Merge branch 'master' into dependabot/go_modules/github.com/prometheus/procfs-0.19.2

3 days ago · 0f627a5d50
5 changed files with 129 additions and 15 deletions
--- a/docker/Dockerfile.go_build
+++ b/docker/Dockerfile.go_build
@ -23,6 +23,9 @@ RUN mkdir -p /etc/seaweedfs
 COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/filer.toml /etc/seaweedfs/filer.toml
 COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/entrypoint.sh /entrypoint.sh

+# FIPS 140-3 mode is ON by default (Go 1.24+)
+# To disable: docker run -e GODEBUG=fips140=off ...
+
 # Install dependencies and create non-root user
 RUN apk add --no-cache fuse su-exec && \
    addgroup -g 1000 seaweed && \
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -1,5 +1,9 @@
 #!/bin/sh

+# Enable FIPS 140-3 mode by default (Go 1.24+)
+# To disable: docker run -e GODEBUG=fips140=off ...
+export GODEBUG="${GODEBUG:+$GODEBUG,}fips140=on"
+
 # Fix permissions for mounted volumes
 # If /data is mounted from host, it might have different ownership
 # Fix this by ensuring seaweed user owns the directory
--- a/weed/admin/dash/admin_server.go
+++ b/weed/admin/dash/admin_server.go
@ -98,33 +98,30 @@ func NewAdminServer(masters string, templateFS http.FileSystem, dataDir string)
 		glog.Warningf("Failed to initialize credential manager: %v", err)
 		// Continue without credential manager - will fall back to legacy approach
 	} else {
-		// For stores that need filer client details, set them
+		server.credentialManager = credentialManager
+
+		// For stores that need filer address function, set them
 		if store := credentialManager.GetStore(); store != nil {
-			if filerClientSetter, ok := store.(interface {
-				SetFilerClient(string, grpc.DialOption)
+			if filerFuncSetter, ok := store.(interface {
+				SetFilerAddressFunc(func() pb.ServerAddress, grpc.DialOption)
 			}); ok {
-				// We'll set the filer client later when we discover filers
-				// For now, just store the credential manager
-				server.credentialManager = credentialManager
-
-				// Set up a goroutine to set filer client once we discover filers
+				// Set up a goroutine to configure filer address function once we discover filers
 				go func() {
 					for {
 						filerAddr := server.GetFilerAddress()
 						if filerAddr != "" {
-							filerClientSetter.SetFilerClient(filerAddr, server.grpcDialOption)
-							glog.V(1).Infof("Set filer client for credential manager: %s", filerAddr)
+							// Configure the function to dynamically return the current active filer (HA-aware)
+							filerFuncSetter.SetFilerAddressFunc(func() pb.ServerAddress {
+								return pb.ServerAddress(server.GetFilerAddress())
+							}, server.grpcDialOption)
+							glog.V(1).Infof("Set filer address function for credential manager: %s", filerAddr)
 							break
 						}
 						glog.V(1).Infof("Waiting for filer discovery for credential manager...")
-						time.Sleep(5 * time.Second) // Retry every 5 seconds
+						time.Sleep(5 * time.Second)
 					}
 				}()
-			} else {
-				server.credentialManager = credentialManager
 			}
-		} else {
-			server.credentialManager = credentialManager
 		}
 	}

--- a/weed/admin/dash/user_management_test.go
+++ b/weed/admin/dash/user_management_test.go
@ -0,0 +1,109 @@
+package dash
+
+import (
+	"testing"
+
+	"github.com/seaweedfs/seaweedfs/weed/credential"
+	_ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc" // Import to register filer_etc store
+	"github.com/seaweedfs/seaweedfs/weed/pb"
+	"google.golang.org/grpc"
+)
+
+// TestFilerAddressFunctionInterface tests that the filer_etc store
+// implements the correct SetFilerAddressFunc interface (issue #7575)
+func TestFilerAddressFunctionInterface(t *testing.T) {
+	// Create credential manager with filer_etc store
+	credentialManager, err := credential.NewCredentialManagerWithDefaults("")
+	if err != nil {
+		t.Fatalf("Failed to initialize credential manager: %v", err)
+	}
+
+	store := credentialManager.GetStore()
+	if store == nil {
+		t.Fatal("Credential store is nil")
+	}
+
+	// Check if store is filer_etc type
+	if store.GetName() != credential.StoreTypeFilerEtc {
+		t.Skipf("Skipping test - store is not filer_etc (got: %s)", store.GetName())
+	}
+
+	// Check if store implements SetFilerAddressFunc interface
+	// This is the critical check for bug #7575
+	filerFuncSetter, ok := store.(interface {
+		SetFilerAddressFunc(func() pb.ServerAddress, grpc.DialOption)
+	})
+	if !ok {
+		t.Fatal("FilerEtcStore does not implement SetFilerAddressFunc interface - bug #7575")
+	}
+
+	// Verify we can call the method without panic
+	mockFilerAddress := pb.ServerAddress("localhost:8888")
+	filerFuncSetter.SetFilerAddressFunc(func() pb.ServerAddress {
+		return mockFilerAddress
+	}, grpc.WithInsecure())
+
+	t.Log("FilerEtcStore correctly implements SetFilerAddressFunc interface")
+}
+
+// TestGenerateAccessKey tests the access key generation function
+func TestGenerateAccessKey(t *testing.T) {
+	key1 := generateAccessKey()
+	key2 := generateAccessKey()
+
+	// Check length
+	if len(key1) != 20 {
+		t.Errorf("Expected access key length 20, got %d", len(key1))
+	}
+
+	// Check uniqueness
+	if key1 == key2 {
+		t.Error("Generated access keys should be unique")
+	}
+
+	// Check character set
+	for _, c := range key1 {
+		if !((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9')) {
+			t.Errorf("Access key contains invalid character: %c", c)
+		}
+	}
+}
+
+// TestGenerateSecretKey tests the secret key generation function
+func TestGenerateSecretKey(t *testing.T) {
+	key1 := generateSecretKey()
+	key2 := generateSecretKey()
+
+	// Check length (base64 encoding of 30 bytes = 40 characters)
+	if len(key1) != 40 {
+		t.Errorf("Expected secret key length 40, got %d", len(key1))
+	}
+
+	// Check uniqueness
+	if key1 == key2 {
+		t.Error("Generated secret keys should be unique")
+	}
+}
+
+// TestGenerateAccountId tests the account ID generation function
+func TestGenerateAccountId(t *testing.T) {
+	id1 := generateAccountId()
+	id2 := generateAccountId()
+
+	// Check length
+	if len(id1) != 12 {
+		t.Errorf("Expected account ID length 12, got %d", len(id1))
+	}
+
+	// Check that it's a number
+	for _, c := range id1 {
+		if c < '0' || c > '9' {
+			t.Errorf("Account ID contains non-digit character: %c", c)
+		}
+	}
+
+	// Check uniqueness (they should usually be different)
+	if id1 == id2 {
+		t.Log("Warning: Generated account IDs are the same (rare but possible)")
+	}
+}
--- a/weed/command/admin.go
+++ b/weed/command/admin.go
@ -22,6 +22,7 @@ import (
 	"github.com/seaweedfs/seaweedfs/weed/admin"
 	"github.com/seaweedfs/seaweedfs/weed/admin/dash"
 	"github.com/seaweedfs/seaweedfs/weed/admin/handlers"
+	_ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc" // Register filer_etc credential store
 	"github.com/seaweedfs/seaweedfs/weed/pb"
 	"github.com/seaweedfs/seaweedfs/weed/security"
 	"github.com/seaweedfs/seaweedfs/weed/util"