Add IAM control field for embedded IAM in S3 server

[chrislusf]

Summary

This PR adds support for the new embedded IAM architecture introduced in seaweedfs/seaweedfs#7740.

Background

IAM API is now embedded in the S3 server by default (on the same port as S3), following the pattern used by MinIO and Ceph RGW.

Changes

Cluster Spec (pkg/cluster/spec/spec.go)

• Added IAM field to FilerServerSpec to control embedded IAM
• IAM is enabled by default when S3 is enabled

Kubernetes Exporter (pkg/exporters/kubernetes.go)

• Added support for -iam=false flag when IAM is explicitly disabled
• IAM API is accessible on the same port as S3 when embedded

Usage

filer_servers:
  - ip: 192.168.1.10
    port: 8888
    s3: true
    s3_port: 8333
    # iam: true  # Default when S3 is enabled
    # IAM API available on same port as S3 (8333)

To disable embedded IAM:

filer_servers:
  - ip: 192.168.1.10
    port: 8888
    s3: true
    s3_port: 8333
    iam: false  # Explicitly disable embedded IAM

Related PRs

• seaweedfs/seaweedfs#7740 - Embed IAM API into S3 server
• seaweedfs/seaweedfs-operator#167 - Update operator for embedded IAM

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch embed-iam-in-s3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @chrislusf, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new configuration option to manage the embedded IAM API within the S3 server, aligning with a recent architectural change to embed IAM by default. It provides explicit control for users to disable the embedded IAM if necessary, while ensuring it's active by default when S3 is in use. The changes involve updating the cluster specification and the Kubernetes exporter to reflect this new configuration.

Highlights

• IAM Control Field: Added an IAM field to FilerServerSpec in pkg/cluster/spec/spec.go to control whether the IAM API is embedded within the S3 server. This field is a pointer to a boolean, allowing for explicit true, false, or nil (default) states.
• Default IAM Behavior: The embedded IAM API is enabled by default when S3 is enabled, and it becomes accessible on the same port as the S3 server.
• Kubernetes Exporter Integration: Modified pkg/exporters/kubernetes.go to support explicitly disabling IAM by adding the -iam=false flag to the container command if the IAM field in the FilerServerSpec is set to false.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new IAM field in the FilerServerSpec to allow controlling the embedded IAM feature. The change correctly updates the Kubernetes exporter to respect this new setting. The implementation is clean and follows the intended logic of enabling IAM by default and only disabling it when explicitly configured. My feedback includes a minor suggestion to improve code maintainability by removing a redundant comment.

[gemini-code-assist]

This comment duplicates information already present in the IAM field's documentation within pkg/cluster/spec/spec.go. To improve maintainability and avoid potential inconsistencies, it's best to keep this documentation in a single, authoritative location. I recommend removing this line.