post reviews fixups

Author: benzekrimaha

lib/auth/v2/getCanonicalizedAmzHeaders.ts

@@ -1,4 +1,6 @@
-export default function getCanonicalizedAmzHeaders(headers: Record<string, string>, clientType: string) {
+import type { ArsenalRequestHeaders } from '../../types/ArsenalRequest';
+
+export default function getCanonicalizedAmzHeaders(headers: ArsenalRequestHeaders, clientType: string) {
     /*
     Iterate through headers and pull any headers that are x-amz headers.
     Need to include 'x-amz-date' here even though AWS docs
@@ -14,9 +16,9 @@ export default function getCanonicalizedAmzHeaders(headers: Record<string, strin
             // AWS SDK v3 can pass header values as arrays (for multiple values),
             // strings, or other types. We need to normalize them before calling .trim()
             // Per HTTP spec and AWS Signature v2, multiple values are joined with commas
-            const stringValue = Array.isArray(headerValue) 
-                ? headerValue.join(',') 
-                : String(headerValue);
+            const stringValue = Array.isArray(headerValue)
+                ? headerValue.join(',')
+                : (headerValue ?? '');
             return [val.trim(), stringValue.trim()];
         });
     /*

lib/auth/v4/streamingV4/constructChunkStringToSign.ts

@@ -24,12 +24,10 @@ export default function constructChunkStringToSign(
         currentChunkHash = constants.emptyStringHash;
     } else {
         const hash = crypto.createHash('sha256');
-        if (typeof justDataChunk === 'string') {
-            hash.update(justDataChunk, 'binary');
-        } else {
-            hash.update(justDataChunk);
-        }
-        currentChunkHash = hash.digest('hex');
+        const chunkHash = typeof justDataChunk === 'string'
+            ? hash.update(justDataChunk, 'binary')
+            : hash.update(justDataChunk);
+        currentChunkHash = chunkHash.digest('hex');
     }
     return `AWS4-HMAC-SHA256-PAYLOAD\n${timestamp}\n` +
         `${credentialScope}\n${lastSignature}\n` +

lib/network/kmsAWS/Client.ts

@@ -9,13 +9,13 @@ import { KMSClient,
     GenerateDataKeyCommand, 
     EncryptCommand, 
     DecryptCommand, 
-    ListKeysCommand, 
     NotFoundException, 
     KMSInvalidStateException } from '@aws-sdk/client-kms';
 const { NodeHttpHandler } = require('@smithy/node-http-handler');
 import * as werelogs from 'werelogs';
 import assert from 'assert';
 import { KMSInterface, KmsBackend, getKeyIdFromArn, KmsProtocol, KmsType, makeBackend } from '../KMSInterface';
+import { AwsError } from '../types';
 
 type TLSVersion = 'TLSv1.3' | 'TLSv1.2' | 'TLSv1.1' | 'TLSv1';
 
@@ -140,7 +140,7 @@ export default class Client implements KMSInterface {
             // or aws arn when creating the KMS Key
             const arn = `${this.backend.arnPrefix}${keyId}`;
             cb(null, keyId, arn);
-        }).catch(err => {
+        }).catch((err: AwsError) => {
             const error = arsenalErrorAWSKMS(err);
             logger.error('AWS KMS: failed to create master encryption key', { err });
             cb(error);
@@ -174,9 +174,10 @@ export default class Client implements KMSInterface {
                 return;
             }
             cb(null);
-        }).catch(err => {
+        }).catch((err: AwsError) => {
             if (err instanceof NotFoundException || err instanceof KMSInvalidStateException) {
-                logger.info('AWS KMS: key does not exist or is already pending deletion', { masterKeyId, error: err });
+                // master key does not exist or is already pending deletion
+                logger.warn('AWS KMS: key does not exist or is already pending deletion', { masterKeyId, error: err });
                 return cb(null);
             }
             const error = arsenalErrorAWSKMS(err);
@@ -208,7 +209,7 @@ export default class Client implements KMSInterface {
             const isolatedPlaintext = this.safePlaintext(data.Plaintext as Buffer);
             logger.debug('AWS KMS: data key generated');
             cb(null, isolatedPlaintext, Buffer.from(data.CiphertextBlob as Uint8Array));
-        }).catch(err => {
+        }).catch((err: AwsError) => {
             const error = arsenalErrorAWSKMS(err);
             logger.error('AWS KMS: failed to generate data key', { err });
             cb(error);
@@ -242,8 +243,7 @@ export default class Client implements KMSInterface {
 
             logger.debug('AWS KMS: data key ciphered');
             cb(null, Buffer.from(data.CiphertextBlob as Uint8Array));
-            return;
-        }).catch(err => {
+        }).catch((err: AwsError) => {
             const error = arsenalErrorAWSKMS(err);
             logger.error('AWS KMS: failed to cipher data key', { err });
             cb(error);
@@ -278,16 +278,27 @@ export default class Client implements KMSInterface {
 
             logger.debug('AWS KMS: data key deciphered');
             cb(null, isolatedPlaintext);
-        }).catch(err => {
+        }).catch((err: AwsError) => {
             const error = arsenalErrorAWSKMS(err);
             logger.error('AWS KMS: failed to decipher data key', { err });
             cb(error);
         });
     }
 
     /**
-     * Healthcheck function to verify KMS connectivity
+     * NOTE1: S3C-4833 KMS healthcheck is disabled in CloudServer
+     * NOTE2: The best approach for implementing the AWS KMS health check is still under consideration.
+     * In the meantime, this method is commented out to prevent potential issues related to costs or permissions.
+     *
+     * Reasons for commenting out:
+     * - frequent API calls can lead to increased expenses.
+     * - access key secret key used must have `kms:ListKeys` permissions
+     *
+     * Future potential actions:
+     * - implement caching mechanisms to reduce the number of API calls.
+     * - differentiate between error types (e.g., 500 vs. 403) for more effective error handling.
      */
+    /*
     healthcheck(logger: werelogs.Logger, cb: (err: Error | null) => void): void {
         logger.debug("AWS KMS: performing healthcheck");
     
@@ -298,10 +309,11 @@ export default class Client implements KMSInterface {
         this.client.send(command).then(() => {
             logger.debug("AWS KMS healthcheck: list keys succeeded");
             cb(null);
-        }).catch(err => {
+        }).catch(err : AwsError => {
             const error = arsenalErrorAWSKMS(err);
             logger.error("AWS KMS healthcheck: failed to list keys", { err });
             cb(error);
         });
     }
+    */
 }

lib/network/utils.ts

@@ -33,26 +33,50 @@ export function arsenalErrorKMIP(err: string | Error) {
 
 const allowedKmsErrorCodes = Object.keys(allowedKmsErrors) as unknown as (keyof typeof allowedKmsErrors)[];
 
-function isAWSError(err: unknown): 
-    err is S3ServiceException | KMSServiceException | (Error & { name?: string }) {
-    return (err instanceof S3ServiceException || err instanceof KMSServiceException ||
-        (err instanceof Error && typeof err.name === 'string')
-    );
+type AwsSdkError = (S3ServiceException | KMSServiceException | (Error & {
+    name: string;
+    $metadata?: { [key: string]: unknown };
+}));
+
+function getAwsErrorCode(err: unknown): string | undefined {
+    if (err instanceof S3ServiceException || err instanceof KMSServiceException) {
+        return err.name;
+    }
+
+    if (err instanceof Error && typeof err.name === 'string') {
+        // AWS SDK v3 errors inherit from Error but are not always instances of the
+        // exported Exception classes once they cross async boundaries.
+        // They still expose metadata markers such as `$metadata` and an error `name`.
+        const maybeAwsMetadata = (err as AwsSdkError).$metadata;
+        if (maybeAwsMetadata && typeof maybeAwsMetadata === 'object') {
+            return err.name;
+        }
+
+        if (allowedKmsErrorCodes.includes(err.name as keyof typeof allowedKmsErrors)) {
+            return err.name;
+        }
+    }
+
+    return undefined;
 }
 
 export function arsenalErrorAWSKMS(err: string | Error | S3ServiceException) {
-    if (isAWSError(err)) {
-        const errorCode = err.name;
+    const awsErrorCode = getAwsErrorCode(err);
+
+    if (awsErrorCode) {
+        const errorCode = awsErrorCode;
+        const errorMessage = err instanceof Error ? err.message : `${err}`;
+
         if (allowedKmsErrorCodes.includes(errorCode as keyof typeof allowedKmsErrors)) {
-            return errorInstances[`KMS.${errorCode}`].customizeDescription(err.message);
+            return errorInstances[`KMS.${errorCode}`].customizeDescription(errorMessage);
         } else {
             // Encapsulate into a generic ArsenalError but keep the aws error code
             return ArsenalError.unflatten({
                 is_arsenal_error: true,
                 type: `KMS.${errorCode}`, // aws s3 prefix kms errors with KMS.
                 code: 500,
                 description: `unexpected AWS_KMS error`,
-                stack: err.stack,
+                stack: err instanceof Error ? err.stack : undefined,
             });
         }
     }

lib/storage/data/LocationConstraintParser.js

@@ -1,6 +1,5 @@
 const { http, https } = require('httpagent');
 const url = require('url');
-const { S3Client } = require('@aws-sdk/client-s3');
 const { NodeHttpHandler } = require('@smithy/node-http-handler');
 const { fromIni } = require('@aws-sdk/credential-providers');
 const Sproxy = require('sproxydclient');

lib/storage/data/external/utils.js

@@ -45,7 +45,7 @@ const utils = {
         const metaObj = obj || {};
         Object.keys(metaObj).forEach(key => {
             const newKey = key.substring(11);
-            newObj[newKey] = `${metaObj[key]}`;
+            newObj[newKey] = string(metaObj[key]);
         });
         return newObj;
     },

package.json

@@ -88,7 +88,7 @@
   "scripts": {
     "build": "tsc",
     "build_doc": "cd documentation/listingAlgos/pics; dot -Tsvg delimiterStateChart.dot > delimiterStateChart.svg; dot -Tsvg delimiterMasterV0StateChart.dot > delimiterMasterV0StateChart.svg; dot -Tsvg delimiterVersionsStateChart.dot > delimiterVersionsStateChart.svg",
-    "coverage": "export NODE_OPTIONS=\"--tls-max-v1.2\" && nyc --clean jest tests/functional/metadata/mongodb/delObject.spec.js",
+    "coverage": "export NODE_OPTIONS=\"--tls-max-v1.2\" && nyc --clean jest tests --coverage --testTimeout=120000 --forceExit --testPathIgnorePatterns tests/functional/pykmip",
     "dev": "nodemon --ext ts --ignore build --exec \"yarn build\"",
     "ft_pykmip_test": "jest tests/functional/pykmip",
     "ft_test": "jest tests/functional --testTimeout=120000 --forceExit --testPathIgnorePatterns tests/functional/pykmip",

tests/unit/s3routes/routesUtils/responseStreamData.spec.js

@@ -8,6 +8,7 @@ const logger = new werelogs.Logger('test:routesUtils.responseStreamData');
 const { responseStreamData } = require('../../../../lib/s3routes/routesUtils');
 const AwsClient = require('../../../../lib/storage/data/external/AwsClient');
 const DummyObjectStream = require('../../storage/data/DummyObjectStream');
+const { once } = require('../../../../lib/jsutil');
 
 werelogs.configure({
     level: 'debug',
@@ -175,16 +176,9 @@ describe('routesUtils.responseStreamData', () => {
     });
 
     it('should not leak socket if client closes the connection before ' +
-    'data backend starts streaming', async () => {
-        await new Promise((resolve, reject) => {
-            let called = false;
-            function safeDone(err) {
-                if (!called) {
-                    called = true;
-                    if (err) reject(err);
-                    else resolve();
-                }
-            }
+    'data backend starts streaming', done => {
+        const doneOnce = once(done);
+        try {
             responseStreamData(undefined, {}, {}, [{
                 key: 'foo',
                 size: 10000000,
@@ -201,16 +195,14 @@ describe('routesUtils.responseStreamData', () => {
                 emit: () => {},
                 write: () => {},
                 end: () => setTimeout(() => {
-                    try {
-                        const nOpenSockets = Object.keys(awsAgent.sockets).length;
-                        assert.strictEqual(nOpenSockets, 0);
-                        safeDone();
-                    } catch (err) {
-                        safeDone(err);
-                    }
+                    const nOpenSockets = Object.keys(awsAgent.sockets).length;
+                    assert.strictEqual(nOpenSockets, 0);
+                    doneOnce();
                 }, 1000),
                 isclosed: true,
             }, undefined, logger.newRequestLogger());
-        });
+        } catch (err) {
+            doneOnce(err);
+        }
     });
 });

tests/unit/storage/data/DummyService.js

@@ -113,18 +113,18 @@ class DummyService {
         this.abortMultipartUploadAsync = promisify(this.abortMultipartUpload.bind(this));
 
         this.commandHandlers = new Map([
-            [PutObjectCommand, (cmd) => this.putObjectAsync(cmd.input)],
-            [CopyObjectCommand, (cmd) => this.copyObjectAsync(cmd.input)],
-            [HeadObjectCommand, (cmd) => this.headObjectAsync(cmd.input)],
-            [PutObjectTaggingCommand, (cmd) => this.putObjectTaggingAsync(cmd.input)],
-            [DeleteObjectTaggingCommand, (cmd) => this.deleteObjectTaggingAsync(cmd.input)],
-            [CompleteMultipartUploadCommand, (cmd) => this.completeMultipartUploadAsync(cmd.input)],
+            [PutObjectCommand, cmd => this.putObjectAsync(cmd.input)],
+            [CopyObjectCommand, cmd => this.copyObjectAsync(cmd.input)],
+            [HeadObjectCommand, cmd => this.headObjectAsync(cmd.input)],
+            [PutObjectTaggingCommand, cmd => this.putObjectTaggingAsync(cmd.input)],
+            [DeleteObjectTaggingCommand, cmd => this.deleteObjectTaggingAsync(cmd.input)],
+            [CompleteMultipartUploadCommand, cmd => this.completeMultipartUploadAsync(cmd.input)],
             [GetObjectCommand, this._handleGetObject.bind(this)], // Special case - returns stream
-            [DeleteObjectCommand, (cmd) => this.deleteObjectAsync(cmd.input)],
-            [CreateMultipartUploadCommand, (cmd) => this.createMultipartUploadAsync(cmd.input)],
-            [UploadPartCommand, (cmd) => this.uploadPartAsync(cmd.input)],
-            [ListPartsCommand, (cmd) => this.listPartsAsync(cmd.input)],
-            [AbortMultipartUploadCommand, (cmd) => this.abortMultipartUploadAsync(cmd.input)],
+            [DeleteObjectCommand, cmd => this.deleteObjectAsync(cmd.input)],
+            [CreateMultipartUploadCommand, cmd => this.createMultipartUploadAsync(cmd.input)],
+            [UploadPartCommand, cmd => this.uploadPartAsync(cmd.input)],
+            [ListPartsCommand, cmd => this.listPartsAsync(cmd.input)],
+            [AbortMultipartUploadCommand, cmd => this.abortMultipartUploadAsync(cmd.input)],
         ]);
     }
 

tests/unit/storage/data/external/ExternalClients.spec.js

@@ -150,10 +150,8 @@ describe('external backend clients', () => {
                 dataStoreName: backend.config.dataStoreName,
                 response: new stream.PassThrough(),
             }, [10000000, 10000050], '');
-            
             let data = '';
             const streamToRead = readable;
-            
             await new Promise((resolve, reject) => {
                 streamToRead.on('data', (chunk) => {
                     data += chunk.toString();
@@ -172,13 +170,9 @@ describe('external backend clients', () => {
                 dataStoreName: backend.config.dataStoreName,
                 response: new stream.PassThrough(),
             }, [10000000, 10000050], '');
-        
-            
             const readable = result
-            
             let errorHandled = false;
-            
-            await new Promise((resolve) => {
+            await new Promise(resolve => {
                 readable
                     .once('data', () => readable.emit('error', new Error('OOPS')))
                     .on('error', err => {