fixups post reviews

Author: benzekrimaha

index.ts

@@ -152,8 +152,7 @@ export const storage = {
         external: {
             AwsClient: require('./lib/storage/data/external/AwsClient'),
             AzureClient: require('./lib/storage/data/external/AzureClient'),
-            GcpClient: require('./lib/storage/data/external/GcpClient'),
-            GCP: require('./lib/storage/data/external/GCP'),
+            GcpClient: require('./lib/storage/data/external/GCP/GcpClient'),
             GcpUtils: require('./lib/storage/data/external/GCP/GcpUtils'),
             PfsClient: require('./lib/storage/data/external/PfsClient'),
             backendUtils: require('./lib/storage/data/external/utils'),

lib/network/kmsAWS/Client.ts

@@ -1,8 +1,15 @@
 'use strict';  
 
 import { arsenalErrorAWSKMS } from '../utils';
-import { KMSClient, CreateKeyCommand, ScheduleKeyDeletionCommand,
-    GenerateDataKeyCommand, EncryptCommand, DecryptCommand, ListKeysCommand } from '@aws-sdk/client-kms';
+import { KMSClient, 
+    CreateKeyCommand, 
+    ScheduleKeyDeletionCommand,
+    GenerateDataKeyCommand, 
+    EncryptCommand, 
+    DecryptCommand, 
+    ListKeysCommand, 
+    NotFoundException, 
+    KMSInvalidStateException } from '@aws-sdk/client-kms';
 import * as werelogs from 'werelogs';
 import assert from 'assert';
 import { KMSInterface, KmsBackend, getKeyIdFromArn, KmsProtocol, KmsType, makeBackend } from '../KMSInterface';
@@ -61,7 +68,7 @@ export default class Client implements KMSInterface {
         this.client = new KMSClient({
             region,
             endpoint,
-            requestHandler: undefined, // v3 handles agents differently
+            requestHandler: undefined,
             credentials,
         });
         this.backend = makeBackend(KmsType.external, KmsProtocol.aws_kms, providerName);
@@ -107,6 +114,7 @@ export default class Client implements KMSInterface {
             if (this.noAwsArn) {
                 keyId = keyMetadata?.KeyId || '';
             } else {
+                // Prefer ARN, but fall back to KeyId if ARN is missing
                 keyId = keyMetadata?.Arn ?? (keyMetadata?.KeyId || '');
             }
             const arn = `${this.backend.arnPrefix}${keyId}`;
@@ -135,7 +143,9 @@ export default class Client implements KMSInterface {
             KeyId: masterKeyId,
             PendingWindowInDays: 7,
         };
-        this.client.send(new ScheduleKeyDeletionCommand(params)).then(data => {
+        const command = new ScheduleKeyDeletionCommand(params);
+
+        this.client.send(command).then(data => {
             if (data?.KeyState && data.KeyState !== 'PendingDeletion') {
                 const error = arsenalErrorAWSKMS('key is not in PendingDeletion state');
                 logger.error('AWS KMS: failed to delete master encryption key', { data });
@@ -144,7 +154,7 @@ export default class Client implements KMSInterface {
             }
             cb(null);
         }).catch(err => {
-            if (err.name === 'NotFoundException' || err.name === 'KMSInvalidStateException') {
+            if (err instanceof NotFoundException || err instanceof KMSInvalidStateException) {
                 logger.info('AWS KMS: key does not exist or is already pending deletion', { masterKeyId, error: err });
                 cb(null);
                 return;
@@ -166,7 +176,7 @@ export default class Client implements KMSInterface {
         assert.strictEqual(cryptoScheme, 1);
         const params = {
             KeyId: masterKeyId,
-            KeySpec: "AES_256" as const,
+            KeySpec: 'AES_256' as const,
         };
         this.client.send(new GenerateDataKeyCommand(params)).then(data => {
             if (!data) {

lib/network/utils.ts

@@ -32,28 +32,36 @@ export function arsenalErrorKMIP(err: string | Error) {
 const allowedKmsErrorCodes = Object.keys(allowedKmsErrors) as unknown as (keyof typeof allowedKmsErrors)[];
 
 // Local AWSError type for compatibility with v3 error handling
-export type AWSError = Error & { 
-    code?: string; 
-    retryable?: boolean; 
-    statusCode?: number; 
-    time?: Date; 
-    requestId?: string; 
+export type AWSError = Error & {
+    name?: string;
+    $fault?: 'client' | 'server';
+    $metadata?: {
+        httpStatusCode?: number;
+        requestId?: string;
+        attempts?: number;
+        totalRetryDelay?: number;
+    };
+    $retryable?: {
+        throttling?: boolean;
+    };
+    message?: string;
 };
 
 function isAWSError(err: string | Error | AWSError): err is AWSError {
-    return (err as AWSError).code !== undefined
-        && (err as AWSError).retryable !== undefined;
+    return (err as AWSError).name !== undefined
+        && (err as AWSError).$metadata !== undefined;
 }
 
 export function arsenalErrorAWSKMS(err: string | Error | AWSError) {
     if (isAWSError(err)) {
-        if (allowedKmsErrorCodes.includes(err.code as keyof typeof allowedKmsErrors)) {
-            return errorInstances[`KMS.${err.code}`].customizeDescription(err.message);
+        const errorCode = err.name;
+        if (allowedKmsErrorCodes.includes(errorCode as keyof typeof allowedKmsErrors)) {
+            return errorInstances[`KMS.${errorCode}`].customizeDescription(err.message);
         } else {
             // Encapsulate into a generic ArsenalError but keep the aws error code
             return ArsenalError.unflatten({
                 is_arsenal_error: true,
-                type: `KMS.${err.code}`, // aws s3 prefix kms errors with KMS.
+                type: `KMS.${errorCode}`, // aws s3 prefix kms errors with KMS.
                 code: 500,
                 description: `unexpected AWS_KMS error`,
                 stack: err.stack,

lib/storage/data/LocationConstraintParser.js

@@ -1,6 +1,7 @@
 const { http, https } = require('httpagent');
 const url = require('url');
 const { S3Client } = require('@aws-sdk/client-s3');
+const { NodeHttpHandler } = require('@smithy/node-http-handler');
 const { fromIni } = require('@aws-sdk/credential-providers');
 const Sproxy = require('sproxydclient');
 const Hyperdrive = require('@scality/hdclient');
@@ -11,7 +12,7 @@ const DataFileBackend = require('./file/DataFileInterface');
 const inMemory = require('./in_memory/datastore').backend;
 const AwsClient = require('./external/AwsClient');
 const AzureClient = require('./external/AzureClient');
-const GcpClient = require('./external/GcpClient');
+const GcpClient = require('./external/GCP/GcpClient');
 const PfsClient = require('./external/PfsClient');
 const backendUtils = require('./external/utils');
 
@@ -76,19 +77,26 @@ function parseLC(config, vault) {
                 // https or http proxy
                 connectionAgent = new HttpsProxyAgent(options);
             } else {
-                connectionAgent = sslEnabled ?
-                    new https.Agent(httpAgentConfig, { maxSockets: false }) :
-                    new http.Agent(httpAgentConfig, { maxSockets: false });
+                const agentOptions = { ...httpAgentConfig, maxSockets: false };
+
+                connectionAgent = sslEnabled
+                    ? new https.Agent(agentOptions)
+                    : new http.Agent(agentOptions);
             }
             const httpOptions = { agent: connectionAgent, timeout: 0 };
             const s3Params = {
                 endpoint: `${protocol}://${endpoint}`,
                 region,
+                requestHandler: new NodeHttpHandler({
+                    requestTimeout: 0,
+                    ...(sslEnabled
+                    ? { httpsAgent: connectionAgent }
+                    : { httpAgent: connectionAgent }),
+                }),
                 forcePathStyle: pathStyle,
+                customUserAgent: constants.productName,
                 maxAttempts: 1,
-                requestHandler: undefined, // v3 handles agents differently
-                // v3 does not use signatureVersion or sslEnabled directly
-                // v3 does not use customUserAgent directly
+                tls: sslEnabled,
             };
             if (locationObj.details.credentialsProfile) {
                 s3Params.credentials = fromIni({ profile: locationObj.details.credentialsProfile });

lib/storage/data/external/AwsClient.js

@@ -11,7 +11,12 @@ const { S3Client,
     PutObjectTaggingCommand,
     DeleteObjectTaggingCommand,
     CopyObjectCommand,
-    GetBucketLocationCommand } = require('@aws-sdk/client-s3');
+    GetBucketLocationCommand, 
+    GetBucketVersioningCommand,
+    NoSuchKeyException,
+    NotFoundException,
+    NoSuchVersionException,
+    AccessDeniedException } = require('@aws-sdk/client-s3');
 const werelogs = require('werelogs');
 
 const errors = require('../../../errors').default;
@@ -68,7 +73,7 @@ class AwsClient {
                 return cb();
             })
             .catch(err => {
-                if (err && err.code !== 'AuthorizationHeaderMalformed') {
+                if (err.name !== 'AuthorizationHeaderMalformed') {
                     this._logger.error('error during setup', {
                         error: err,
                         method: 'AwsClient.setup',
@@ -169,7 +174,7 @@ class AwsClient {
         .catch(err => {
                 let logLevel;
                 let retError;
-                if (err.code === 'NotFound') {
+                if (err instanceof NotFoundException) {
                     logLevel = 'info';
                     retError = errors.LocationNotFound;
                 } else {
@@ -194,15 +199,23 @@ class AwsClient {
         this._client.send(new GetObjectCommand(params)).then(data => {
             // Always return an object with .createReadStream for test compatibility
             const stream = data.Body;
-            stream.abort = () => {};
-            const response = {
+            let isAborted = false;
+            const destroy = () => {
+                if (isAborted) return;
+                isAborted = true;
+                (stream?.destroy || stream?.abort || stream?.close || stream?.end || stream?.removeAllListeners)?.();
+            };
+            if (!stream?.abort) {
+                stream.abort = abort;
+            }
+            return callback(null, {
                 createReadStream: () => stream,
                 Body: stream,
-                abort: () => {},
-            };
-            return callback(null, response);
+                abort,
+                destroy,
+            });
         }).catch(err => {
-            if (err.code === 'NoSuchKey' || err.code === 'NotFound') {
+            if (err instanceof NoSuchKeyException || err instanceof NotFoundException) {
                 logHelper(log, 'info', 'object not found', err, this._dataStoreName);
             } else {
                 logHelper(log, 'error', 'error getting object from datastore', err, this._dataStoreName);
@@ -220,12 +233,10 @@ class AwsClient {
         if (deleteVersion) {
             params.VersionId = dataStoreVersionId;
         }
-        return this._client.send(new DeleteObjectCommand(params)).then(() => {
-            return callback();
-        }).catch(err => {
+        return this._client.send(new DeleteObjectCommand(params)).then(() => callback()).catch(err => {
             logHelper(log, 'error', 'error deleting object from ' +
-            'datastore', err, this._dataStoreName, this.clientType);
-            if (err.code === 'NoSuchVersion' || err.code === 'NoSuchKey') {
+                'datastore', err, this._dataStoreName, this.clientType);
+            if (err instanceof NoSuchVersionException || err instanceof NoSuchKeyException) {
                 // data may have been deleted directly from the AWS backend
                     // don't want to retry the delete and errors are not
                     // sent back to client anyway, so no need to return err
@@ -241,22 +252,19 @@ class AwsClient {
     healthcheck(location, callback) {
         const awsResp = {};
         this._client.send(new HeadObjectCommand({ Bucket: this._awsBucketName }))
-        .catch(err => {
-
-                    awsResp[location] = { error: err, external: true };
-                    return callback(null, awsResp);
-        }).then(() => {
+        .then(() => {
                 if (!this._supportsVersioning) {
                     awsResp[location] = {
                         message: 'Congrats! You own the bucket',
                     };
                     return callback(null, awsResp);
                 }
-                return this._client.send(new GetObjectCommand({
+                return this._client.send(new GetBucketVersioningCommand({
                     Bucket: this._awsBucketName })).catch(err => {
                         awsResp[location] = { error: err, external: true };
                     }).then(data => {
-                        if (!data.VersionId) {
+                        if (!data.Status ||
+                            data.Status === 'Suspended') {
                             awsResp[location] = {
                                 versioningStatus: data.Status,
                                 error: 'Versioning must be enabled',
@@ -270,6 +278,9 @@ class AwsClient {
                         }
                     return callback(null, awsResp);
                 });
+            }).catch(err => {
+                awsResp[location] = { error: err, external: true };
+                return callback(null, awsResp);
             });
     }
 
@@ -419,10 +430,10 @@ class AwsClient {
         const completeObjData = { key: awsKey };
         return this._client.send(new CompleteMultipartUploadCommand(mpuParams)).catch(err => {
 
-                    if (mpuError[err.code]) {
+                    if (mpuError[err.name]) {
                         logHelper(log, 'trace', 'err from data backend on ' +
                     'completeMPU', err, this._dataStoreName, this.clientType);
-                        return callback(errors[err.code]);
+                        return callback(errors[err.name]);
                     }
                     logHelper(log, 'error', 'err from data backend on ' +
                 'completeMPU', err, this._dataStoreName, this.clientType);
@@ -551,7 +562,7 @@ class AwsClient {
             awsParams.ServerSideEncryption = 'AES256';
         }
         return this._client.send(new CopyObjectCommand(awsParams)).catch(err => {
-            if (err.code === 'AccessDenied') {
+            if (err instanceof AccessDeniedException) {
                 logHelper(log, 'error', 'Unable to access ' +
                 `${sourceAwsBucketName} ${this.type} bucket`, err,
                 this._dataStoreName, this.clientType);
@@ -608,7 +619,7 @@ class AwsClient {
             UploadId: uploadId,
         };
         return this._client.send(new CopyObjectCommand(params)).catch(err => {
-                if (err.code === 'AccessDenied') {
+                if (err instanceof AccessDeniedException) {
                     logHelper(log, 'error', 'Unable to access ' +
                     `${sourceAwsBucketName} AWS bucket`, err,
                     this._dataStoreName, this.clientType);

lib/storage/data/external/AzureClient.js

@@ -263,7 +263,7 @@ class AzureClient {
             } catch (err) {
                 let logLevel;
                 let retError;
-                if (err.code === 'NotFound') {
+                if (err.name === 'NotFound') {
                     logLevel = 'info';
                     retError = errors.LocationNotFound;
                 } else {