HDDS-9388. OM Ratis Write: Move ACL check and Bucket resolution to preExecute

[duongkame]

What changes were proposed in this pull request?

ACL checks and bucket soft-link resolution should be moved to preExecute. Today, these checks are done in validateAndUpdateCache and performed in each replica. Those should be done when the leader node receives the operation. Checks should be validated upfront, not when applying the state.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-9388

How was this patch tested?

CI.

[adoroszlai]

Thanks @duongkame for the patch.

Failure in TestOzoneAtRestEncryption.mpuWithLink and TestOzoneFileSystemWithFSO.testFSDeleteLogWarnNoExist seem related, can be reproduced locally.

[adoroszlai]

There are calls to checkKeyAcls from some validateAndUpdateCache methods, so far I've found:

• OMKeyRenameRequestWithFSO
• S3MultipartUploadCompleteRequest
• OMRecoverLeaseRequest

The first two also resolve bucket links.

Are these intentional?

[duongkame]

There are calls to checkKeyAcls from some validateAndUpdateCache methods, so far I've found:

• OMKeyRenameRequestWithFSO
• S3MultipartUploadCompleteRequest
• OMRecoverLeaseRequest

The first two also resolve bucket links.

Are these intentional?

They're not intentional. I was still cleaning up a few places. Thanks for the detailed look, @adoroszlai .

[duongkame]

There's an open point from this PR. Some S3 APIs like MultipartInfoInitiate or MultipartUploadComplete return unnecessary/redundant data like original volume, bucket and key names in their response. With the refactor to move bucket resolution to preExecute, we don't have the original bucket/volume name in applyTransaction to include in the response.
Anyway, those are redundant data and are not used in S3G (only used in tests), I decided to just mark the data @deprecated for compatibility, and removed all the relevant usage in tests.

[sumitagrawl]

@duongkame Thanks for working over this, this changes may have issue,
in pre-execute, it can not validate the relational things which may be part of previous request as,

• link bucket validation as link bucket may not be created and pending to be excuted
• ACL validation as acl change may be pending to be executed

Only static validation related to request can be done, Or some thing from system perspective which normally do not depend on previous possible request

[kerneltime]

@duongkame Thanks for working over this, this changes may have issue, in pre-execute, it can not validate the relational things which may be part of previous request as,

• link bucket validation as link bucket may not be created and pending to be excuted
• ACL validation as acl change may be pending to be executed

Only static validation related to request can be done, Or some thing from system perspective which normally do not depend on previous possible request

Concurrent requests can be interleaved in any order. I am not sure this is an issue. Do you have a specific issue in mind?

[errose28]

@sumitagrawl I think you are also describing what I wrote on the Jira here. IMO this is more of a minor change in behavior than an issue. The server is still failing the request based on an ordering either way.

[sumitagrawl]

@sumitagrawl I think you are also describing what I wrote on the Jira here. IMO this is more of a minor change in behavior than an issue. The server is still failing the request based on an ordering either way.

@errose28
yes, 2 cases we are changing,

1. ACL as already mentioned
2. linked bucket resolution also

[duongkame]

@sumitagrawl I think you are also describing what I wrote on the Jira here. IMO this is more of a minor change in behavior than an issue. The server is still failing the request based on an ordering either way.

@errose28 yes, 2 cases we are changing,

1. ACL as already mentioned
2. linked bucket resolution also

@sumitagrawl
I don't see problems with Link resolution in preExecute. E.g. at the time a key-create request reaches the leader node, the request should be rejected if the link is not there. This is different from before when the link creation can happen after a while before the key-creation request reaches each replica. A reverse example is when a link is being removed. Either case, making the decision at the leader makes sense to me.

Yes, there are changes in behaviors the edge cases but they're not necessarily issues.

The same story for moving ACL checks, as @errose28 mentioned.

I think moving validation/pre-processing out of applyTransaction is the right direction. ApplyTransaction should be to apply the state of a request to the state machine.

C.c. some more folks as I need your opinions too. @kerneltime @szetszwo @smengcl.

[smengcl]

Core change lgtm. Thanks @duongkame for this

[smengcl]

Thanks @duongkame for the patch, and @adoroszlai @sumitagrawl @kerneltime @errose28 for the reviews and comments.

[duongkame]

Thanks @smengcl for the reviews and merging it.

[smengcl]

Turns out this causes a regression where encrypted buckets won't correctly have file encryption info in keyargs set. Because encryption info is generated in generateRequiredEncryptionInfo above and put into newKeyArgs.

Credit to @jojochuang for locating this bug.

[smengcl]

HDDS-10363