feat: admin dashboard for key & upload status#20
Open
ServerSideHannes wants to merge 5 commits intomainfrom
Open
feat: admin dashboard for key & upload status#20ServerSideHannes wants to merge 5 commits intomainfrom
ServerSideHannes wants to merge 5 commits intomainfrom
Conversation
Lightweight web UI served at /admin (disabled by default, enable with S3PROXY_ADMIN_UI=true) showing KEK fingerprint, active multipart uploads, memory/concurrency health, and request statistics. Server-rendered HTML with auto-refresh via fetch() every 10s, protected by HTTP Basic Auth. Closes #19
Port-forward s3proxy admin dashboard automatically when the e2e cluster starts, so operators can go straight to http://localhost:4433/admin/ without running a separate command.
Replace static implementation details with actionable operator metrics: - Pod identity banner (pod name, uptime, KEK fingerprint, storage backend) - Per-minute rates via sliding window RateTracker (requests, encrypt, decrypt, errors) - Multi-pod grid cards via Redis metrics publishing (30s TTL per pod) - Error rate breakdown (4xx/5xx/503 per minute with visual indicators) - Stale upload detection (>30 min warning markers) - X-Served-By response header for pod identification - 3-second auto-refresh with spinner animation
…tory - RateTracker window extended to 10 min with new history() method - Canvas sparklines under each throughput card (requests, encrypt, decrypt) - Full-width bandwidth section with encrypt/decrypt byte rate sparklines - Retina-aware canvas rendering with devicePixelRatio support - Green (#3fb950) for encrypt, blue (#58a6ff) for decrypt
- Add RequestLog ring buffer recording every S3 proxy request - Hook into request_handler.py finally block (method, path, op, status, latency, size) - Live Feed table: scrolling last 50 requests with color-coded methods, statuses, latency warnings, and ENC/DEC crypto badges - Replace verbose pod cards with compact inline badges in header - Remove redundant Bandwidth and Active Uploads sections - Switch from green-on-dark to white-on-dark (#f0f6fc on #0f1117) modern style - New row fade-in animation for realtime feel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/adminfor monitoring encryption key status, active multipart uploads, memory/concurrency health, and request statisticsS3PROXY_ADMIN_UI=trueto enable), protected by HTTP Basic Auth (uses AWS credentials or customS3PROXY_ADMIN_USERNAME/S3PROXY_ADMIN_PASSWORD)fetch(), zero new dependenciesDetails
New files:
s3proxy/admin/package: auth, collectors, router, templatestests/unit/test_admin.py: 22 tests covering auth, HTML, JSON API, route priority, collectors, security (no key leakage)Modified files:
s3proxy/config.py: 4 new settings (admin_ui,admin_path,admin_username,admin_password)s3proxy/app.py: Split route registration to mount admin before catch-all; pass through non-S3 exceptions with custom headerss3proxy/state/storage.py: Addedlist_keys()toStateStore,MemoryStateStore,RedisStateStores3proxy/state/manager.py: Addedlist_active_uploads()(safe summaries, no DEKs exposed)pyproject.toml: E501 ignore for HTML template fileSecurity
sha256(kek)[:16]— one-way hash, safe to displayTest plan
ruff check+ruff format)Closes #19