Skip to content

Commit 800ce54

Browse files
committed
Merge branch 'improvement/ARSN-573-drop-ceph-support' into q/8.4
2 parents 14debd9 + b56f378 commit 800ce54

2 files changed

Lines changed: 122 additions & 40 deletions

File tree

lib/patches/locationConstraints.ts

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,10 @@ import { URL } from 'url';
22
import { decryptSecret } from '../executables/pensieveCreds/utils';
33
import { Logger } from 'werelogs';
44

5-
const CI_CEPH = process.env.CI_CEPH;
6-
75
export type LocationType =
86
| 'location-mem-v1'
97
| 'location-file-v1'
108
| 'location-azure-v1'
11-
| 'location-ceph-radosgw-s3-v1'
129
| 'location-scality-ring-s3-v1'
1310
| 'location-aws-s3-v1'
1411
| 'location-wasabi-v1'
@@ -49,6 +46,17 @@ export type Location = {
4946
legacyAwsBehavior: boolean;
5047
};
5148

49+
function isUnsupportedCephEndpoint(endpoint: unknown): boolean {
50+
if (typeof endpoint !== 'string' || endpoint.length === 0) {
51+
return false;
52+
}
53+
54+
const normalized = endpoint.toLowerCase();
55+
return /(?:^|[^a-z0-9])(ceph|radosgw|rgw)(?:[^a-z0-9]|$)/.test(
56+
normalized
57+
);
58+
}
59+
5260
export function patchLocations(
5361
overlayLocations: OverlayLocations | undefined | null,
5462
creds: any,
@@ -68,7 +76,7 @@ export function patchLocations(
6876
legacyAwsBehavior: Boolean(l.legacyAwsBehavior),
6977
};
7078
let supportsVersioning = false;
71-
let pathStyle = CI_CEPH !== undefined;
79+
let pathStyle = false;
7280

7381
switch (l.locationType) {
7482
case 'location-mem-v1':
@@ -94,13 +102,22 @@ export function patchLocations(
94102
};
95103
}
96104
break;
97-
case 'location-ceph-radosgw-s3-v1':
98105
case 'location-scality-ring-s3-v1':
99106
pathStyle = true; // fallthrough
100107
case 'location-aws-s3-v1':
101108
case 'location-wasabi-v1':
102109
supportsVersioning = true; // fallthrough
103110
case 'location-do-spaces-v1':
111+
// Ceph support is deprecated/removed from Arsenal.
112+
// Keeping this guard to prevent implicit compatibility through
113+
// generic S3-compatible location types.
114+
if (isUnsupportedCephEndpoint(l.details?.endpoint)) {
115+
log.warn('deprecated ceph endpoint rejected for location type', {
116+
locationType: l.locationType,
117+
endpoint: l.details?.endpoint,
118+
});
119+
return acc;
120+
}
104121
location.type = 'aws_s3';
105122
if (l.details.secretKey && l.details.secretKey.length > 0) {
106123
let https = true;

tests/unit/patches/locationConstraints.spec.js

Lines changed: 100 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -201,41 +201,6 @@ const tests = [
201201
objectId: 'httpsawsbackendtest',
202202
},
203203
},
204-
{
205-
locationType: 'location-ceph-radosgw-s3-v1',
206-
locations: {
207-
objectId: 'cephbackendtest',
208-
details: {
209-
bucketMatch: 'cephbucketmatch',
210-
endpoint: 'https://secure.ceph.end.point',
211-
accessKey: 'cephs3accesskey',
212-
secretKey,
213-
bucketName: 'cephbucketname',
214-
region: 'us-west-1',
215-
},
216-
},
217-
expected: {
218-
details: {
219-
awsEndpoint: 'secure.ceph.end.point',
220-
bucketMatch: 'cephbucketmatch',
221-
bucketName: 'cephbucketname',
222-
credentials: {
223-
accessKey: 'cephs3accesskey',
224-
secretKey: decryptedSecretKey,
225-
},
226-
https: true,
227-
pathStyle: true,
228-
region: 'us-west-1',
229-
serverSideEncryption: false,
230-
supportsVersioning: true,
231-
},
232-
legacyAwsBehavior: false,
233-
isTransient: false,
234-
sizeLimitGB: null,
235-
type: 'aws_s3',
236-
objectId: 'cephbackendtest',
237-
},
238-
},
239204
{
240205
name: 'transient enabled',
241206
locationType: 'location-file-v1',
@@ -295,6 +260,7 @@ const tests = [
295260
describe('patch location constriants', () => {
296261
const mockLog = {
297262
info: () => {},
263+
warn: () => {},
298264
};
299265

300266
tests.forEach(spec => {
@@ -350,4 +316,103 @@ describe('patch location constriants', () => {
350316
{},
351317
);
352318
});
319+
320+
it('rejects ceph endpoint on aws location type', () => {
321+
assert.deepStrictEqual(
322+
patchLocations(
323+
{
324+
cephAws: {
325+
name: 'cephAws',
326+
objectId: 'ceph-aws-test',
327+
locationType: 'location-aws-s3-v1',
328+
details: {
329+
endpoint: 'https://secure.ceph.end.point',
330+
accessKey,
331+
secretKey,
332+
bucketName: 'bucket',
333+
bucketMatch: true,
334+
region: 'us-east-1',
335+
},
336+
},
337+
},
338+
{ privateKey },
339+
mockLog,
340+
),
341+
{},
342+
);
343+
});
344+
345+
it('rejects radosgw endpoint on aws location type', () => {
346+
assert.deepStrictEqual(
347+
patchLocations(
348+
{
349+
rgwAws: {
350+
name: 'rgwAws',
351+
objectId: 'rgw-aws-test',
352+
locationType: 'location-aws-s3-v1',
353+
details: {
354+
endpoint: 'http://radosgw.example.local',
355+
accessKey,
356+
secretKey,
357+
bucketName: 'bucket',
358+
bucketMatch: true,
359+
region: 'us-east-1',
360+
},
361+
},
362+
},
363+
{ privateKey },
364+
mockLog,
365+
),
366+
{},
367+
);
368+
});
369+
370+
it('does not reject endpoint with rgw as substring of a token', () => {
371+
assert.deepStrictEqual(
372+
patchLocations(
373+
{
374+
nonRgwToken: {
375+
name: 'nonRgwToken',
376+
objectId: 'non-rgw-token-test',
377+
locationType: 'location-aws-s3-v1',
378+
details: {
379+
endpoint: 'https://forgwave.internal',
380+
accessKey,
381+
secretKey,
382+
bucketName: 'bucket',
383+
bucketMatch: true,
384+
region: 'us-east-1',
385+
},
386+
},
387+
},
388+
{ privateKey },
389+
mockLog,
390+
),
391+
{
392+
nonRgwToken: {
393+
type: 'aws_s3',
394+
name: 'nonRgwToken',
395+
objectId: 'non-rgw-token-test',
396+
locationType: 'location-aws-s3-v1',
397+
sizeLimitGB: null,
398+
isTransient: false,
399+
legacyAwsBehavior: false,
400+
details: {
401+
credentials: {
402+
accessKey,
403+
secretKey: decryptedSecretKey,
404+
},
405+
bucketName: 'bucket',
406+
bucketMatch: true,
407+
serverSideEncryption: false,
408+
region: 'us-east-1',
409+
awsEndpoint: 'forgwave.internal',
410+
supportsVersioning: true,
411+
pathStyle: false,
412+
https: true,
413+
},
414+
},
415+
},
416+
);
417+
});
353418
});

0 commit comments

Comments
 (0)