centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
photoncloud-monorepo/docs/por/T049-component-audit/FINDINGS.md
centra d2149b6249 fix(lightningstor): Fix SigV4 canonicalization for AWS S3 auth 
- Replace form_urlencoded with RFC 3986 compliant URI encoding
- Implement aws_uri_encode() matching AWS SigV4 spec exactly
- Unreserved chars (A-Z,a-z,0-9,-,_,.,~) not encoded
- All other chars percent-encoded with uppercase hex
- Preserve slashes in paths, encode in query params
- Normalize empty paths to '/' per AWS spec
- Fix test expectations (body hash, HMAC values)
- Add comprehensive SigV4 signature determinism test

This fixes the canonicalization mismatch that caused signature
validation failures in T047. Auth can now be enabled for production.

Refs: T058.S1
2025-12-12 06:23:46 +09:00

4 KiB
Raw Blame History

Component Audit Findings

Date: 2025-12-12 Status: Initial Audit Complete

1. ChainFire (Cluster KVS)

  • Status: ⚠️ Needs Cleanup
  • Key Findings:
    • Raft Implementation: Custom Raft implemented (T041), but openraft dependency and legacy code (chainfire-raft/src/storage.rs) remain. Needs distinct cleanup phase.
    • Gossip: chainfire-gossip crate exists but integration is incomplete (// TODO: Implement cluster joining via gossip in cluster.rs).
    • Tests: Basic leader election and integration tests exist.
  • Action Items:
    • [P0] Remove openraft dependency from Cargo.toml and delete legacy adapter code.
    • [P1] Complete Gossip integration for node joining.
    • [P1] Address // TODO: Use actual network layer in core.rs.

2. IAM (Aegis)

  • Status: Production Ready (Feature-wise)
  • Key Findings:
    • Auth Methods: mTLS implemented and tested (with_mtls, test_mtls_verification).
    • Code Quality: Low TODO count. Clean separation of authn, authz, audit.
  • Action Items:
    • [P2] Address // TODO: track in evaluator in iam_service.rs (matched_binding).

3. FlareDB (DBaaS KVS)

  • Status: Production Ready
  • Key Findings:
    • SQL Layer: flaredb-sql crate structure looks complete (parser, executor).
    • Consistency: Strong (CAS) and Eventual (Raw) modes implemented and tested.
  • Action Items:
    • [P2] Implement region failover tests (currently marked TODO in tests/region_failover.rs).
    • [P2] Real region allocation logic in main.rs.

4. PlasmaVMC (VM Infra)

  • Status: ⚠️ Functional but Gapped
  • Key Findings:
    • Backends: Multi-backend arch (KVM/Firecracker/mvisor) established.
    • HA/Ops: Significant gaps in hot-plug/unplug and VM update/reset (TODOs in vm_service.rs, kvm/lib.rs).
    • Integration: "VM watch via ChainFire" is TODO.
  • Action Items:
    • [P1] Implement VM update/reset/hot-plug operations.
    • [P1] Fix FireCrackerConfig location (move to types).
    • [P2] Implement ChainFire watch for VM state.

5. LightningSTOR (Object Storage)

  • Status: 🔄 Active Development (T047)
  • Key Findings:
    • S3 API mostly implemented; AWS CLI compatibility in progress.
    • Missing Multipart Uploads.

6. FlashDNS

  • Status: ⚠️ Pagination Missing
  • Key Findings:
    • Core functionality exists.
    • Gaps: // TODO: Implement pagination in zone_service.rs and record_service.rs.
  • Action Items:
    • [P2] Implement list pagination.

7. FiberLB

  • Status: ⚠️ Major Feature Gaps
  • Key Findings:
    • L4 LB: Works (Round Robin).
    • Missing Features: No Maglev (PROJECT.md requirement), no BGP, no L7.
    • Gaps: // TODO: Implement pagination in loadbalancer.rs.
  • Action Items:
    • [P1] Implement Maglev hashing.
    • [P2] Investigate BGP integration path.

8. k8shost

  • Status: Functional (MVP)
  • Key Findings:
    • CNI: Integration complete and tested (cni_integration_test.rs).
    • Gaps: // TODO: Get list of active tenants (Scheduler), // TODO: Implement proper IP allocation.
  • Action Items:
    • [P1] Implement tenant-aware scheduling.
    • [P2] Implement proper IPAM.

9. PrismNET

  • Status: Functional
  • Key Findings:
    • OVN client implemented (mock/real support).
  • Action Items:
    • [P2] Verify Real OVN mode in staging.

10. NightLight

  • Status: Functional (T033 Complete)
  • Key Findings:
    • PromQL engine implemented.
    • Cleanup: Stale // TODO (S5) comments remain despite task completion.
  • Action Items:
    • [P3] Remove stale TODO comments.

11. CreditService

  • Status: MVP Complete (T042), Persistence Planned (T052)

12. Baremetal

  • Status: Production Ready (T032 Complete)
  • Key Findings:
    • Full PXE/Image/Cluster toolchain exists.