centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
photoncloud-monorepo/docs/por/T049-component-audit/FINDINGS.md
centra d2149b6249 fix(lightningstor): Fix SigV4 canonicalization for AWS S3 auth 
- Replace form_urlencoded with RFC 3986 compliant URI encoding
- Implement aws_uri_encode() matching AWS SigV4 spec exactly
- Unreserved chars (A-Z,a-z,0-9,-,_,.,~) not encoded
- All other chars percent-encoded with uppercase hex
- Preserve slashes in paths, encode in query params
- Normalize empty paths to '/' per AWS spec
- Fix test expectations (body hash, HMAC values)
- Add comprehensive SigV4 signature determinism test

This fixes the canonicalization mismatch that caused signature
validation failures in T047. Auth can now be enabled for production.

Refs: T058.S1
2025-12-12 06:23:46 +09:00

98 lines
No EOL
4 KiB
Markdown
Raw Blame History

# Component Audit Findings
**Date:** 2025-12-12
**Status:** Initial Audit Complete
## 1. ChainFire (Cluster KVS)
* **Status**: ⚠️ Needs Cleanup
* **Key Findings**:
* **Raft Implementation**: Custom Raft implemented (T041), but `openraft` dependency and legacy code (`chainfire-raft/src/storage.rs`) remain. Needs distinct cleanup phase.
* **Gossip**: `chainfire-gossip` crate exists but integration is incomplete (`// TODO: Implement cluster joining via gossip` in `cluster.rs`).
* **Tests**: Basic leader election and integration tests exist.
* **Action Items**:
* [P0] Remove `openraft` dependency from `Cargo.toml` and delete legacy adapter code.
* [P1] Complete Gossip integration for node joining.
* [P1] Address `// TODO: Use actual network layer` in `core.rs`.
## 2. IAM (Aegis)
* **Status**: ✅ Production Ready (Feature-wise)
* **Key Findings**:
* **Auth Methods**: mTLS implemented and tested (`with_mtls`, `test_mtls_verification`).
* **Code Quality**: Low TODO count. Clean separation of `authn`, `authz`, `audit`.
* **Action Items**:
* [P2] Address `// TODO: track in evaluator` in `iam_service.rs` (matched_binding).
## 3. FlareDB (DBaaS KVS)
* **Status**: ✅ Production Ready
* **Key Findings**:
* **SQL Layer**: `flaredb-sql` crate structure looks complete (parser, executor).
* **Consistency**: Strong (CAS) and Eventual (Raw) modes implemented and tested.
* **Action Items**:
* [P2] Implement region failover tests (currently marked TODO in `tests/region_failover.rs`).
* [P2] Real region allocation logic in `main.rs`.
## 4. PlasmaVMC (VM Infra)
* **Status**: ⚠️ Functional but Gapped
* **Key Findings**:
* **Backends**: Multi-backend arch (KVM/Firecracker/mvisor) established.
* **HA/Ops**: Significant gaps in hot-plug/unplug and VM update/reset (TODOs in `vm_service.rs`, `kvm/lib.rs`).
* **Integration**: "VM watch via ChainFire" is TODO.
* **Action Items**:
* [P1] Implement VM update/reset/hot-plug operations.
* [P1] Fix `FireCrackerConfig` location (move to types).
* [P2] Implement ChainFire watch for VM state.
## 5. LightningSTOR (Object Storage)
* **Status**: 🔄 Active Development (T047)
* **Key Findings**:
* S3 API mostly implemented; AWS CLI compatibility in progress.
* Missing Multipart Uploads.
## 6. FlashDNS
* **Status**: ⚠️ Pagination Missing
* **Key Findings**:
* Core functionality exists.
* **Gaps**: `// TODO: Implement pagination` in `zone_service.rs` and `record_service.rs`.
* **Action Items**:
* [P2] Implement list pagination.
## 7. FiberLB
* **Status**: ⚠️ Major Feature Gaps
* **Key Findings**:
* **L4 LB**: Works (Round Robin).
* **Missing Features**: No Maglev (PROJECT.md requirement), no BGP, no L7.
* **Gaps**: `// TODO: Implement pagination` in `loadbalancer.rs`.
* **Action Items**:
* [P1] Implement Maglev hashing.
* [P2] Investigate BGP integration path.
## 8. k8shost
* **Status**: ✅ Functional (MVP)
* **Key Findings**:
* **CNI**: Integration complete and tested (`cni_integration_test.rs`).
* **Gaps**: `// TODO: Get list of active tenants` (Scheduler), `// TODO: Implement proper IP allocation`.
* **Action Items**:
* [P1] Implement tenant-aware scheduling.
* [P2] Implement proper IPAM.
## 9. PrismNET
* **Status**: ✅ Functional
* **Key Findings**:
* OVN client implemented (mock/real support).
* **Action Items**:
* [P2] Verify Real OVN mode in staging.
## 10. NightLight
* **Status**: ✅ Functional (T033 Complete)
* **Key Findings**:
* PromQL engine implemented.
* **Cleanup**: Stale `// TODO (S5)` comments remain despite task completion.
* **Action Items**:
* [P3] Remove stale TODO comments.
## 11. CreditService
* **Status**: ✅ MVP Complete (T042), Persistence Planned (T052)
## 12. Baremetal
* **Status**: ✅ Production Ready (T032 Complete)
* **Key Findings**:
* Full PXE/Image/Cluster toolchain exists.
Reference in a new issue View git blame Copy permalink