add domain names for object storage

Author: anda-ren

server/controller/src/main/java/ai/starwhale/mlops/configuration/security/ObjectStoreDomainDetectionFilter.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2022 Starwhale, Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ai.starwhale.mlops.configuration.security;
+
+import ai.starwhale.mlops.storage.domain.DomainAwareStorageAccessService;
+import java.io.IOException;
+import java.util.regex.Pattern;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.jetbrains.annotations.NotNull;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Component
+public class ObjectStoreDomainDetectionFilter extends OncePerRequestFilter {
+
+    public static final String HEADER_NAME = "SW_CLIENT_FAVORED_OSS_DOMAIN_PATTERN";
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request,
+            @NotNull HttpServletResponse response,
+            FilterChain filterChain
+    ) throws ServletException, IOException {
+        String pattern = request.getHeader(HEADER_NAME);
+        if (StringUtils.hasText(pattern)) {
+            request.setAttribute(DomainAwareStorageAccessService.OSS_DOMAIN_PATTERN_ATTR, Pattern.compile(pattern));
+        }
+        filterChain.doFilter(request, response);
+    }
+
+}

server/controller/src/main/java/ai/starwhale/mlops/configuration/security/SecurityConfiguration.java

@@ -84,6 +84,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Resource
     private ContentCachingFilter contentCachingFilter;
 
+    @Resource
+    private ObjectStoreDomainDetectionFilter objectStoreDomainDetectionFilter;
+
 
     public SecurityConfiguration() {
         super();
@@ -139,6 +142,7 @@ protected void configure(HttpSecurity http) throws Exception {
                         JwtLoginFilter.class)
                 .addFilterBefore(projectDetectionFilter, JwtTokenFilter.class)
                 .addFilterBefore(contentCachingFilter, ProjectDetectionFilter.class)
+                .addFilterAfter(objectStoreDomainDetectionFilter, JwtTokenFilter.class)
         ;
     }
 

server/controller/src/main/java/ai/starwhale/mlops/domain/blob/CachedBlobService.java

@@ -18,6 +18,7 @@
 
 import ai.starwhale.mlops.storage.LengthAbleInputStream;
 import ai.starwhale.mlops.storage.StorageAccessService;
+import ai.starwhale.mlops.storage.domain.DomainAwareStorageAccessService;
 import ai.starwhale.mlops.storage.memory.StorageAccessServiceMemory;
 import java.io.IOException;
 import java.util.HashMap;
@@ -40,9 +41,12 @@ public CachedBlobService(StorageAccessService defaultStorageAccessService,
                 // for test only
                 storageAccessService = new StorageAccessServiceMemory();
             } else {
-                storageAccessService = StorageAccessService.getS3LikeStorageAccessService(
-                        cacheConfig.getStorageType(),
-                        cacheConfig);
+                storageAccessService = new DomainAwareStorageAccessService(
+                        StorageAccessService.getS3LikeStorageAccessService(
+                                cacheConfig.getStorageType(),
+                                cacheConfig
+                        )
+                );
             }
             this.caches.put(cacheConfig.getBlobIdPrefix(),
                     new BlobServiceImpl(storageAccessService,

server/controller/src/main/java/ai/starwhale/mlops/domain/dataset/objectstore/StorageAccessParser.java

@@ -21,6 +21,7 @@
 import ai.starwhale.mlops.storage.StorageAccessService;
 import ai.starwhale.mlops.storage.StorageConnectionToken;
 import ai.starwhale.mlops.storage.StorageUri;
+import ai.starwhale.mlops.storage.domain.DomainAwareStorageAccessService;
 import ai.starwhale.mlops.storage.fs.FsConfig;
 import ai.starwhale.mlops.storage.s3.S3Config;
 import java.util.Map;
@@ -99,9 +100,12 @@ private StorageAccessService buildStorageAccessService(StorageConnectionToken to
                     return StorageAccessService.getFileStorageAccessService(
                             new FsConfig(token.getTokens().get("rootDir"), token.getTokens().get("serviceProvider")));
                 default:
-                    return StorageAccessService.getS3LikeStorageAccessService(
-                            token.getType(),
-                            new S3Config(token.getTokens()));
+                    return new DomainAwareStorageAccessService(
+                            StorageAccessService.getS3LikeStorageAccessService(
+                                    token.getType(),
+                                    new S3Config(token.getTokens())
+                            )
+                    );
             }
         } catch (Exception e) {
             log.error("can not build storage access service", e);

server/controller/src/main/resources/application.yaml

@@ -97,6 +97,7 @@ sw:
       secret-key: ${SW_STORAGE_SECRETKEY:starwhale}
       region: ${SW_STORAGE_REGION:local}
       endpoint: ${SW_STORAGE_ENDPOINT:http://localhost:9000}
+      endpoint-equivalents: ${SW_STORAGE_ENDPOINT_EQS:http://127.0.0.1:9000}
       huge-file-threshold: 10485760 # 10MB
       huge-file-part-size: 5242880 # 5MB
   controller:

server/controller/src/test/java/ai/starwhale/mlops/configuration/security/ObjectStoreDomainDetectionFilterTest.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2022 Starwhale, Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ai.starwhale.mlops.configuration.security;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.regex.Pattern;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+
+class ObjectStoreDomainDetectionFilterTest {
+
+    ObjectStoreDomainDetectionFilter filter = new ObjectStoreDomainDetectionFilter();
+
+    @Test
+    void doFilterInternal() throws ServletException, IOException {
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        HttpServletResponse resp = mock(HttpServletResponse.class);
+        FilterChain filterChain = mock(FilterChain.class);
+        when(req.getHeader("SW_CLIENT_FAVORED_OSS_DOMAIN_PATTERN")).thenReturn(null);
+        filter.doFilterInternal(req, resp, filterChain);
+        verify(req, times(0)).setAttribute(any(), any());
+        when(req.getHeader("SW_CLIENT_FAVORED_OSS_DOMAIN_PATTERN")).thenReturn("^aa$");
+        filter.doFilterInternal(req, resp, filterChain);
+        ArgumentCaptor<Pattern> ac = ArgumentCaptor.forClass(Pattern.class);
+        verify(req).setAttribute(eq("SW_OSS_DOMAIN_REG_PATTERN"), ac.capture());
+        Assertions.assertTrue(ac.getValue().matcher("aa").matches());
+    }
+}

server/storage-access-layer/pom.xml

@@ -91,6 +91,10 @@
       <artifactId>spring-boot-configuration-processor</artifactId>
       <optional>true</optional>
     </dependency>
+      <dependency>
+          <groupId>org.springframework</groupId>
+          <artifactId>spring-web</artifactId>
+      </dependency>
   </dependencies>
 
   <build>

server/storage-access-layer/src/main/java/ai/starwhale/mlops/storage/StorageAccessService.java

@@ -148,5 +148,14 @@ static StorageAccessService getS3LikeStorageAccessService(String type, S3Config
      */
     String signedUrl(String path, Long expTimeMillis) throws IOException;
 
+    default List<String> signedUrlAllDomains(String path, Long expTimeMillis) throws IOException {
+        return List.of(signedUrl(path, expTimeMillis));
+    }
+
     String signedPutUrl(String path, String contentType, Long expTimeMillis) throws IOException;
+
+    default List<String> signedPutUrlAllDomains(String path, String contentType, Long expTimeMillis)
+            throws IOException {
+        return List.of(signedPutUrl(path, contentType, expTimeMillis));
+    }
 }

server/storage-access-layer/src/main/java/ai/starwhale/mlops/storage/aliyun/StorageAccessServiceAliyun.java

@@ -47,13 +47,17 @@
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.List;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.util.CollectionUtils;
 
 @Slf4j
 public class StorageAccessServiceAliyun extends S3LikeStorageAccessService {
 
     private final OSS ossClient;
+    private final List<OSS> ossClientEquivalents;
 
     public StorageAccessServiceAliyun(S3Config s3Config) {
         super(s3Config);
@@ -62,6 +66,15 @@ public StorageAccessServiceAliyun(S3Config s3Config) {
         config.setRequestTimeoutEnabled(true);
         this.ossClient = new OSSClientBuilder()
                 .build(s3Config.getEndpoint(), s3Config.getAccessKey(), s3Config.getSecretKey(), config);
+        if (!CollectionUtils.isEmpty(s3Config.getEndpointEquivalents())) {
+            this.ossClientEquivalents = s3Config.getEndpointEquivalents()
+                    .stream()
+                    .map(edp -> new OSSClientBuilder()
+                            .build(edp, s3Config.getAccessKey(), s3Config.getSecretKey(), config))
+                    .collect(Collectors.toList());
+        } else {
+            this.ossClientEquivalents = List.of();
+        }
     }
 
     @Override
@@ -73,10 +86,12 @@ public StorageObjectInfo head(String path) throws IOException {
     public StorageObjectInfo head(String path, boolean md5sum) throws IOException {
         try {
             var resp = this.ossClient.headObject(new HeadObjectRequest(this.bucket, path));
-            return new StorageObjectInfo(true,
+            return new StorageObjectInfo(
+                    true,
                     resp.getContentLength(),
                     md5sum ? resp.getETag().replace("\"", "").toLowerCase() : null,
-                    MetaHelper.mapToString(resp.getUserMetadata()));
+                    MetaHelper.mapToString(resp.getUserMetadata())
+            );
         } catch (OSSException e) {
             if (e.getErrorCode().equals(OSSErrorCode.NO_SUCH_KEY)) {
                 return new StorageObjectInfo(false, 0L, null, null);
@@ -117,7 +132,8 @@ public void put(String path, InputStream inputStream) throws IOException {
                         uploadId,
                         i,
                         new ByteArrayInputStream(data),
-                        data.length));
+                        data.length
+                ));
                 etagList.add(resp.getPartETag());
                 if (data.length < this.partSize) {
                     break;
@@ -187,12 +203,41 @@ public void delete(String path) throws IOException {
 
     @Override
     public String signedUrl(String path, Long expTimeMillis) {
+        return signedUrl(path, expTimeMillis, this.ossClient);
+    }
+
+    private String signedUrl(String path, Long expTimeMillis, OSS ossClient) {
         return ossClient.generatePresignedUrl(this.bucket, path, new Date(System.currentTimeMillis() + expTimeMillis))
                 .toString();
     }
 
+    @Override
+    public List<String> signedUrlAllDomains(String path, Long expTimeMillis) {
+        return Stream.concat(Stream.of(ossClient), ossClientEquivalents.stream())
+                .map(client -> signedUrl(
+                        path,
+                        expTimeMillis,
+                        client
+                )).collect(Collectors.toList());
+    }
+
     @Override
     public String signedPutUrl(String path, String contentType, Long expTimeMillis) throws IOException {
+        return signPutUrl(path, contentType, expTimeMillis, this.ossClient);
+    }
+
+    @Override
+    public List<String> signedPutUrlAllDomains(String path, String contentType, Long expTimeMillis) {
+        return Stream.concat(Stream.of(ossClient), ossClientEquivalents.stream())
+                .map(client -> signPutUrl(
+                        path,
+                        contentType,
+                        expTimeMillis,
+                        client
+                )).collect(Collectors.toList());
+    }
+
+    private String signPutUrl(String path, String contentType, Long expTimeMillis, OSS ossClient) {
         var request = new GeneratePresignedUrlRequest(this.bucket, path, HttpMethod.PUT);
         request.setExpiration(new Date(System.currentTimeMillis() + expTimeMillis));
         request.setContentType(contentType);