From 497d360d7d0903635becddbe7de0ab8c4edc74a0 Mon Sep 17 00:00:00 2001 From: cneira Date: Wed, 11 Jun 2025 23:32:09 -0400 Subject: [PATCH 01/13] WIP RFD-186 --- rfd/0186/README.md | 115 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 rfd/0186/README.md diff --git a/rfd/0186/README.md b/rfd/0186/README.md new file mode 100644 index 00000000..33b4e4ba --- /dev/null +++ b/rfd/0186/README.md @@ -0,0 +1,115 @@ +--- +author: Carlos Neira +state: predraft +--- + + + + + +# RFD 186 S3 Compatibility for Manta + +## Introduction + +This document will describe the proposed design of a S3 compatibility layer +for Manta object storage, that will allow third party S3 clients to interact +with Manta. + +A driven force for Manta v2 was to move from the traditional Manta Directory API +to a flat structure that resembles more how objects are layout in S3, part of +that effort was the creation of a Manta Buckets API that implement most of the +operations that are expected for an S3 Bucket to support. The shortcomming of +that design was although those operations were supported we still rely on the +Manta set of applications that access this new Buckets API. + +The purpose of this S3 compatibility layer is to translate S3 object requests into +Manta buckets API requests, which falls in the category of system call +emulation. This scheme has been proven successful in the past, relevant examples are +[https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md](sdc-docker), +[https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34](Linux Branded Zones). For this specific type of emulation (Object storage API emulation) there are already cases +where it has been implemented successfully, for example [https://min.io/docs/minio/linux/reference/s3-api-compatibility.html](MinIO) + + +## 1. Design Discussion + +### S3 compatibility Layer Description + +A S3 compatibility layer will allow a user of an S3 compatible object store, to store +objects into Manta Object store, in order to achieve this premise this layer should be able +to present to an S3 client a minimal API surface that will allow existing S3 +clients to start using a Manta Object Store without modification of their +current scripts. + +### Desired S3 Operations + +At a minimum, the Manta S3 Compatibility layer should be able to translate the +following S3 requests into manta-buckets-api requests. + + - S3 bucket creation via PUT /{bucket} + - S3 bucket listing via GET / + - S3 bucket deletion via DELETE /{bucket} + - S3 bucket check existence via HEAD /{bucket} + - S3 object upload via PUT /{bucket}/{object} + - S3 PUT object conditional requests (If-None-Match, If-Match) + - S3 object download via GET /{bucket}/{object} + - S3 object deletion via DELETE /{bucket}/{object} + - S3 object metadata retrieval via HEAD /{bucket}/{object} + - S3 bucket content listing via GET /{bucket} + - S3 bucket creation via PUT /{bucket} + - S3 bucket listing via GET / + - S3 bucket deletion via DELETE /{bucket} + - S3 bucket check existence via HEAD /{bucket} + - S3 object upload via PUT /{bucket}/{object} + - S3 PUT object conditional requests (If-None-Match, If-Match) + - S3 object download via GET /{bucket}/{object} + - S3 object deletion via DELETE /{bucket}/{object} + - S3 object metadata retrieval via HEAD /{bucket}/{object} + - S3 bucket content listing via GET /{bucket} + - AWS v2 signature authentication + - AWS v4 signature authentication + - S3 bucket creation via PUT /{bucket} + - S3 bucket listing via GET / + - S3 bucket deletion via DELETE /{bucket} + - S3 bucket check existence via HEAD /{bucket} + - S3 object upload via PUT /{bucket}/{object} + - S3 PUT object conditional requests (If-None-Match, If-Match) + - S3 object download via GET /{bucket}/{object} + - S3 object deletion via DELETE /{bucket}/{object} + - S3 object metadata retrieval via HEAD /{bucket}/{object} + - S3 bucket content listing via GET /{bucket} + - AWS v2 signature authentication + - AWS v4 signature authentication + + + +### Implementation Requirements and Constraints + +In terms of API constraints we will not implement a translation for the +following S3 features: Versioning, Replication, Object Lock, Select, Lifecycle, +Server Side Encryption, Web site hosting and Batch. The compatibility layer will +only focus on allowing users to store objects into Manta and percolade Amazon S3's +request metadata to equivalent Manta metadata attributes for objects stored +through this compatibility layer. +Finally, we want to leverage the current Manta architecture and components +whenever possible. + + +### Implementation Discussion + +These set of objectives and their constraints, will help shape the design +decisions for the S3 compatibility layer. + +#### Authentication + +AWS since [https://aws.amazon.com/es/blogs/aws/amazon_s3/](2006) has been using +SigV2 to authenticate requests, support for this authentication scheme has been +obsoleted in favor of +[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html](SigV4). + + From 4c408c13b58f1c5f32fbac41caf5829c05011b86 Mon Sep 17 00:00:00 2001 From: cneira Date: Thu, 12 Jun 2025 10:02:26 -0400 Subject: [PATCH 02/13] updates --- rfd/0186/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 33b4e4ba..a2babf94 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -111,5 +111,7 @@ AWS since [https://aws.amazon.com/es/blogs/aws/amazon_s3/](2006) has been using SigV2 to authenticate requests, support for this authentication scheme has been obsoleted in favor of [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html](SigV4). - +That aliviates some of the work as we will need just to concentrate in +implementing SigV4. +AWS authentication scheme relies in the use of Access Key ID and symmetric keys From b66714d6684a88fc2d2aecdf0445ebeddf936158 Mon Sep 17 00:00:00 2001 From: cneira Date: Thu, 12 Jun 2025 17:35:08 -0400 Subject: [PATCH 03/13] wip --- rfd/0186/README.md | 157 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 133 insertions(+), 24 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index a2babf94..26aae3a5 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -28,20 +28,25 @@ operations that are expected for an S3 Bucket to support. The shortcomming of that design was although those operations were supported we still rely on the Manta set of applications that access this new Buckets API. -The purpose of this S3 compatibility layer is to translate S3 object requests into +The purpose of this S3 compatibility layer is to translate S3 object requests in +to Manta buckets API requests, which falls in the category of system call -emulation. This scheme has been proven successful in the past, relevant examples are -[https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md](sdc-docker), -[https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34](Linux Branded Zones). For this specific type of emulation (Object storage API emulation) there are already cases -where it has been implemented successfully, for example [https://min.io/docs/minio/linux/reference/s3-api-compatibility.html](MinIO) +emulation. This scheme has been proven successful in the past, relevant examples + are +[1] sdc-docker, [2] Linux Branded Zones. For this specific type of emulation +(Object storage API emulation) there are already cases where it has been impleme +nted +successfully, for example [3]MinIO ## 1. Design Discussion ### S3 compatibility Layer Description -A S3 compatibility layer will allow a user of an S3 compatible object store, to store -objects into Manta Object store, in order to achieve this premise this layer should be able +A S3 compatibility layer will allow a user of an S3 compatible object store, to +store +objects into Manta Object store, in order to achieve this premise this layer sho +uld be able to present to an S3 client a minimal API surface that will allow existing S3 clients to start using a Manta Object Store without modification of their current scripts. @@ -86,32 +91,136 @@ following S3 requests into manta-buckets-api requests. - AWS v2 signature authentication - AWS v4 signature authentication - - ### Implementation Requirements and Constraints In terms of API constraints we will not implement a translation for the following S3 features: Versioning, Replication, Object Lock, Select, Lifecycle, Server Side Encryption, Web site hosting and Batch. The compatibility layer will -only focus on allowing users to store objects into Manta and percolade Amazon S3's -request metadata to equivalent Manta metadata attributes for objects stored -through this compatibility layer. -Finally, we want to leverage the current Manta architecture and components -whenever possible. +only focus on allowing users to store objects into Manta and percolade Amazon S3 +'s request metadata to equivalent Manta metadata attributes for objects stored +through this compatibility layer. Finally, we want to leverage the current Manta +architecture and components whenever possible. - -### Implementation Discussion +### Proposed solution These set of objectives and their constraints, will help shape the design decisions for the S3 compatibility layer. -#### Authentication +#### S3 gateway -AWS since [https://aws.amazon.com/es/blogs/aws/amazon_s3/](2006) has been using -SigV2 to authenticate requests, support for this authentication scheme has been -obsoleted in favor of -[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html](SigV4). -That aliviates some of the work as we will need just to concentrate in -implementing SigV4. -AWS authentication scheme relies in the use of Access Key ID and symmetric keys +The S3 gateway service will translate AWS S3 object and bucket requests into Man +ta Storage operations. While the gateway won't support all S3 features, nonetheless +it will enable users to interact with Manta Object Storage as a standard S3 endpoint, +as long as the user uses the subset of features that Manta Storage will expose +in it's S3 gateway. +The gateway layer will translate requests from *AWS S3* clients to *Manta V2* bu +cket storage, exposing the Manta object storage operations that have S3 equivalents. + This will allow existing applications and scripts that use S3 to work with Mant +a Object Storage through the S3 gateway seamlessly. +To achieve S3 compatibility will need to think on how to address the following +problems. + +1. Authentication. +2. S3 request translation to Manta Storage requests equivalents whenever is + applicable. +3. Buckets subdomains. +4. Billing +5. Multipart Uploads + +##### 1. Authentication + +AWS since [https://aws.amazon.com/es/blogs/aws/amazon_s3/](2006) has been using +Sigv2 to authenticate requests, support for this authentication scheme has been +obsoleted in favor of SigV4. That aliviates some of the work required as efforts +will be concentrated in SigV4 implementation. Sigv4 authentication scheme relies +in the use of Access Key ID and Access Secret Key ID which are used to authentica- +te requests[7]. +In Manta the authentication scheme relies in the tuple MANTA_USER and a ssh MD5 +fingerprint which is used to authenticating requests using +[https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00](the HTTP +Signature over TLS) scheme. Manta authentication is done through [4]Unified foun +dation directory service which is cached by [5]mahi, the first stepping +stone towards S3 compatiblity is to add the required metadata to UFDS (access ke +ys per account), in order for mahi to be able to start using them, efforts +towards this goal have already been integrated in TRITON-2152, but more efforts +are required to access keys to be usable in the mahi authentication cache. + + +##### 2. Convert S3 requests into Manta Object storage requests. + +The manta-buckets already possess an API surface alike AWS S3 buckets, with that +in mind he will convert all incoming requests to the S3 gateway into +manta-buckets requests. + + +``` + ┌─────────────────────┐ + │ │ + │ S3 Client │ + │ │ + └─────────────────────┘ + ▲ + │ + 1. S3 Bucket Request │ 4. S3 gateway Response + GET|PUT|DELETE|HEAD │ GET|PUT|DELETE|HEAD + /{bucket}/{object} │ + │ +┌───────────────────────────────────────┼───────────────────────────────────────┐ +│Triton Datacenter │ │ +│ │ │ +│ │ │ +│ │ │ +│ ▼ │ +│ ┌───────────────────┐ │ +│ │ S3-gateway │ │ +│ └───────────────────┘ │ +│ ▲ │ +│ │ │ +│ │ │ +│ │ 3. MANTA Buckets Response │ +│ 2. MANTA BucketsRequest │ GET|PUT|DELETE|HEAD │ +│ GET|PUT|DELETE|HEAD │ │ +│ {manta-bucket}/{manta-object} │ │ +│ │ │ +│ │ │ +│ ▼ │ +│ ┌────────────────────────────┐ │ +│ │ │ │ +│ │ │ │ +│ │ manta-buckets-api │ │ +│ │ │ │ +│ │ │ │ +│ └────────────────────────────┘ │ +│ │ +│ │ +│ │ +│ │ +└───────────────────────────────────────────────────────────────────────────────┘ +``` + +1. A client sends a request to upload or delete an object to a Triton bucket thr +ough the `s3-gateway` service using an existing S3 script. +2. The `s3-gateway` service processes the request by generating a request for ` +manta-buckets-api` and converting the S3 request metadata into Manta Object stor +age equivalents. +3. The `manta-buckets-api` responds with a success/error back to the `s3-gateway +.` +4. The S3 gateway converts the `manta-buckets-api` response to an S3-compatible +success or error response. + +The + + + +### References + +[1] https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features +/smartos.md +[2] https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9 +f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 +[3] https://min.io/docs/minio/linux/reference/s3-api-compatibility.html +[4] https://github.com/TritonDataCenter/sdc-ufds/tree/master +[5] https://github.com/TritonDataCenter/mahi/tree/master +[6] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html +[7] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html From 1313133a68e0486046688d93240ab8a49761680f Mon Sep 17 00:00:00 2001 From: cneira Date: Thu, 12 Jun 2025 18:30:55 -0400 Subject: [PATCH 04/13] added buckets subdomains --- rfd/0186/README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 26aae3a5..7ab9ca16 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -122,7 +122,7 @@ To achieve S3 compatibility will need to think on how to address the following problems. 1. Authentication. -2. S3 request translation to Manta Storage requests equivalents whenever is +2. S3 request translation to Manta applicable. 3. Buckets subdomains. 4. Billing @@ -147,11 +147,12 @@ towards this goal have already been integrated in TRITON-2152, but more efforts are required to access keys to be usable in the mahi authentication cache. -##### 2. Convert S3 requests into Manta Object storage requests. +##### 2. S3 requests translation to Manta The manta-buckets already possess an API surface alike AWS S3 buckets, with that in mind he will convert all incoming requests to the S3 gateway into manta-buckets requests. +The following roughly shows how a S3 gateway should operate. ``` @@ -209,10 +210,21 @@ age equivalents. 4. The S3 gateway converts the `manta-buckets-api` response to an S3-compatible success or error response. -The +#### 3. Buckets subdomains + +AWS S3 identifies buckets using subdomains, for this a possible solution +will be to a wildcard subdomain and a root domain to map to the address of +where S3 gateway service is running, and we will need to setup a certificate +that is able to support wildcard subdomains,for SSL/TLS. + + + +#### 4. Billing + +#### 5. Multipart uploads. ### References [1] https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features From 86e309d34eb91a6f02e408ec6ce04e5b0117b7a5 Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 16:07:57 -0400 Subject: [PATCH 05/13] beautify doc --- rfd/0186/README.md | 356 ++++++++++++++++++++++----------------------- 1 file changed, 178 insertions(+), 178 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 7ab9ca16..453dca1c 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -17,222 +17,222 @@ state: predraft ## Introduction -This document will describe the proposed design of a S3 compatibility layer +This document will describe the proposed design of a S3 compatibility layer for Manta object storage, that will allow third party S3 clients to interact with Manta. -A driven force for Manta v2 was to move from the traditional Manta Directory API -to a flat structure that resembles more how objects are layout in S3, part of -that effort was the creation of a Manta Buckets API that implement most of the -operations that are expected for an S3 Bucket to support. The shortcomming of -that design was although those operations were supported we still rely on the -Manta set of applications that access this new Buckets API. - -The purpose of this S3 compatibility layer is to translate S3 object requests in -to -Manta buckets API requests, which falls in the category of system call -emulation. This scheme has been proven successful in the past, relevant examples - are -[1] sdc-docker, [2] Linux Branded Zones. For this specific type of emulation -(Object storage API emulation) there are already cases where it has been impleme -nted -successfully, for example [3]MinIO +A driven force for Manta v2 was to move from the traditional Manta Directory +API to a flat structure that resembles more how objects are layout in S3, part +of that effort was the creation of a Manta Buckets API that implement most of +the operations that are expected for an S3 Bucket to support. The shortcoming +of that design was that although those operations were supported, we still +rely on the Manta set of applications that access this new Buckets API. +The purpose of this S3 compatibility layer is to translate S3 object requests +into Manta buckets API requests, which falls in the category of system call +emulation. This scheme has been proven successful in the past, relevant +examples are [1] sdc-docker, [2] Linux Branded Zones. For this specific type +of emulation (Object storage API emulation) there are already cases where it +has been implemented successfully, for example [3] MinIO ## 1. Design Discussion ### S3 compatibility Layer Description -A S3 compatibility layer will allow a user of an S3 compatible object store, to -store -objects into Manta Object store, in order to achieve this premise this layer sho -uld be able -to present to an S3 client a minimal API surface that will allow existing S3 -clients to start using a Manta Object Store without modification of their -current scripts. +An S3 compatibility layer will allow a user of an S3 compatible object store +to store objects into Manta Object store. In order to achieve this premise, +this layer should be able to present to an S3 client a minimal API surface +that will allow existing S3 clients to start using a Manta Object Store +without modification of their current scripts. ### Desired S3 Operations -At a minimum, the Manta S3 Compatibility layer should be able to translate the -following S3 requests into manta-buckets-api requests. - - - S3 bucket creation via PUT /{bucket} - - S3 bucket listing via GET / - - S3 bucket deletion via DELETE /{bucket} - - S3 bucket check existence via HEAD /{bucket} - - S3 object upload via PUT /{bucket}/{object} - - S3 PUT object conditional requests (If-None-Match, If-Match) - - S3 object download via GET /{bucket}/{object} - - S3 object deletion via DELETE /{bucket}/{object} - - S3 object metadata retrieval via HEAD /{bucket}/{object} - - S3 bucket content listing via GET /{bucket} - - S3 bucket creation via PUT /{bucket} - - S3 bucket listing via GET / - - S3 bucket deletion via DELETE /{bucket} - - S3 bucket check existence via HEAD /{bucket} - - S3 object upload via PUT /{bucket}/{object} - - S3 PUT object conditional requests (If-None-Match, If-Match) - - S3 object download via GET /{bucket}/{object} - - S3 object deletion via DELETE /{bucket}/{object} - - S3 object metadata retrieval via HEAD /{bucket}/{object} - - S3 bucket content listing via GET /{bucket} - - AWS v2 signature authentication - - AWS v4 signature authentication - - S3 bucket creation via PUT /{bucket} - - S3 bucket listing via GET / - - S3 bucket deletion via DELETE /{bucket} - - S3 bucket check existence via HEAD /{bucket} - - S3 object upload via PUT /{bucket}/{object} - - S3 PUT object conditional requests (If-None-Match, If-Match) - - S3 object download via GET /{bucket}/{object} - - S3 object deletion via DELETE /{bucket}/{object} - - S3 object metadata retrieval via HEAD /{bucket}/{object} - - S3 bucket content listing via GET /{bucket} - - AWS v2 signature authentication - - AWS v4 signature authentication +At a minimum, the Manta S3 Compatibility layer should be able to translate +the following S3 requests into manta-buckets-api requests: + +- S3 bucket creation via `PUT /{bucket}` +- S3 bucket listing via `GET /` +- S3 bucket deletion via `DELETE /{bucket}` +- S3 bucket check existence via `HEAD /{bucket}` +- S3 object upload via `PUT /{bucket}/{object}` +- S3 PUT object conditional requests (`If-None-Match`, `If-Match`) +- S3 object download via `GET /{bucket}/{object}` +- S3 object deletion via `DELETE /{bucket}/{object}` +- S3 object metadata retrieval via `HEAD /{bucket}/{object}` +- S3 bucket content listing via `GET /{bucket}` +- AWS v2 signature authentication +- AWS v4 signature authentication ### Implementation Requirements and Constraints In terms of API constraints we will not implement a translation for the -following S3 features: Versioning, Replication, Object Lock, Select, Lifecycle, -Server Side Encryption, Web site hosting and Batch. The compatibility layer will -only focus on allowing users to store objects into Manta and percolade Amazon S3 -'s request metadata to equivalent Manta metadata attributes for objects stored -through this compatibility layer. Finally, we want to leverage the current Manta -architecture and components whenever possible. +following S3 features: + +- Versioning +- Replication +- Object Lock +- Select +- Lifecycle +- Server Side Encryption +- Web site hosting +- Batch + +The compatibility layer will only focus on allowing users to store objects +into Manta and percolate Amazon S3's request metadata to equivalent Manta +metadata attributes for objects stored through this compatibility layer. +Finally, we want to leverage the current Manta architecture and components +whenever possible. ### Proposed solution These set of objectives and their constraints, will help shape the design -decisions for the S3 compatibility layer. - -#### S3 gateway - -The S3 gateway service will translate AWS S3 object and bucket requests into Man -ta Storage operations. While the gateway won't support all S3 features, nonetheless -it will enable users to interact with Manta Object Storage as a standard S3 endpoint, -as long as the user uses the subset of features that Manta Storage will expose -in it's S3 gateway. - -The gateway layer will translate requests from *AWS S3* clients to *Manta V2* bu -cket storage, exposing the Manta object storage operations that have S3 equivalents. - This will allow existing applications and scripts that use S3 to work with Mant -a Object Storage through the S3 gateway seamlessly. -To achieve S3 compatibility will need to think on how to address the following -problems. - -1. Authentication. -2. S3 request translation to Manta - applicable. -3. Buckets subdomains. +decisions for the S3 compatibility layer. + +#### S3 gateway + +The S3 gateway service will translate AWS S3 object and bucket requests into +Manta Storage operations. While the gateway won't support all S3 features, +nonetheless it will enable users to interact with Manta Object Storage as a +standard S3 endpoint, as long as the user uses the subset of features that +Manta Storage will expose in it's S3 gateway. + +The gateway layer will translate requests from **AWS S3** clients to +**Manta V2** bucket storage, exposing the Manta object storage operations +that have S3 equivalents. This will allow existing applications and scripts +that use S3 to work with Manta Object Storage through the S3 gateway +seamlessly. + +To achieve S3 compatibility, we will need to think about how to address the +following problems: + +1. Authentication +2. S3 request translation to Manta requests +3. Buckets subdomains 4. Billing 5. Multipart Uploads -##### 1. Authentication - -AWS since [https://aws.amazon.com/es/blogs/aws/amazon_s3/](2006) has been using -Sigv2 to authenticate requests, support for this authentication scheme has been -obsoleted in favor of SigV4. That aliviates some of the work required as efforts -will be concentrated in SigV4 implementation. Sigv4 authentication scheme relies -in the use of Access Key ID and Access Secret Key ID which are used to authentica- -te requests[7]. -In Manta the authentication scheme relies in the tuple MANTA_USER and a ssh MD5 -fingerprint which is used to authenticating requests using -[https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00](the HTTP -Signature over TLS) scheme. Manta authentication is done through [4]Unified foun -dation directory service which is cached by [5]mahi, the first stepping -stone towards S3 compatiblity is to add the required metadata to UFDS (access ke -ys per account), in order for mahi to be able to start using them, efforts -towards this goal have already been integrated in TRITON-2152, but more efforts -are required to access keys to be usable in the mahi authentication cache. - +##### 1. Authentication + +AWS since [2006](https://aws.amazon.com/es/blogs/aws/amazon_s3/) has been +using SigV2 to authenticate requests, but support for this authentication +scheme has been obsoleted in favor of SigV4. That alleviates some of the work +required as efforts will be concentrated on SigV4 implementation. SigV4 +authentication scheme relies on the use of Access Key ID and Access Secret +Key ID which are used to authenticate requests [7]. + +In Manta, the authentication scheme relies on the tuple `MANTA_USER` and an +SSH MD5 fingerprint which is used to authenticate requests using the HTTP +Signature over TLS[8] scheme. Manta authentication is done through +[4] Unified Foundation Directory Service which is cached by [5] mahi. The +first stepping stone towards S3 compatibility is to add the required metadata +to UFDS (access keys per account), in order for mahi to be able to start +using them. Efforts towards this goal have already been integrated in +TRITON-2152, but more efforts are required for access keys to be usable in +the mahi authentication cache. ##### 2. S3 requests translation to Manta -The manta-buckets already possess an API surface alike AWS S3 buckets, with that -in mind he will convert all incoming requests to the S3 gateway into -manta-buckets requests. -The following roughly shows how a S3 gateway should operate. +The manta-buckets already possess an API surface similar to AWS S3 buckets. +With that in mind, we will convert all incoming requests to the S3 gateway +into manta-buckets requests. +The following diagram shows how a S3 gateway should operate: ``` - ┌─────────────────────┐ - │ │ - │ S3 Client │ - │ │ - └─────────────────────┘ - ▲ - │ - 1. S3 Bucket Request │ 4. S3 gateway Response - GET|PUT|DELETE|HEAD │ GET|PUT|DELETE|HEAD - /{bucket}/{object} │ - │ -┌───────────────────────────────────────┼───────────────────────────────────────┐ -│Triton Datacenter │ │ -│ │ │ -│ │ │ -│ │ │ -│ ▼ │ -│ ┌───────────────────┐ │ -│ │ S3-gateway │ │ -│ └───────────────────┘ │ -│ ▲ │ -│ │ │ -│ │ │ -│ │ 3. MANTA Buckets Response │ -│ 2. MANTA BucketsRequest │ GET|PUT|DELETE|HEAD │ -│ GET|PUT|DELETE|HEAD │ │ -│ {manta-bucket}/{manta-object} │ │ -│ │ │ -│ │ │ -│ ▼ │ -│ ┌────────────────────────────┐ │ -│ │ │ │ -│ │ │ │ -│ │ manta-buckets-api │ │ -│ │ │ │ -│ │ │ │ -│ └────────────────────────────┘ │ + ┌───────────────────────────┐ + │ 🔶 AWS S3 Client │ + │ (AWS CLI, SDK, Boto3) │ + └─────────────┬─────────────┘ + │ + ┌───────────▼───────────┐ + │ 🔶 1. AWS S3 Request │ + │ GET|PUT|DELETE|HEAD │ + │ /{bucket}/{object} │ + └───────────┬───────────┘ + │ +┌───────────────────────────▼───────────────────────────────────────────────────┐ +│ 🏢 Triton Datacenter │ │ │ -│ │ -│ │ -│ │ -└───────────────────────────────────────────────────────────────────────────────┘ +│ ┌─────────────────────────┐ │ +│ │ 🔀 S3 Gateway │ │ +│ │ (S3→Manta Bridge) │ │ +│ │ │ │ +│ │ • 🔶 SigV4 Auth │ │ +│ │ • 🔄 Request Translate │ │ +│ │ • 🔄 Response Mapping │ │ +│ └──────────┬──────────────┘ │ +│ │ │ +│ ┌───────────▼────────────┐ │ +│ │ 🏢 2. Manta Request │ │ +│ │ GET|PUT|DELETE|HEAD │ │ +│ │ /buckets/{bucket}/... │ │ +│ └───────────┬────────────┘ │ +│ │ │ +│ ┌──────────▼─────────────┐ │ +│ │ 🏢 Manta Buckets API │ │ +│ │ │ │ +│ │ • 🗂️ Bucket Ops │ │ +│ │ • ☁️ Object Storage │ │ +│ │ • 🏷️ Metadata Store │ │ +│ └──────────┬─────────────┘ │ +│ │ │ +│ ┌───────────▼────────────┐ │ +│ │ 🏢 3. Manta Response │ │ +│ │ Success/Error + Data │ │ +│ └───────────┬────────────┘ │ +│ │ │ +│ ┌──────────▲─────────────┐ │ +│ │ 🔀 S3 Gateway │ │ +│ │ (Response Translation)│ │ +│ └──────────┬─────────────┘ │ +└──────────────────────────────┼────────────────────────────────────────────────┘ + │ + ┌──────────────▼─────────────┐ + │ 🔶 4. AWS S3 Response │ + │ S3-Compatible Format │ + │ Headers, Status, Data │ + └───────────────┬────────────┘ + │ + ┌─────────────────▼─────────────┐ + │ 🔶 AWS S3 Client │ + │ Receives Response │ + └───────────────────────────────┘ ``` -1. A client sends a request to upload or delete an object to a Triton bucket thr -ough the `s3-gateway` service using an existing S3 script. -2. The `s3-gateway` service processes the request by generating a request for ` -manta-buckets-api` and converting the S3 request metadata into Manta Object stor -age equivalents. -3. The `manta-buckets-api` responds with a success/error back to the `s3-gateway -.` -4. The S3 gateway converts the `manta-buckets-api` response to an S3-compatible -success or error response. +**Flow Description:** +1. A client sends a request to upload or delete an object to a Triton bucket + through the `s3-gateway` service using an existing S3 script. +2. The `s3-gateway` service processes the request by generating a request for + `manta-buckets-api` and converting the S3 request metadata into Manta + Object storage equivalents. +3. The `manta-buckets-api` responds with a success/error back to the + `s3-gateway`. +4. The S3 gateway converts the `manta-buckets-api` response to an + S3-compatible success or error response. +#### 3. Buckets subdomains +AWS S3 identifies buckets using subdomains. For this, a possible solution +will be to use a wildcard subdomain and a root domain to map to the address +where the S3 gateway service is running. We will need to setup a certificate +that is able to support wildcard subdomains for SSL/TLS. -#### 3. Buckets subdomains +#### 4. Billing -AWS S3 identifies buckets using subdomains, for this a possible solution -will be to a wildcard subdomain and a root domain to map to the address of -where S3 gateway service is running, and we will need to setup a certificate -that is able to support wildcard subdomains,for SSL/TLS. +*[To be completed]* +#### 5. Multipart uploads +*[To be completed]* -#### 4. Billing +## References -#### 5. Multipart uploads. -### References - -[1] https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features -/smartos.md -[2] https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9 -f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 -[3] https://min.io/docs/minio/linux/reference/s3-api-compatibility.html -[4] https://github.com/TritonDataCenter/sdc-ufds/tree/master -[5] https://github.com/TritonDataCenter/mahi/tree/master -[6] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html -[7] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html +[1]: https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md +[2]: https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 +[3]: https://min.io/docs/minio/linux/reference/s3-api-compatibility.html +[4]: https://github.com/TritonDataCenter/sdc-ufds/tree/master +[5]: https://github.com/TritonDataCenter/mahi/tree/master +[6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html +[7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html +[8]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 From cf8d251ef2a2895ae8511043e0c22cd327f7442d Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 16:39:18 -0400 Subject: [PATCH 06/13] mermaid now --- rfd/0186/README.md | 128 ++++++++++++++++++++++----------------------- 1 file changed, 62 insertions(+), 66 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 453dca1c..09871ed6 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -29,11 +29,10 @@ of that design was that although those operations were supported, we still rely on the Manta set of applications that access this new Buckets API. The purpose of this S3 compatibility layer is to translate S3 object requests -into Manta buckets API requests, which falls in the category of system call -emulation. This scheme has been proven successful in the past, relevant -examples are [1] sdc-docker, [2] Linux Branded Zones. For this specific type -of emulation (Object storage API emulation) there are already cases where it -has been implemented successfully, for example [3] MinIO +into Manta buckets API requests, which falls in the category of emulation. +This scheme has been proven successful in the past, relevant examples are +[1] sdc-docker, [2] Linux Branded Zones. For this specific case there are already +cases where it has been implemented successfully, for example [3] MinIO. ## 1. Design Discussion @@ -138,65 +137,36 @@ into manta-buckets requests. The following diagram shows how a S3 gateway should operate: -``` - ┌───────────────────────────┐ - │ 🔶 AWS S3 Client │ - │ (AWS CLI, SDK, Boto3) │ - └─────────────┬─────────────┘ - │ - ┌───────────▼───────────┐ - │ 🔶 1. AWS S3 Request │ - │ GET|PUT|DELETE|HEAD │ - │ /{bucket}/{object} │ - └───────────┬───────────┘ - │ -┌───────────────────────────▼───────────────────────────────────────────────────┐ -│ 🏢 Triton Datacenter │ -│ │ -│ ┌─────────────────────────┐ │ -│ │ 🔀 S3 Gateway │ │ -│ │ (S3→Manta Bridge) │ │ -│ │ │ │ -│ │ • 🔶 SigV4 Auth │ │ -│ │ • 🔄 Request Translate │ │ -│ │ • 🔄 Response Mapping │ │ -│ └──────────┬──────────────┘ │ -│ │ │ -│ ┌───────────▼────────────┐ │ -│ │ 🏢 2. Manta Request │ │ -│ │ GET|PUT|DELETE|HEAD │ │ -│ │ /buckets/{bucket}/... │ │ -│ └───────────┬────────────┘ │ -│ │ │ -│ ┌──────────▼─────────────┐ │ -│ │ 🏢 Manta Buckets API │ │ -│ │ │ │ -│ │ • 🗂️ Bucket Ops │ │ -│ │ • ☁️ Object Storage │ │ -│ │ • 🏷️ Metadata Store │ │ -│ └──────────┬─────────────┘ │ -│ │ │ -│ ┌───────────▼────────────┐ │ -│ │ 🏢 3. Manta Response │ │ -│ │ Success/Error + Data │ │ -│ └───────────┬────────────┘ │ -│ │ │ -│ ┌──────────▲─────────────┐ │ -│ │ 🔀 S3 Gateway │ │ -│ │ (Response Translation)│ │ -│ └──────────┬─────────────┘ │ -└──────────────────────────────┼────────────────────────────────────────────────┘ - │ - ┌──────────────▼─────────────┐ - │ 🔶 4. AWS S3 Response │ - │ S3-Compatible Format │ - │ Headers, Status, Data │ - └───────────────┬────────────┘ - │ - ┌─────────────────▼─────────────┐ - │ 🔶 AWS S3 Client │ - │ Receives Response │ - └───────────────────────────────┘ +**Sequence Diagram:** + +```mermaid +sequenceDiagram + participant Client as 🔶 AWS S3 Client + participant Gateway as 🔀 S3 Gateway + participant API as 🏢 Manta Buckets API + + Note over Client, API: S3 Request Processing Flow + + Client->>Gateway: 1. PUT /{bucket}/{object} + Note right of Client: SigV4 Authenticated Request + + activate Gateway + Note over Gateway: • Validate SigV4 signature
• Parse S3 request
• Extract metadata + + Gateway->>API: 2. PUT /buckets/{bucket}/{object} + Note right of Gateway: Translated Manta Request + + activate API + Note over API: • Store object
• Update metadata
• Generate response + + API-->>Gateway: 3. 200 OK + Manta Response + deactivate API + + Note over Gateway: • Map Manta response to S3
• Generate S3-compatible headers
• Create ETag + + Gateway-->>Client: 4. 200 OK + S3 Response + deactivate Gateway + Note left of Gateway: S3-Compatible Response ``` **Flow Description:** @@ -220,11 +190,34 @@ that is able to support wildcard subdomains for SSL/TLS. #### 4. Billing -*[To be completed]* +*[TBD]* #### 5. Multipart uploads -*[To be completed]* +S3 multipart uploads[11] allow clients to upload large objects in multiple parts, +providing better performance and reliability for large files. This is a +critical feature for the S3 gateway as many applications rely on it for +uploading large objects. + +**S3 Multipart Upload Workflow:** + +1. **Initiate multipart upload** - Client calls `POST /{bucket}/{object}?uploads` + - Returns UploadId for tracking the upload session +2. **Upload parts** - Client uploads parts using `PUT /{bucket}/{object}?partNumber=X&uploadId=Y` + - Each part: 5MB minimum (except last part), 5GB maximum + - Support for 1-10,000 parts per upload + - Each part receives an ETag for verification +3. **Complete multipart upload** - Client calls `POST /{bucket}/{object}?uploadId=Y` + - Provides list of part numbers and ETags + - Server assembles final object from parts +4. **Abort multipart upload** - Client calls `DELETE /{bucket}/{object}?uploadId=Y` + - Cleans up incomplete uploads and temporary storage + +**Implementation Strategy:** + +There is existing work for Manta directory API [9] that we can leverage for +this implementation. Mako now possesses an API for MPU operations [10], which +requires the object parts and related metadata to construct the final object. ## References @@ -236,3 +229,6 @@ that is able to support wildcard subdomains for SSL/TLS. [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html [8]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 +[9]: https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md +[10]: https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 +[11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html From 3e55af60046f75593180f6e5adb41f084f65a71a Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 16:45:58 -0400 Subject: [PATCH 07/13] wip --- rfd/0186/README.md | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 09871ed6..ff7141fe 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -168,18 +168,9 @@ sequenceDiagram deactivate Gateway Note left of Gateway: S3-Compatible Response ``` +**Implementation Details ** -**Flow Description:** - -1. A client sends a request to upload or delete an object to a Triton bucket - through the `s3-gateway` service using an existing S3 script. -2. The `s3-gateway` service processes the request by generating a request for - `manta-buckets-api` and converting the S3 request metadata into Manta - Object storage equivalents. -3. The `manta-buckets-api` responds with a success/error back to the - `s3-gateway`. -4. The S3 gateway converts the `manta-buckets-api` response to an - S3-compatible success or error response. +Work in progress #### 3. Buckets subdomains From a65f1329e11dfdb24d7db09b1140dbdd059dbaf4 Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 16:49:36 -0400 Subject: [PATCH 08/13] recheck --- rfd/0186/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index ff7141fe..e0d3b453 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -190,7 +190,7 @@ providing better performance and reliability for large files. This is a critical feature for the S3 gateway as many applications rely on it for uploading large objects. -**S3 Multipart Upload Workflow:** +**AWS S3 Multipart Upload Workflow:** 1. **Initiate multipart upload** - Client calls `POST /{bucket}/{object}?uploads` - Returns UploadId for tracking the upload session From 3c08a0005208915dacd312d735bd92e0ff33b734 Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 16:56:16 -0400 Subject: [PATCH 09/13] WIP --- rfd/0186/README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index e0d3b453..c7ee368c 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -212,14 +212,14 @@ requires the object parts and related metadata to construct the final object. ## References -[1]: https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md -[2]: https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 -[3]: https://min.io/docs/minio/linux/reference/s3-api-compatibility.html -[4]: https://github.com/TritonDataCenter/sdc-ufds/tree/master -[5]: https://github.com/TritonDataCenter/mahi/tree/master -[6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html -[7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html -[8]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 -[9]: https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md -[10]: https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 -[11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html +[1] https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md +[2] https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 +[3] https://min.io/docs/minio/linux/reference/s3-api-compatibility.html +[4] https://github.com/TritonDataCenter/sdc-ufds/tree/master +[5] https://github.com/TritonDataCenter/mahi/tree/master +[6] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html +[7] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html +[8] https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 +[9] https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md +[10] https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 +[11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html From 6c0bce3f76381ed211acff72b91e1fa9abd7c397 Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 17:09:48 -0400 Subject: [PATCH 10/13] previous art --- rfd/0186/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index c7ee368c..ae99a594 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -32,7 +32,8 @@ The purpose of this S3 compatibility layer is to translate S3 object requests into Manta buckets API requests, which falls in the category of emulation. This scheme has been proven successful in the past, relevant examples are [1] sdc-docker, [2] Linux Branded Zones. For this specific case there are already -cases where it has been implemented successfully, for example [3] MinIO. +cases where it has been implemented successfully, for example [3] MinIO, and +previous work that is on the same venue like [12] s3-manta-bridge. ## 1. Design Discussion @@ -223,3 +224,4 @@ requires the object parts and related metadata to construct the final object. [9] https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md [10] https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 [11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html +[12] https://github.com/TritonDataCenter/s3-manta-bridge From a3e2e718450620ae8e002c0e9708974b6f40b80b Mon Sep 17 00:00:00 2001 From: cneira Date: Fri, 13 Jun 2025 17:10:36 -0400 Subject: [PATCH 11/13] newline --- rfd/0186/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index ae99a594..1ab9116b 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -223,5 +223,5 @@ requires the object parts and related metadata to construct the final object. [8] https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 [9] https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md [10] https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 -[11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html -[12] https://github.com/TritonDataCenter/s3-manta-bridge +[11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html +[12] https://github.com/TritonDataCenter/s3-manta-bridge From 6b5807ac87fe55f10f24c8cbfce65f8705ad2e23 Mon Sep 17 00:00:00 2001 From: cneira Date: Thu, 19 Jun 2025 15:31:01 -0400 Subject: [PATCH 12/13] update references --- rfd/0186/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 1ab9116b..7cb60d28 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -225,3 +225,7 @@ requires the object parts and related metadata to construct the final object. [10] https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 [11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html [12] https://github.com/TritonDataCenter/s3-manta-bridge +https://github.com/TritonDataCenter/rfd/blob/master/rfd/0149/README.md +https://github.com/TritonDataCenter/rfd/blob/master/rfd/0153/README.md +https://github.com/TritonDataCenter/rfd/blob/master/rfd/0155/README.md +https://github.com/TritonDataCenter/rfd/blob/master/rfd/0168/README.md From 012108ae5f9c411a1aeb8e6e56079c263f40ac7c Mon Sep 17 00:00:00 2001 From: cneira Date: Thu, 19 Jun 2025 15:34:45 -0400 Subject: [PATCH 13/13] fixup --- rfd/0186/README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/rfd/0186/README.md b/rfd/0186/README.md index 7cb60d28..78f85971 100644 --- a/rfd/0186/README.md +++ b/rfd/0186/README.md @@ -213,19 +213,19 @@ requires the object parts and related metadata to construct the final object. ## References -[1] https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md -[2] https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 -[3] https://min.io/docs/minio/linux/reference/s3-api-compatibility.html -[4] https://github.com/TritonDataCenter/sdc-ufds/tree/master -[5] https://github.com/TritonDataCenter/mahi/tree/master -[6] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html -[7] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html -[8] https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 -[9] https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md -[10] https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 -[11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html -[12] https://github.com/TritonDataCenter/s3-manta-bridge -https://github.com/TritonDataCenter/rfd/blob/master/rfd/0149/README.md -https://github.com/TritonDataCenter/rfd/blob/master/rfd/0153/README.md -https://github.com/TritonDataCenter/rfd/blob/master/rfd/0155/README.md -https://github.com/TritonDataCenter/rfd/blob/master/rfd/0168/README.md +- [1] https://github.com/TritonDataCenter/sdc-docker/blob/master/docs/api/features/smartos.md +- [2] https://github.com/TritonDataCenter/illumos-joyent/blob/810178ebcf77c96767a9f5c95f845858c5c6f41c/usr/src/uts/common/brand/lx/os/lx_brand.c#L34 +- [3] https://min.io/docs/minio/linux/reference/s3-api-compatibility.html +- [4] https://github.com/TritonDataCenter/sdc-ufds/tree/master +- [5] https://github.com/TritonDataCenter/mahi/tree/master +- [6] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html +- [7] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html +- [8] https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-00 +- [9] https://github.com/TritonDataCenter/rfd/blob/master/rfd/0065/README.md +- [10] https://github.com/TritonDataCenter/manta-mako/commit/f6a0721ec99b42e74288cf7d198ef3cd6f032725 +- [11] https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html +- [12] https://github.com/TritonDataCenter/s3-manta-bridge +- https://github.com/TritonDataCenter/rfd/blob/master/rfd/0149/README.md +- https://github.com/TritonDataCenter/rfd/blob/master/rfd/0153/README.md +- https://github.com/TritonDataCenter/rfd/blob/master/rfd/0155/README.md +- https://github.com/TritonDataCenter/rfd/blob/master/rfd/0168/README.md