refactor KES API and internals #403
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
**Description:**
This commit introduces a series of significant changes to various
components within the KES project. Among other things it:
1. Exposes a top-level library API for running and customizing
KES servers.
2. Improves logging by using structured logging (`log/slog`).
3. Removes unused code
4. Introduces a KES-specific framework for handling HTTP requests
(`internal/api`).
5. Stabilizes the KES API and prepares the introduction of
protobuf as serialization format (in addition to JSON).
However, this commit does not refactor the `kv` package or
the KES config file handling. While still required, this will
be done in a separate commit.
**Performance**
A lot of effort has gone into designing and implementing an efficient
KES library API. Since majority of KES operations are read-only,
accessing a policy, encrypting a message, a.s.o., it can leverage and
benefit from lock-free concurrency primitives. Hence, the `Server`
type tries to avoid blocking on `sync.{RW}Mutex` as much as possible
and instead uses atomic primitives, like `atomic.Pointer`.
Further, the logging framework has been completely reworked to use
structured logging using the `log/slog` standard library package.
Now, error log messages are only generated when required (based on
log levels). The audit logging framework (`AuditHandler` and
`AuditRecord` type) works similar to the `slog` package and is also
designed to be efficient.
**Readability**
The new `internal/api` package provides a small KES-specific framework
for defining HTTP APIs and handling request. It tries to provide
composable primitives to build HTTP APIs that are efficient, secure
and easy to reason about. It provides a specific `Request` type that
represents an authenticated HTTP request. This allows to separate
buisness logic (e.g. handling a key creation request) from timeout
handling, authentication, etc.
Further, this commit tries to add more expressive documentation
describing the intent.
**Versioning**
The KES library package will follow semantic versioning, like any
other Go module. However, the KES server command and CLI (`cmd/kes`)
will continue to use the rolling release timestamp versioning.
A KES library release can be tagged independently from the KES
CLI and vice versa. Users of the KES package will be able to
import like any other Go module: `import "github.com/minio/[email protected]"`.
Signed-off-by: Andreas Auernhammer <[email protected]>
We need to check that the added `io.Writer` is not nil. Signed-off-by: Andreas Auernhammer <[email protected]>
variable s is initialize on all execution paths, so we might as well just initialize it at the start of the function Signed-off-by: Sveinn <[email protected]>
zveinn
previously approved these changes
Oct 24, 2023
shtripat
previously approved these changes
Oct 24, 2023
Signed-off-by: Andreas Auernhammer <[email protected]>
shtripat
approved these changes
Oct 24, 2023
zveinn
approved these changes
Oct 24, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This commit introduces a series of significant changes to various components within the KES project. Among other things it:
log/slog).internal/api).However, this commit does not refactor the
kvpackage or the KES config file handling. While still required, this will be done in a separate commit.Performance
A lot of effort has gone into designing and implementing an efficient KES library API. Since majority of KES operations are read-only, accessing a policy, encrypting a message, a.s.o., it can leverage and benefit from lock-free concurrency primitives. Hence, the
Servertype tries to avoid blocking onsync.{RW}Mutexas much as possible and instead uses atomic primitives, likeatomic.Pointer.Further, the logging framework has been completely reworked to use structured logging using the
log/slogstandard library package. Now, error log messages are only generated when required (based on log levels). The audit logging framework (AuditHandlerandAuditRecordtype) works similar to theslogpackage and is also designed to be efficient.Readability
The new
internal/apipackage provides a small KES-specific framework for defining HTTP APIs and handling request. It tries to provide composable primitives to build HTTP APIs that are efficient, secure and easy to reason about. It provides a specificRequesttype that represents an authenticated HTTP request. This allows to separate buisness logic (e.g. handling a key creation request) from timeout handling, authentication, etc.Further, this commit tries to add more expressive documentation describing the intent.
Versioning
The KES library package will follow semantic versioning, like any other Go module. However, the KES server command and CLI (
cmd/kes) will continue to use the rolling release timestamp versioning. A KES library release can be tagged independently from the KES CLI and vice versa. Users of the KES package will be able to import like any other Go module:import "github.com/minio/[email protected]".