Skip to content

Commit

Permalink
Merge pull request #7368 from jackyalbo/jacky_5.12
Browse files Browse the repository at this point in the history
[Backport to 5.12] perf issues: read_account + check_miss revert
  • Loading branch information
nimrod-becker authored Jun 29, 2023
2 parents 6aed430 + 4d6b364 commit 61d0de4
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 17 deletions.
3 changes: 2 additions & 1 deletion src/endpoint/s3/s3_rest.js
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,7 @@ function authenticate_request(req) {
}

async function authorize_request(req) {
await req.object_sdk.load_requesting_account(req);
await Promise.all([
req.object_sdk.authorize_request_account(req),
// authorize_request_policy(req) is supposed to
Expand All @@ -215,7 +216,7 @@ async function authorize_request_policy(req) {
return;
}

const account = await req.object_sdk.rpc_client.account.read_account({});
const account = req.object_sdk.requesting_account;
const is_system_owner = account.email.unwrap() === system_owner.unwrap();

// @TODO: System owner as a construct should be removed - Temporary
Expand Down
39 changes: 23 additions & 16 deletions src/sdk/object_sdk.js
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ class ObjectSDK {
}

async read_bucket_sdk_policy_info(name) {
const { bucket } = await bucket_namespace_cache.get_with_cache({ sdk: this, name }, 'cache_miss');
const { bucket } = await bucket_namespace_cache.get_with_cache({ sdk: this, name });
const policy_info = {
s3_policy: bucket.s3_policy,
system_owner: bucket.system_owner,
Expand All @@ -169,27 +169,34 @@ class ObjectSDK {
return this._setup_bucket_namespace(bucket);
}

async load_requesting_account(req) {
try {
const token = this.get_auth_token();
if (!token) return;
this.requesting_account = await account_cache.get_with_cache({
rpc_client: this.internal_rpc_client,
access_key: token.access_key,
});
} catch (error) {
dbg.error('authorize_request_account error:', error);
if (error.rpc_code && error.rpc_code === 'NO_SUCH_ACCOUNT') {
throw new RpcError('INVALID_ACCESS_KEY_ID', `Account with access_key not found`);
} else {
throw error;
}
}
}

async authorize_request_account(req) {
const { bucket } = req.params;
const token = this.get_auth_token();
// If the request is signed (authenticated)
if (token) {
try {
this.requesting_account = await account_cache.get_with_cache({
rpc_client: this.internal_rpc_client,
access_key: token.access_key
});
} catch (error) {
dbg.error('authorize_request_account error:', error);
if (error.rpc_code && error.rpc_code === 'NO_SUCH_ACCOUNT') {
throw new RpcError('INVALID_ACCESS_KEY_ID', `Account with access_key not found`);
} else {
throw error;
}
const signature_secret = token.temp_secret_key || this.requesting_account?.access_keys?.[0]?.secret_key?.unwrap();
if (signature_secret) {
const signature = signature_utils.get_signature_from_auth_token(token, signature_secret);
if (token.signature !== signature) throw new RpcError('SIGNATURE_DOES_NOT_MATCH', `Signature that was calculated did not match`);
}
const signature_secret = token.temp_secret_key || this.requesting_account.access_keys[0].secret_key.unwrap();
const signature = signature_utils.get_signature_from_auth_token(token, signature_secret);
if (token.signature !== signature) throw new RpcError('SIGNATURE_DOES_NOT_MATCH', `Signature that was calculated did not match`);
}
// check for a specific bucket
if (bucket && req.op_name !== 'put_bucket') {
Expand Down
1 change: 1 addition & 0 deletions src/test/unit_tests/coretest.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ require('../../util/fips');
const config = require('../../../config.js');
config.test_mode = true;
config.NODES_FREE_SPACE_RESERVE = 10 * 1024 * 1024;
config.OBJECT_SDK_BUCKET_CACHE_EXPIRY_MS = 1;

const dbg = require('../../util/debug_module')(__filename);
const dbg_level =
Expand Down

0 comments on commit 61d0de4

Please sign in to comment.