos-io/objstore/testing.go @@ -308,3 +308,7 @@ func (d *delayingBucket) IsObjNotFoundErr(err error) bool { // No delay for a local operation. return d.bkt.IsObjNotFoundErr(err) } + +func (d *delayingBucket) IsCustomerManagedKeyError(err error) bool { + return d.bkt.IsCustomerManagedKeyError(err) +} diff --git a/vendor/github.com/thanos-io/objstore/tracing.go b/vendor/github.com/thanos-io/objstore/tracing.go index 56f18ebead8..9f09df668e7 100644 --- a/vendor/github.com/thanos-io/objstore/tracing.go +++ b/vendor/github.com/thanos-io/objstore/tracing.go @@ -101,6 +101,10 @@ func (t TracingBucket) IsObjNotFoundErr(err error) bool { return t.bkt.IsObjNotFoundErr(err) } +func (t TracingBucket) IsCustomerManagedKeyError(err error) bool { + return t.bkt.IsCustomerManagedKeyError(err) +} + func (t TracingBucket) WithExpectedErrs(expectedFunc IsOpFailureExpectedFunc) Bucket { if ib, ok := t.bkt.(InstrumentedBucket); ok { return TracingBucket{bkt: ib.WithExpectedErrs(expectedFunc)} diff --git a/vendor/modules.txt b/vendor/modules.txt index e2abc7625f4..2c862306aa8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -982,7 +982,7 @@ github.com/stretchr/objx github.com/stretchr/testify/assert github.com/stretchr/testify/mock github.com/stretchr/testify/require -# github.com/thanos-io/objstore v0.0.0-20230201072718-11ffbc490204 +# github.com/thanos-io/objstore v0.0.0-20230201072718-11ffbc490204 => github.com/56quarters/objstore v0.0.0-20230706223159-32218870d09b ## explicit; go 1.18 github.com/thanos-io/objstore github.com/thanos-io/objstore/exthttp @@ -1480,3 +1480,4 @@ sigs.k8s.io/yaml # github.com/grafana/regexp => github.com/grafana/regexp v0.0.0-20221005093135-b4c2bcb0a4b6 # github.com/munnerz/goautoneg => github.com/charleskorn/goautoneg v0.0.0-20230303030534-7248a2f4c9cc # github.com/opentracing-contrib/go-stdlib => github.com/grafana/opentracing-contrib-go-stdlib v0.0.0-20230509071955-f410e79da956 +# github.com/thanos-io/objstore => github.com/56quarters/objstore v0.0.0-20230706223159-32218870d09b