FrostFS S3 Protocol Gateway

Find a file

Roman Loginov 04b8fc2b5f [#562 ] Empty default value for TLS termination header param If the service is accessed not through a proxy and the default value of the parameter with the header key is not empty, then the system administrator does not control disabling TLS verification in any way, because the client can simply add a known header, thereby skipping the verification. Therefore, the default value of the header parameter is made empty. If it is empty, then TLS verification cannot be disabled in any way. Thus, the system administrator will be able to control the enabling/disabling of TLS. Signed-off-by: Roman Loginov <r.loginov@yadro.com>		2024-12-13 11:12:58 +00:00
.docker	[#369 ] Enhanced http requests logging	2024-09-11 15:25:09 +03:00
.forgejo	[#550 ] Execute CI on push to master	2024-11-15 14:31:11 +03:00
api	[#562 ] Empty default value for TLS termination header param	2024-12-13 11:12:58 +00:00
authmate	[#570 ] Remove frostfs-api-go dependency	2024-12-10 11:03:30 +03:00
cmd	[#562 ] Empty default value for TLS termination header param	2024-12-13 11:12:58 +00:00
config	[#562 ] Add tests for form encryption params	2024-12-11 16:09:43 +03:00
creds	[#509 ] Support fallback address when getting box	2024-10-23 15:01:31 +03:00
debian	[#68 ] Fix pre-commit issues	2023-03-24 16:22:06 +03:00
docs	[#562 ] Empty default value for TLS termination header param	2024-12-13 11:12:58 +00:00
internal	[#562 ] Support TLS termination header for SSE-C	2024-12-11 16:09:43 +03:00
metrics	[#502 ] Add Dropped logs (by sampling) metric	2024-12-03 12:16:56 +00:00
pkg	[#488 ] Renamed api/errors, layer/frostfs and layer/tree package names	2024-10-02 12:35:04 +03:00
.dockerignore	[#542 ] Stop using obsolete .github directory	2024-11-06 15:31:16 +03:00
.gitignore	[#133 ] Drop sync-tree	2023-06-09 09:34:36 +03:00
.gitlint	[#65 ] Enable pre-commit	2023-03-24 07:28:04 +00:00
.golangci.yml	[#339 ] lint: Ignore aws sdk dirs	2024-12-10 15:04:56 +03:00
.pre-commit-config.yaml	[#195 ] Add log constants linter	2023-08-28 12:58:44 +03:00
CHANGELOG.md	Release v0.31.1	2024-11-29 13:35:58 +00:00
CODEOWNERS	[#573 ] Refine CODEOWNERS settings	2024-12-10 14:35:40 +00:00
CONTRIBUTING.md	[#2 ] Update CONTRIBUTING	2023-06-07 15:35:57 +00:00
CREDITS.md	[#68 ] Fix pre-commit issues	2023-03-24 16:22:06 +03:00
go.mod	[#576 ] Update frostfs-sdk-go version	2024-12-13 03:17:19 +03:00
go.sum	[#576 ] Update frostfs-sdk-go version	2024-12-13 03:17:19 +03:00
help.mk	[#725 ] Fix help	2022-10-17 19:16:05 +03:00
LICENSE	[#264 ] Change NeoFS S3 Gateway license to AGPLv3	2021-09-20 10:38:28 +03:00
Makefile	[#369 ] Enhanced http requests logging	2024-09-11 15:25:09 +03:00
README.md	[#542 ] Stop using obsolete .github directory	2024-11-06 15:31:16 +03:00
SECURITY.md	[#413 ] Add SECURITY.md	2024-09-03 11:45:05 +00:00
updateTestsResult.sh	[#68 ] Fix pre-commit issues	2023-03-24 16:22:06 +03:00
VERSION	Release v0.31.1	2024-11-29 13:35:58 +00:00

README.md

FrostFS is a decentralized distributed object storage integrated with the NEO Blockchain.

FrostFS S3 Gateway

FrostFS S3 gateway provides API compatible with Amazon S3 cloud storage service.

Installation

go get -u git.frostfs.info/TrueCloudLab/frostfs-s3-gw

Or you can call make to build it from the cloned repository (the binary will end up in bin/frostfs-s3-gw with authmate helper in bin/frostfs-s3-authmate). To build binaries in clean docker environment, call make docker/all.

Other notable make targets:

dep          Check and ensure dependencies
image        Build clean docker image
dirty-image  Build dirty docker image with host-built binaries
format       Run all code formatters
lint         Run linters
version      Show current version

Or you can also use a Docker image provided for released (and occasionally unreleased) versions of gateway (:latest points to the latest stable release).

Execution

Minimalistic S3 gateway setup needs:

FrostFS node(s) address (S3 gateway itself is not a FrostFS node) Passed via -p parameter or via S3_GW_PEERS_<N>_ADDRESS and S3_GW_PEERS_<N>_WEIGHT environment variables (gateway supports multiple FrostFS nodes with weighted load balancing).
a wallet used to fetch key and communicate with FrostFS nodes Passed via --wallet parameter or S3_GW_WALLET_PATH environment variable.

These two commands are functionally equivalent, they run the gate with one backend node, some keys and otherwise default settings:

$ frostfs-s3-gw -p 192.168.130.72:8080 --wallet wallet.json

$ S3_GW_PEERS_0_ADDRESS=192.168.130.72:8080 \
  S3_GW_WALLET=wallet.json \
  frostfs-s3-gw

It's also possible to specify uri scheme (grpc or grpcs) when using -p or environment variables:

$ frostfs-s3-gw -p grpc://192.168.130.72:8080 --wallet wallet.json

$ S3_GW_PEERS_0_ADDRESS=grpcs://192.168.130.72:8080 \
  S3_GW_WALLET=wallet.json \
  frostfs-s3-gw

Domains

By default, s3-gw enable only path-style access. To be able to use both: virtual-hosted-style and path-style access you must configure listen_domains:

$ frostfs-s3-gw -p 192.168.130.72:8080 --wallet wallet.json --listen_domains your.first.domain --listen_domains your.second.domain

So now you can use (e.g. HeadBucket. Make sure DNS is properly configured):

$ curl --head http://bucket-name.your.first.domain:8080
HTTP/1.1 200 OK
...

$ curl --head http://your.second.domain:8080/bucket-name
HTTP/1.1 200 OK
...

Also, you can configure domains using .env variables or yaml file.

Fuzzing

To run fuzzing tests use the following command:

$ make fuzz

This command will install dependencies for the fuzzing process and run existing fuzzing tests.

You can also use the following arguments:

FUZZ_TIMEOUT - time to run each fuzzing test (default 30) 
FUZZ_FUNCTIONS - fuzzing tests that will be started (default "all")
FUZZ_AUX - additional parameters for the fuzzer (for example, "-debug")
FUZZ_NGFUZZ_DIR - path to ngfuzz tool

Documentation

Credits

Please see CREDITS for details.