This commit introduces a series of significant changes to various components within the KES project. Among other things it:
Exposes a top-level library API for running and customizing KES servers.
Improves logging by using structured logging (log/slog).
Removes unused code
Introduces a KES-specific framework for handling HTTP requests (internal/api).
Stabilizes the KES API and prepares the introduction of protobuf as serialization format (in addition to JSON).
However, this commit does not refactor the kv package or the KES config file handling. While still required, this will be done in a separate commit.
Performance
A lot of effort has gone into designing and implementing an efficient KES library API. Since majority of KES operations are read-only, accessing a policy, encrypting a message, a.s.o., it can leverage and benefit from lock-free concurrency primitives. Hence, the Server type tries to avoid blocking on sync.{RW}Mutex as much as possible and instead uses atomic primitives, like atomic.Pointer.
Further, the logging framework has been completely reworked to use structured logging using the log/slog standard library package. Now, error log messages are only generated when required (based on log levels). The audit logging framework (AuditHandler and AuditRecord type) works similar to the slog package and is also designed to be efficient.
Readability
The new internal/api package provides a small KES-specific framework for defining HTTP APIs and handling request. It tries to provide composable primitives to build HTTP APIs that are efficient, secure and easy to reason about. It provides a specific Request type that represents an authenticated HTTP request. This allows to separate buisness logic (e.g. handling a key creation request) from timeout handling, authentication, etc.
Further, this commit tries to add more expressive documentation describing the intent.
Versioning
The KES library package will follow semantic versioning, like any other Go module. However, the KES server command and CLI (cmd/kes) will continue to use the rolling release timestamp versioning. A KES library release can be tagged independently from the KES CLI and vice versa. Users of the KES package will be able to import like any other Go module: import "github.com/minio/kes@v0.24.0".
Description:
This commit introduces a series of significant changes to various components within the KES project. Among other things it:
log/slog
).internal/api
).However, this commit does not refactor the
kv
package or the KES config file handling. While still required, this will be done in a separate commit.Performance
A lot of effort has gone into designing and implementing an efficient KES library API. Since majority of KES operations are read-only, accessing a policy, encrypting a message, a.s.o., it can leverage and benefit from lock-free concurrency primitives. Hence, the
Server
type tries to avoid blocking onsync.{RW}Mutex
as much as possible and instead uses atomic primitives, likeatomic.Pointer
.Further, the logging framework has been completely reworked to use structured logging using the
log/slog
standard library package. Now, error log messages are only generated when required (based on log levels). The audit logging framework (AuditHandler
andAuditRecord
type) works similar to theslog
package and is also designed to be efficient.Readability
The new
internal/api
package provides a small KES-specific framework for defining HTTP APIs and handling request. It tries to provide composable primitives to build HTTP APIs that are efficient, secure and easy to reason about. It provides a specificRequest
type that represents an authenticated HTTP request. This allows to separate buisness logic (e.g. handling a key creation request) from timeout handling, authentication, etc.Further, this commit tries to add more expressive documentation describing the intent.
Versioning
The KES library package will follow semantic versioning, like any other Go module. However, the KES server command and CLI (
cmd/kes
) will continue to use the rolling release timestamp versioning. A KES library release can be tagged independently from the KES CLI and vice versa. Users of the KES package will be able to import like any other Go module:import "github.com/minio/kes@v0.24.0"
.