feat(reports): use S3 presigned URL for archived recording reports

andrewazores · andrewazores · commit 0dcd194b0c2d · 2025-03-21T13:29:17.000-04:00
diff --git a/compose/reports.yml b/compose/reports.yml
@@ -27,6 +27,7 @@ services:
         -Dcom.sun.management.jmxremote.ssl=false
         -Dcom.sun.management.jmxremote.local.only=false
       QUARKUS_HTTP_PORT: 10001
+      CRYOSTAT_STORAGE_BASE_URI: http://s3:8333
     healthcheck:
       test: curl --fail http://localhost:10001/ || exit 1
       retries: 3
diff --git a/src/main/java/io/cryostat/ConfigProperties.java b/src/main/java/io/cryostat/ConfigProperties.java
@@ -35,6 +35,8 @@ public class ConfigProperties {
     public static final String CONNECTIONS_UPLOAD_TIMEOUT = "cryostat.connections.upload-timeout";
 
     public static final String REPORTS_SIDECAR_URL = "quarkus.rest-client.reports.url";
+    public static final String REPORTS_USE_PRESIGNED_TRANSFER =
+            "cryostat.services.reports.use-presigned-transfer";
     public static final String REPORTS_MEMORY_CACHE_ENABLED =
             "cryostat.services.reports.memory-cache.enabled";
     public static final String REPORTS_STORAGE_CACHE_ENABLED =
diff --git a/src/main/java/io/cryostat/reports/ReportSidecarService.java b/src/main/java/io/cryostat/reports/ReportSidecarService.java
@@ -30,12 +30,20 @@
 import org.jboss.resteasy.reactive.PartType;
 import org.jboss.resteasy.reactive.RestForm;
 
-@Path("/report")
 @RegisterRestClient(configKey = "reports")
 @ApplicationScoped
 public interface ReportSidecarService {
+    @Path("/report")
     @POST
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     Uni<Map<String, AnalysisResult>> generate(
             @RestForm("file") @PartType(MediaType.APPLICATION_OCTET_STREAM) InputStream file);
+
+    @Path("/remote_report")
+    @POST
+    @Consumes(MediaType.MULTIPART_FORM_DATA)
+    Uni<Map<String, AnalysisResult>> generatePresigned(
+            @RestForm("path") @PartType(MediaType.TEXT_PLAIN) String path,
+            @RestForm("query") @PartType(MediaType.TEXT_PLAIN) String query,
+            @RestForm("filter") @PartType(MediaType.TEXT_PLAIN) String filter);
 }
diff --git a/src/main/java/io/cryostat/reports/ReportsServiceImpl.java b/src/main/java/io/cryostat/reports/ReportsServiceImpl.java
@@ -17,8 +17,12 @@
 
 import java.io.BufferedInputStream;
 import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.time.Duration;
+import java.time.Instant;
 import java.util.Map;
+import java.util.Optional;
 import java.util.function.Predicate;
 
 import org.openjdk.jmc.flightrecorder.rules.IRule;
@@ -27,15 +31,21 @@
 import io.cryostat.core.reports.InterruptibleReportGenerator;
 import io.cryostat.core.reports.InterruptibleReportGenerator.AnalysisResult;
 import io.cryostat.recordings.ActiveRecording;
+import io.cryostat.recordings.ArchivedRecordings.ArchivedRecording;
 import io.cryostat.recordings.RecordingHelper;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.smallrye.mutiny.Uni;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
+import jakarta.ws.rs.InternalServerErrorException;
+import org.apache.commons.lang3.tuple.Pair;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.eclipse.microprofile.rest.client.inject.RestClient;
 import org.jboss.logging.Logger;
+import software.amazon.awssdk.services.s3.model.GetObjectRequest;
+import software.amazon.awssdk.services.s3.presigner.S3Presigner;
+import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;
 
 @ApplicationScoped
 class ReportsServiceImpl implements ReportsService {
@@ -48,10 +58,20 @@ class ReportsServiceImpl implements ReportsService {
     @ConfigProperty(name = ConfigProperties.REPORTS_SIDECAR_URL)
     String sidecarUri;
 
+    @ConfigProperty(name = ConfigProperties.REPORTS_USE_PRESIGNED_TRANSFER)
+    boolean usePresignedTransfer;
+
+    @ConfigProperty(name = ConfigProperties.AWS_BUCKET_NAME_ARCHIVES)
+    String archiveBucket;
+
+    @ConfigProperty(name = ConfigProperties.STORAGE_EXT_URL)
+    Optional<String> externalStorageUrl;
+
     @Inject ObjectMapper mapper;
     @Inject RecordingHelper helper;
     @Inject InterruptibleReportGenerator reportGenerator;
     @Inject @RestClient ReportSidecarService sidecar;
+    @Inject S3Presigner presigner;
     @Inject Logger logger;
 
     @Override
@@ -63,7 +83,7 @@ public Uni<Map<String, AnalysisResult>> reportFor(
         } catch (Exception e) {
             throw new ReportGenerationException(e);
         }
-        if (NO_SIDECAR_URL.equals(sidecarUri)) {
+        if (!useSidecar()) {
             logger.tracev(
                     "inprocess reportFor active recording {0} {1}",
                     recording.target.jvmId, recording.remoteId);
@@ -72,7 +92,7 @@ public Uni<Map<String, AnalysisResult>> reportFor(
             logger.tracev(
                     "sidecar reportFor active recording {0} {1}",
                     recording.target.jvmId, recording.remoteId);
-            return fireRequest(stream);
+            return sidecar.generate(stream);
         }
     }
 
@@ -85,12 +105,22 @@ public Uni<Map<String, AnalysisResult>> reportFor(
         } catch (Exception e) {
             throw new ReportGenerationException(e);
         }
-        if (NO_SIDECAR_URL.equals(sidecarUri)) {
+        if (!useSidecar()) {
             logger.tracev("inprocess reportFor archived recording {0} {1}", jvmId, filename);
             return process(stream, predicate);
+        } else if (usePresignedSidecar()) {
+            logger.tracev(
+                    "sidecar reportFor presigned archived recording {0} {1}", jvmId, filename);
+            try {
+                var uri = getPresignedPath(jvmId, filename);
+                return sidecar.generatePresigned(uri.getPath(), uri.getQuery(), null);
+            } catch (URISyntaxException e) {
+                logger.error(e);
+                throw new InternalServerErrorException(e);
+            }
         } else {
             logger.tracev("sidecar reportFor archived recording {0} {1}", jvmId, filename);
-            return fireRequest(stream);
+            return sidecar.generate(stream);
         }
     }
 
@@ -104,6 +134,24 @@ public Uni<Map<String, AnalysisResult>> reportFor(String jvmId, String filename)
         return reportFor(jvmId, filename, r -> true);
     }
 
+    @Override
+    public boolean keyExists(ActiveRecording recording) {
+        return false;
+    }
+
+    @Override
+    public boolean keyExists(String jvmId, String filename) {
+        return false;
+    }
+
+    private boolean useSidecar() {
+        return sidecarUri != null && !sidecarUri.isBlank() && !NO_SIDECAR_URL.equals(sidecarUri);
+    }
+
+    private boolean usePresignedSidecar() {
+        return useSidecar() && usePresignedTransfer;
+    }
+
     private Uni<Map<String, AnalysisResult>> process(
             InputStream stream, Predicate<IRule> predicate) {
         return Uni.createFrom()
@@ -112,23 +160,33 @@ private Uni<Map<String, AnalysisResult>> process(
                                 new BufferedInputStream(stream), predicate));
     }
 
-    private Uni<Map<String, AnalysisResult>> fireRequest(InputStream stream) {
-        return sidecar.generate(stream);
+    private URI getPresignedUri(ActiveRecording recording) throws Exception {
+        // TODO refactor, this is copied out of Recordings.java
+        String savename = recording.name;
+        ArchivedRecording rec =
+                helper.archiveRecording(recording, savename, Instant.now().plusSeconds(60));
+        return getPresignedPath(recording.target.jvmId, rec.name());
+    }
+
+    private URI getPresignedPath(String jvmId, String filename) throws URISyntaxException {
+        // TODO refactor, this is copied out of Recordings.java
+        logger.infov("Handling presigned download request for {0}/{1}", jvmId, filename);
+        GetObjectRequest getRequest =
+                GetObjectRequest.builder()
+                        .bucket(archiveBucket)
+                        .key(helper.archivedRecordingKey(Pair.of(jvmId, filename)))
+                        .build();
+        GetObjectPresignRequest presignRequest =
+                GetObjectPresignRequest.builder()
+                        .signatureDuration(Duration.ofMinutes(1))
+                        .getObjectRequest(getRequest)
+                        .build();
+        return URI.create(presigner.presignGetObject(presignRequest).url().toString()).normalize();
     }
 
     public static class ReportGenerationException extends RuntimeException {
         public ReportGenerationException(Throwable cause) {
             super(cause);
         }
     }
-
-    @Override
-    public boolean keyExists(ActiveRecording recording) {
-        return false;
-    }
-
-    @Override
-    public boolean keyExists(String jvmId, String filename) {
-        return false;
-    }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -40,6 +40,7 @@ quarkus.cache.caffeine.archivedreports.expire-after-access=10m
 cryostat.services.reports.storage-cache.enabled=true
 cryostat.services.reports.storage-cache.name=archivedreports
 cryostat.services.reports.storage-cache.expiry-duration=24h
+cryostat.services.reports.use-presigned-transfer=true
 
 cryostat.http.proxy.tls-enabled=false
 cryostat.http.proxy.host=${quarkus.http.host}
