
proxy
Package proxy is the domain orchestration layer that coordinates multi-backend S3 storage. It routes writes, manages failover reads, handles multipart uploads, drains backends, and exposes dashboard data. Workers receive the Ops interface instead of direct access.
Index
- type BackendManager
- func NewBackendManager(cfg *BackendManagerConfig) *BackendManager
- func (m *BackendManager) AdmissionSem() chan struct{}
- func (m *BackendManager) BackendOrder() []string
- func (m *BackendManager) ClearCache()
- func (m *BackendManager) ClearDrainState()
- func (m *BackendManager) Close()
- func (m *BackendManager) CountActiveMultipartUploads(ctx context.Context, bucketPrefix string) (int64, error)
- func (m *BackendManager) DeleteOrEnqueue(ctx context.Context, be backend.ObjectBackend, backendName, key, reason string, sizeBytes int64)
- func (m *BackendManager) Drain() *drain.Manager
- func (m *BackendManager) FlushUsage(ctx context.Context) error
- func (m *BackendManager) GetDashboardData(ctx context.Context) (*dashboard.Data, error)
- func (m *BackendManager) GetDirectoryChildren(ctx context.Context, prefix, startAfter string, maxKeys int) (*core.DirectoryListResult, error)
- func (m *BackendManager) IntegrityConfig() *config.IntegrityConfig
- func (m *BackendManager) LifecycleConfig() *config.LifecycleConfig
- func (m *BackendManager) MoveObject(ctx context.Context, req *writepath.MoveRequest) (int64, error)
- func (m *BackendManager) Multipart() *multipart.Manager
- func (m *BackendManager) NearUsageLimit(threshold float64) bool
- func (m *BackendManager) Objects() *object.Manager
- func (m *BackendManager) ProcessLifecycleRules(ctx context.Context, rules []config.LifecycleRule) (deleted, failed int)
- func (m *BackendManager) ReconcileBackend(ctx context.Context, backendName, bucket string, knownBuckets []string) (*worker.ReconcileResult, error)
- func (m *BackendManager) ReconcileUsage(ctx context.Context) (map[string]int64, error)
- func (m *BackendManager) RecordUsage(backendName string, apiCalls, egress, ingress int64)
- func (m *BackendManager) RedisCounterConfigured() bool
- func (m *BackendManager) Runtime() *infra.BackendRuntime
- func (m *BackendManager) SelectReplicaTarget(ctx context.Context, size int64, exclusion map[string]bool) (string, error)
- func (m *BackendManager) SetIntegrityConfig(cfg *config.IntegrityConfig)
- func (m *BackendManager) SetLifecycleConfig(cfg *config.LifecycleConfig)
- func (m *BackendManager) SetUsageFlushConfig(cfg *config.UsageFlushConfig)
- func (m *BackendManager) SyncBackend(ctx context.Context, backendName, bucket string, knownBuckets []string) (imported, skipped int, err error)
- func (m *BackendManager) UpdateQuotaMetrics(ctx context.Context) error
- func (m *BackendManager) UpdateUsageLimits(limits map[string]core.UsageLimits)
- func (m *BackendManager) UsageFlushConfig() *config.UsageFlushConfig
- type BackendManagerConfig
- type Collaborators
- type FeatureDeps
- type ManagerStores
- type OperationalDeps
- type PolicyConfig
- type StorageDeps
- type StoreDeps
type BackendManager
BackendManager manages multiple storage backends with quota tracking. It holds the backend runtime (non-store infrastructure: backends, usage, admission, draining, metrics) as a named field reached via Runtime(), plus the per-role store views and hot-reloadable config. Store-touching write-path helpers are methods on *BackendManager (manager_writepath.go); pure infra primitives stay on the runtime.
Workers (rebalancer, replicator, scrubber, …) are resolved through DI at the call site rather than carried on the manager.
The drain manager is an injected collaborator. It is nil-able; the methods that consult it (FlushUsage, ClearDrainState, GetDashboardData) nil-guard the field so a manager built without drain stays usable.
func NewBackendManager
NewBackendManager constructs a BackendManager. Required dependencies (cfg, Stores, Dashboard, Metrics) panic via must.NotNil at construction so a wiring bug surfaces immediately at DI assembly rather than NPE’ing N call frames deep on the first request. Numeric config invariants (negative timeouts, ordering rules) are the config validator’s responsibility; the constructor trusts the values it receives.
func (*BackendManager) AdmissionSem
AdmissionSem returns the shared admission semaphore, or nil if none is configured. The HTTP admission controller should use this channel so that HTTP requests and background services share one concurrency budget.
func (*BackendManager) BackendOrder
BackendOrder forwards to the runtime. The reconciler iterates the fleet in this order while reconciling backend state against the stores.
func (*BackendManager) ClearCache
ClearCache removes all entries from the location cache.
func (*BackendManager) ClearDrainState
ClearDrainState removes all entries from the draining map. Used by tests to reset state between runs. No-op when the manager has no drain manager.
func (*BackendManager) Close
Close stops every background cache eviction goroutine the manager owns: the object location cache and the multipart per-upload DEK cache. Safe to call multiple times.
func (*BackendManager) CountActiveMultipartUploads
CountActiveMultipartUploads delegates to the multipart store. Exposed for the s3api bucket-delete pre-check so the transport layer does not need to reach into the persistence layer directly.
func (*BackendManager) DeleteOrEnqueue
DeleteOrEnqueue forwards to the write coordinator. The worker Placement and drain Mover interfaces call it on *BackendManager.
func (*BackendManager) Drain
Drain returns the drain manager, or nil when the manager was built without one. Callers that touch the result must nil-guard.
func (*BackendManager) FlushUsage
FlushUsage flushes accumulated in-memory usage counters to the database. Backends that have completed draining are skipped because their DB records (including backend_usage) have been removed. When DrainManager has not been wired (tests that do not exercise drain behavior) the skip set is empty and every backend’s counters flush.
func (*BackendManager) GetDashboardData
GetDashboardData delegates to the dashboard.Aggregator and enriches the result with drain status and circuit-breaker health from the BackendManager’s in-memory state.
func (*BackendManager) GetDirectoryChildren
GetDirectoryChildren delegates to the dashboard.Aggregator.
func (*BackendManager) IntegrityConfig
IntegrityConfig returns the current integrity configuration.
func (*BackendManager) LifecycleConfig
LifecycleConfig returns the current lifecycle configuration.
func (*BackendManager) MoveObject
MoveObject forwards to the write coordinator’s shared move primitive so the StreamCopy + MoveObjectLocation CAS + orphan-cleanup + source-delete accounting all funnel through one implementation.
func (*BackendManager) Multipart
Multipart returns the multipart upload lifecycle manager. Exposed so transport and DI callers can reach multipart functionality without touching the unexported field directly.
func (*BackendManager) NearUsageLimit
NearUsageLimit returns true if any backend is approaching its usage limits.
func (*BackendManager) Objects
Objects returns the object CRUD manager. Same accessor rationale as Multipart().
func (*BackendManager) ProcessLifecycleRules
ProcessLifecycleRules evaluates all lifecycle rules and deletes expired objects. Returns total deleted and failed counts. Terminates processing of a rule when a full batch produces zero successful deletions, preventing infinite loops when backends are unhealthy.
func (*BackendManager) ReconcileBackend
ReconcileBackend reconciles a single backend against the metadata store using a bounded-memory sorted-merge: both sides are walked in lex key order and diffed in lockstep. The S3 walk and DB cursor each cap their in-flight buffer, so memory is independent of object count.
Behaviour: imports keys present on the backend but not in the DB, and deletes DB rows whose keys are no longer on the backend. Keys owned by sibling virtual buckets stored on the same backend are left alone in both directions - sibling buckets are reconciled by their own pass.
func (*BackendManager) ReconcileUsage
ReconcileUsage recomputes each backend’s bytes_used counter from the object ledger, correcting drift in the incrementally maintained counter. Part of the BackendSyncer contract the reconciler drives every pass; also exposed to the admin reconcile-usage endpoint.
func (*BackendManager) RecordUsage
RecordUsage increments the in-memory usage counters for a backend. Exposed for admin operations that bypass the normal manager request path.
func (*BackendManager) RedisCounterConfigured
RedisCounterConfigured returns true when the counter backend is a Redis backend, regardless of health status. Used by the flush service to decide whether an advisory lock is needed - the lock must be held even during fallback to prevent double-counting when Redis recovers mid-flush.
func (*BackendManager) Runtime
Runtime returns the backend runtime so workers, drain, and transport can depend on it directly for fleet/admission/usage primitives.
func (*BackendManager) SelectReplicaTarget
SelectReplicaTarget picks a target backend for a replication copy using the same routing strategy as normal writes. Excludes backends that already hold a copy of the object.
func (*BackendManager) SetIntegrityConfig
SetIntegrityConfig atomically stores the integrity configuration. The scrubber’s own SetConfig is invoked separately by the caller (serve) because the scrubber is resolved through DI rather than held on the manager.
func (*BackendManager) SetLifecycleConfig
SetLifecycleConfig atomically stores the lifecycle configuration.
func (*BackendManager) SetUsageFlushConfig
SetUsageFlushConfig atomically stores the usage flush configuration.
func (*BackendManager) SyncBackend
SyncBackend scans a backend’s S3 bucket and imports pre-existing objects into the proxy database. Objects already tracked for the backend are skipped. knownBuckets is the full list of configured virtual bucket names, used to distinguish objects belonging to other buckets from externally-uploaded objects that need the bucket prefix prepended. Returns counts of imported vs skipped objects.
func (*BackendManager) UpdateQuotaMetrics
UpdateQuotaMetrics forwards to the runtime. The usage-flush and reconcile services consume it alongside the manager’s store-coupled helpers, so the manager exposes it as part of its orchestration surface.
func (*BackendManager) UpdateUsageLimits
UpdateUsageLimits replaces the per-backend usage limits. Safe to call concurrently with request handling.
func (*BackendManager) UsageFlushConfig
UsageFlushConfig returns the current usage flush configuration.
type BackendManagerConfig
BackendManagerConfig groups the constructor parameters by capability so contributors can see at a glance which fields belong together: topology, persistence, runtime policy, optional features, operational deps, and pre-built collaborators. Each sub-struct documents its own field semantics.
type Collaborators
Collaborators groups the sub-managers built by the composition root and injected so the drain manager (which needs the write coordinator as its mover and the multipart abort hook) and the BackendManager share the same instances.
Coord, Multipart, and IntegrityCfg are required: the drain manager and the BackendManager must hold the same coordinator, multipart manager, and integrity-config pointer. Drain is nil-able; the methods that consult it (FlushUsage, ClearDrainState, GetDashboardData) nil-guard the field.
type FeatureDeps
FeatureDeps groups optional capabilities. Each field is nil-able and disables the corresponding feature when left zero.
type ManagerStores
ManagerStores is the narrow persistence surface BackendManager itself touches: object import / delete, cleanup-queue sweep, lifecycle expiry listing, usage-delta flush, and the multipart count it exposes to the s3api transport. Sub-managers (object, writepath, multipart, readpath) receive their own narrower role-composite interfaces through their constructors; the *core.MetadataStore handed in via BackendManagerConfig is the composition-root concrete that satisfies all of them.
type OperationalDeps
OperationalDeps groups telemetry, concurrency, and observability callbacks the manager exposes to operators and to long-running background services.
type PolicyConfig
PolicyConfig groups runtime tunables that shape how the manager behaves across normal and degraded operation. None of these enable a feature; they configure existing behavior.
type StorageDeps
StorageDeps groups the backend-fleet topology: the set of object backends to route across and the deterministic per-strategy iteration order.
type StoreDeps
StoreDeps groups the persistence dependencies. Metadata stays as the wide core.MetadataStore because BackendManager is the proxy subtree’s composition root — it routes the concrete store into the narrow interfaces each sub-manager declares. Dashboard is already narrow.
Generated by gomarkdoc