►
From YouTube: 2021-11-09 Object Storage WG - APAC
Description
Working Group Page: https://about.gitlab.com/company/team/structure/working-groups/object-storage/
A
A
B
Yeah,
so
I
was
just
I
was
as
I
was
watching,
the
the
intro
video
I
was
just
curious,
like
moving
to
the
single
catch-all
default
bucket
for
all
should
be
aware
of
any
like
underlying
issues
or
gotchas
that,
because
I
was
wondering
why
we
were
using
different
buckets
per
feature
anyway.
In
the
first
place,.
B
A
A
I
think
that
what
happened
here
is
that
we
ended
up
building
one
feature
that
required
one
bucket,
I'm
not
sure
if
the
first
one
was
artifact
or
large
file,
storage
and
very
likely
at
that
point
in
time
it
just
looked
like:
let's
create
a
artifact
configuration
and
then
several
miles,
then
later
we
say:
okay,
now
we
want
to
do
large
file
storage.
We
definitely
need
a
configuration
for
storing
them
and
each
one
maybe
just
started
as
a
folder
or
a
directory
and
then
eventually
became
a
bucket
and
yeah.
Probably
we
just
drew
with
this.
A
It's
worth
trying
to
figure
out
if
there
is
a
strong
requirement
about
this,
the
only
so
one
step
back
when
I'm
referring
to
single
catch
old
bucket,
I'm
not
thinking
that
we
should
force
to
use
just
one
bucket.
It
should
just
be
the
default.
A
So
if
you
like
what
we
have
right
now
with
the
consolidated
configuration
right
that,
in
that
case,
the
bucket
is
still
different,
but
basically
you
have
a
shared
configuration
in
terms
of
credentials
and
things
like
that
providers
credentials,
but
you
can
still
override
every
single
one
now
I
do
believe
that
most
of
the
installations
can
just
do
fine
with
one
bucket,
but
I
was
talking
with
andrew
about
this
and
geneticate
and,
for
instance,
one
in
from
one
one
topic
where
it's
good
to
have.
A
One
point
that
we
say
that
is
good
to
have
multiple
bucket
is
about
building
so
in
a
big
installation
like
our
it's
really
hard
to
enumerate.
What's
inside
buckets
and
trying
to
figure
out
and
say
how
much
are
we
spending
in
artifacts
compared
to
registry
images?
Even
though
registry
images
is
outside
of
the
scope
of
this
working
meeting,
but
yeah,
you
got
a
point
right
so
have
when
you
have
things
in
one
bucket,
you
can
say
this
is
a
bucket
and
the
amount
of
things
stored
here
is
this:
is
this
size
right?
A
The
point
the
point
why
I'm
I'm
insisting
in
this
in
single
catch
old
bucket,
is
that
it's
really
hard
to
ship
a
new
type
of
upload
because
there's
no
place
where
you
can
sort
them
unless
you
configure.
So
that's
the
reason
why
we
need
to
have
one,
but
it
doesn't
doesn't
have
to
be
the
the
only
solution
available.
C
Yeah
my
thoughts
on
this
were
and
take
this
with
a
grain
of
salt,
because
I
have
actually
not
worked
with
object,
storage
that
much
at
gitlab,
but
at
my
previous
company
we
did
separate
data
into
different
buckets
for
security
reasons
as
well,
so
you
actually
had
a
separate
key
pair
for
every
single
bucket,
depending
on
what
kind
of
data
resides
in
it,
and
I
can,
I
could
see
it.
I
think
you
basically
already
said
it.
C
This
might
not
be
necessary
for
any
type
of
customer,
but
I
could
imagine
that
ford.com,
for
instance,
I
like,
I
feel
I
would
love
to
hear
the
opinion
of
like
a
security
expert
on
this,
but
I
would
feel
a
bit
like
if
he
about
you
know
having
get
blobs
reside
next
to
image
uploads.
In
the
same
you
know
gcp
or
as
three
bucket,
because
if
those
keys
are
compromised,
then
all
of
the
data
would
be
at
risk.
B
So
a
follow-up
question
with
that,
given
we're
only
gonna
suggest
like
a
default
single
catch-all,
but
still
support
different
buckets
if
a
user
decides
to
I'm
just
trying
to
understand,
maybe
my
lack
of
knowledge
of
the
object
storage,
like
would
that
add
more
complexity,
given
we
need
to
support
both
like
a
single
catcher
in
the
next
different
buckets.
Why
not
really.
B
A
Basically,
what
happens
right
now
is
that
when
a
request
comes
in,
that
goes
through
a
route
where
workers
knows
that
there
can
be
an
upload,
then
this
route
gets
through
a
pre-authorization
stage,
where
basically,
at
the
beginning
of
the
request,
when
it
comes
in,
we
are
sending
some
information
about
the
request,
not
the
request
itself
to
rails,
appending
a
slash
authorized
at
the
end
of
route.
A
This
gave
us
credentials
for
uploading,
something
okay,
so
in
what's
happening
here.
Is
that
because
each
feature
has
its
own
bucket,
this
authorized
method
basically
gives
you
a
pre-signed
url
inside
that
bucket.
A
Now,
if
we
can
move
away
from
this,
which
has
some
limits
like,
for
instance,
when
you
do
artifacts,
you
will
need
to
generate
a
metadata
files.
So
you
you
get
one
file
and
you
should
upload
two.
This
is
not
supported
with
the
current
implementation,
so
what
happens?
Is
that
you
get
pre-authorization
for
the
artifacts,
but
then
you
generate
the
metadata
file
on
disk
and
it's
uploaded
on
the
object,
storage
with
rails
controller,
which
is
sub
optimal.
A
So
just
what
I'm
thinking
is
that
if
we
move
away
away
from
this
drop
me
the
whole
request
type
of
approach
and
we
go
into
a
more
simple
internal
api
when
we
basically
when
we
scan
the
request,
we
find
a
multi-part
upload
at
that
point
in
time.
We
have
more
information
about
it,
something
also
the
file
name,
for
instance
right
and
on
that
point
in
time
we
just
say
rails.
I
need
to
upload
something
and-
and-
and
we
can
give
this
api
call
what
we
know
about
it.
A
So
you
can
give
the
url
we
can
the
credentials
from
the
user
it
we.
We
have
to
figure
out
what
we
want
to
do
here
right.
But
the
point
is
that
at
that
point
in
time
we
can
ask
rails
to
provide
the
same
type
of
information,
so
pre-signed
url
or
object
storage
credentials.
It
really
depends
on
the
level
of
implementation
that
we
have,
but
at
that
point
in
time
we
can
make
more
informed
decision.
A
This
is
this:
is
my
url,
so
you're
kind
of
recording
an
exception
or
in
the
thing,
so
I'm
an
artifact.
So
I
know
that
I
should
do
special
stuff.
So
this
is
how
you
should
answer
to
that
api
call.
If
not
you
just
give
me
an
url,
and-
and
this
is
where
basically,
we
can
say
if
I
detected,
I
am
in
a
special
bucket.
A
D
Hi
I
join
a
little
bit
late
and
apologize
for
that.
A
quick
question
on
what
you're
just
saying
with
the
prefix.
D
Like
the
prefix,
will
there
be
any
authorization
on
who
actually
can
call
it
or
yeah
like
a
access
permissions
on
it?
Because
I
guess,
if
you
don't,
if
you
don't
restrict
like
who
can
actually
prefix
those
goals,
you
can
end
up
in
a
situation
where
someone
can
guess
a
prefix
to
actually
access
a
part
of
the
storage
that
they
should
not
be
accessing.
A
So
this
is
exactly
so.
This
is
the
same
problem
that
we
have
right
now.
So
basically
we
have
one
credential
for,
for
let's
say
each
packet
has
its
own,
but
I'm
not
sure
if
this
is
how
we're
running.
But
the
point
is
that
at
workers
level
we
we
we
are
trustless,
we
don't
know
what
is
happening.
We
just
say
to
rails
that
owns
all
the
information
and
can
validate
access
to
single
elements
in
the
object,
storage.
A
Someone
has
asking
for
this:
is
it
allowed
to
or
not
and
then
in
rails
we
we
can
do
user
inspection,
name,
space,
inspection
and
trying
to
to
figure
out.
If,
if
we
can
give
you
a
pre-assigned
url,
because
all
the
information
on
those
buckets
are
private,
so
there's
no
way
you
can
change
the
the
url
once
it's
generated,
because
the
signature
is
that
for
that
specific
object.
A
So
this
is
already
in
place.
Basically,
it's
just
just
how
we
want
to
organize
stuff
on
on
the
object,
storage
and
and
back
to
the
point
it
was
made
earlier
about.
Eventually,
if
you
want
to
have
separate
credentials
for
different
type
of
buckets,
we
should
still
think
about
that
at
least
on
gitlab.com.
A
A
C
But
like
this
is
a
concentrated
risk
right,
because
if
we
have
10
buckets
where
data
is
isolated
and
say
you
know,
like
git
objects
are
held
separately
from,
you
know
something
less
crucial
like
user
avatars.
C
I
would
argue
that
if
the
user
avatars
leak,
if
the
keys
should
leak,
then
sure,
like
those
advertisements,
might
be
at
risk,
but
that
at
least
wouldn't
compromise
our
core
data
right,
whereas
if
we
had
a
single
storage
bucket
and
those
keys
would
be.
That
means,
if
that's
like
a
disaster
right,
yeah.
A
But
I
think
we're
using
the
equivalent
and
google
of
iim
credentials,
so
actually
each
pod
can
access
everything,
regardless
of
it
being
one
single
one,
single
iim
rule
or
multiple.
We
should
check
this,
but
basically,
if
you
get
into
the
pod
you
you
can
get
everything
on
object,
storage-
and
this
is
true,
regardless
of
using
one
or
more
credentials,
because
if
you
have
access
to
the
pod-
and
you
can
run
whatever
you
want
on
the
pod,
you
can
dump
the
configuration
file
and
all
the
credentials
are
still
there.
C
All
right
another
another
thought
I
had,
and
I
don't
know
maybe
this
is
getting
into
the
weeds
too
much
already,
but
because
it
sounded
initially.
The
main
problem.
We're
trying
to
address
is
basically
the
complexity
for
a
developer
to
actually
add
a
new
kind
of
upload
right
because
they
have
to
deal
with
all
these
different
layers
and
they
specifically
need
to
configure
a
new
bucket
for
it.
C
So,
but
I'm
wondering
maybe
there
is
a
way
to
kind
of
you
know
have
both
where
we
do
potentially
support
multiple
buckets,
but
it's
kind
of
abstracted
away
in
the
sense
that
if
you
configure
and
you
kind
of
upload
you,
you
would
configure
it
against,
like
maybe
a
conceptual
bucket,
that
the
application
can
resolve
into
either
a
single
global
actual
bucket
in
the
object,
storage
provider
or
maybe
different
buckets,
because
you
could
maybe
map
it
as
well
into
a
folder
structure
into
a
into
a
single
global
gcs
bucket,
for
instance,
versus
separate
ones.
C
So
I'm
actually
wondering
if
maybe
these
actually
two
problems,
that
we
should
need
to
solve
separately,
one
being
the
actual
storage
and
the
object
provider,
whether
that
be
a
single
bucket
or
multiple
buckets,
and
then
the
developer
experience
where
currently,
they
just
think
about
all
these
low-level
implementation
details.
C
But
maybe
there
is
maybe
we
put
an
abstraction
in
place
where
they
they
don't
have
to
do
that
they
just
specify
the
kind
of
upload.
Then
we
have
some
kind
of
machinery
on
or
configuration
in
place
that
might
change
between
com
or
maybe
a
self-managed
customer,
whether
that
is
mapped
to
actually
multiple
buckets
underneath
or
not.
A
A
E
E
But
the
question
is
already
answered
below
the
question:
was:
is
active
storage
already
out
of
the
scope?
But
it
isn't,
as
mentioned
below.
Another
thing
I
wanted
to
act
on.
The
video
was
the
testing
gap
on
object,
storage.
We
have
been
observing
that
in
the
package
team
and
so
as
a
solution
for
that
we
have
been
adding
tests
to
the
qa
suit
and
we
have
been
adding
the
ability
for
the
qsu
to
run
to
be
executed
on
different
object,
storage
configurations,
which
means
different
providers.
E
But
it's
a
lot
of
work,
but
it's
it's
working.
We
we
we
caught
some
bugs
there
before
eating
production.
E
Yeah,
if
you
open,
if
you
open
one
of
the
specs,
you
will
see
that
there
is
a
let's
say
that
we
open
the
maven
because
it
respects
there
is
a
meta
tag
that
is
called
object,
storage
and
well,
I
don't
know
the
details,
but
this
will
run
the
suit
against
different
providers.
I
think
right
now
we
have
local
storage,
gcs
and
s3.
A
So
I
I'm
not
really
familiar
on
this
type
of
tests,
because
so
this
type
of
test
is
changing.
The
configuration
file
for
the
gitlab
instance
itself
to
run
the
the
specific.
E
Yeah,
so
these
tests
runs
it's
actually
like
a
spec
that
will
run
against
a
gitlab
instance.
It's
not
against
the
controller
or
something.
So
we
have
the
whole
architecture
running.
So
we
have
rails,
workhorse,
object,
storage,
running
everything,
and
because
these
tests
can
configure
the
gizlab
instance,
we
can
have
some
features
like
okay.
I
want
I
want
object,
storage
running,
but
I
want
s3
or
I
want
google
cloud
storage.
E
E
A
Yeah,
I'm
not
sure
I
mean
this
is
great.
I
mean,
regardless
of
the
the
level
of
coverage.
This
is
what
we
need,
so
I'm
just
thinking
that,
knowing
what
how
we
run
tests
as
a
delivery
team
has
the
release
manager's
rotation.
So
when
I'm
release
manager,
I
know
that
not
every
test
can
run
on
staging
and
production
canary.
Just
because
of
this
because
they
are
so,
you
can
run
qa
on
a
synthetic
instance
when
just
get
generated
for
you
and
then
you
can
just
run
whatever
you
want.
A
Then
you
can
run
admin
level
tests
on
staging
where
you
can
change
application
configuration,
but
usually
only
things
that
are
in
store
configuration
stored
in
database,
so
application
settings
and
then
on
production.
You
can
touch
anything,
so
you
can
only
run
things
that
do
not
require
admin
level,
2d
instance,
but
this
one
is
changing
the
configuration
itself.
So
it's
it's
to
me.
It's
an
it's
new
type
of
test
that
I've
never
heard
before.
So
this
is
why
I
was
asking,
but
this
is
great.
F
We
actually
articulate
this
add
test
cases
to
all
object,
storage,
use
cases.
E
So
for
us
we
we
do
have
a
feature
test
on
uploads,
but
currently
they
run
the
inline
workforce
so
that
that's
good.
The
only
thing
is
that
it
runs
the
local
storage
configuration.
So
we
don't
test
against
object,
storage,
and
that
was
the
main
pain
point
and
that's
why
this
motivated
the
move
to
the
qa
suit,
since
we
have
the
whole
architecture
great
for
us.
G
A
I
think
that
our
expert
on
azure
is
done
that
maybe
we'll
join
the
this
afternoon
call.
So
I
think
he
contributed
the
basically
fixing
most
of
the
support
and
he
also
forked
the
gems
that
we
are
using
for
handling
hazards.
So
probably
he
will
be
best.
One
answering
this
question.
I
have
a
question
for
you,
though,
which
is:
are
those
customers
that
are
experiencing
problems
running
with
direct
upload,
enabled
or
not.
F
Yeah
it's
about
the
when
I
read
the
initial
proposal
about
having
the
internet
upload
api,
so
it
seems
it's
still
suggesting
that
you
still
have
the
same
flow,
so
it
goes
through.
Workhorse
calls
rails,
but
instead
of
having
specific
endpoints
per
resource,
there
would
be
like
a
generic
api
right.
So
it
seems
that
it's
still
suggesting
suggesting
that
we're
going
through
wordpress
and
workers
would
still
be
responsible
for
uploading,
docu
storage.
So
the
question
is:
are
we
really
strict
on
that
requirement
or
is
there
like
flexibility?
A
A
If
if
workers
was
not
there,
we
just
get
through
rails
raids
will
write
one
gigabyte
on
file
on
disk,
then
we'll
replace
part
of
the
request
with
an
abstraction.
A
It's
a
file
reader,
basically
a
file
reader
that
points
to
the
beginning
of
that
file
on
disk
and
basically,
at
that
point
in
the
controllers,
with
your
regular
controller's
timeout,
you
want
to
read
that
file
and
upload
it
to
object,
storage
in
rails
with
global
interpreter
lock
and
all
the
problems
that
we
know
are
there.
So
that's
the
reason
why
workers
is
doing
direct
upload.
A
That
being
said,
if
we
are
willing
to
suggest
an
alternative
that
relies
on
external
components,
we
can
evaluate
this
one,
I'm
so
nothing
is
set
in
stone
here.
We
we
can
just
try
to
come
up
with
a
couple
of
proposals
validate
some
of
them
and
then
building
a
long-term
plan
for
this,
which
is
kind
of
the
point
to
in
the
agenda.
So
we
can't
do
this
in
rails.
That's
unless
someone
has
a
magic
solution
for
it.
I
don't
think
we
can
also.
We
were
mentioning
active
storage,
it's
also
below
in
the
thing.
A
Active
storage
has
its
own
solution
for
this.
It's
called
direct
upload
as
well,
but
it
only
works
on
javascript
and
our
runners
can't
really
run
javascript
to
do
the
direct
upload
acceleration.
So
we
will
still
have
something
in
between
that
can
do
the
direct
upload
for
us,
but
yeah.
So
I
mean
this
question.
Patrick
is
just
linking
to
my
point
next
point,
which
is
my
day,
which
is
the
reviewing
the
exit
criteria
so.
C
I
had
a
super
quick
follow-up
question,
a
small
question
before
we
go
to
the
exit
criteria.
So
when
we,
when
we
sail
when
we
say
rails,
writes
the
upload
to
disk
first,
is
it
actually
rails
the
framework
or
is
that
the
differentiation.
A
You're
welcome
so
access
criteria.
A
There
is
a
lot
here
at
stake.
I
think
you
all
understood
or
grasped
this
so
is
really
I
we.
We
can't
really
get
to
the
end
of
this
by
the
end
of
what
is
january,
not
only
there
is
also
another
problem,
which
is
that
this
is
a
working
group,
so
it's
not
a
strict
binding
in
terms
of
your
own
time
in
terms
of
what
you're
working
each
milestone.
A
So
the
right
tool
for
this
is
the
engineering
allocation.
So
the
the
idea
here
is
that
we
are
running
p.
We
will
develop
plc,
we
will
evaluate
potential
solution
to
the
problem,
but
the
end
goal
is
more
about
writing
a
meet
to
long
term
plan
in
terms
of
epics
blueprints.
It
really
depends
on
what
we
decide
will
be.
We
will
decide,
will
be
the
the
right
tool
for
writing
down
this
plan
and
then
with
marin
our
executive
sponsor.
A
We
will
go
through
the
engineering
allocation
and
make
sure
that
proper
team
are
will
schedule
this
work.
So
this
is
so
I
I
want
to
make
this
really
clear.
We
will
not
do
only
coding
in
this
working
group.
We
cannot
fix
this
entirely
by
the
end
of
the
of
the
working
group
time,
so
I
hope
this
is
clear
to
everyone
involved,
because
I
mean
we
would
get
frustrated
by
thinking
that
we
will
just
fix
this,
and
then
we
cannot
so
that's
being
safe.
So
sorry,
I
lost
my
my
strength
of
patrick.
A
This
doesn't
mean
that
we
are
going
to
follow
the
solution
that
I
mentioned
in
the
in
the
introduction,
because
this
is
just
my
thinking
on
the
problem,
because
I
I
started
working
on
on
a
blueprint
for
this
basically
last
year,
then
due
to
priority
shift,
it
never
concluded.
So
this
is
just
a
starting
point.
What
I
thought
about
this
over
the
course
of
time
we
will
evaluate
proposals.
A
There
is
also
some
of
the
links
are
pointing
to
creating
a
an
external
component
that
can
run
object,
storage
for
us,
so
we
just
either
is
rails
or
workers
if
we
need
access
to
our
own
files.
We
just
ask
this
component,
so
this
is
an
option
as
well.
A
So
that's
that's
the
thing
and
basically
sun
is
not
here,
but
his
point
is
really
solid,
so
we
need
to
have
a
clear
idea
of
what
we
are
trying
to
solve.
What
are
our
requirements
in
this
and
then
we
can
evaluate
every
proposal
how
it
matches
in
terms
of
those
requirements.
So
he
wrote
something
here.
I'm
going
to
read
is
his
point
so
so
that
we
can
try
to
figure
out
if
they
make
sense.
D
Just
just
one
thing:
should
we
extend
the
meeting
to
one
hour
because,
like
the
the
pick
is
quite
big
and
yeah.
A
Okay-
let's
do
this
so
today
I
got
another
one
in
the
afternoon:
another
30
minutes.
So
I
suggest
we
don't
go
through
the
standpoints
as
we
we
will
cover
them
in
the
recording
in
this
afternoon
and
all
of
you
can
watch
them.
I
want
to
just
just
pinpoint
point
four
and
five
very
quickly
so
point
four.
We
need
to
figure
out
that
everyone
that
knows
something
about
object.
Storage
is
on
some
level
involved
into
this.
A
A
Maybe
we
can
go
one
hour,
but
just
do
every
other
week,
so
we
do
one
week,
epic
friendly
one
week,
america's
friendly
and
yeah,
and
then,
if
we
working
on
plc,
maybe
we
can
just
make
sure
we
are
paired
into
different
time
zones
so
that,
if
we're
working
on
something,
someone
can
still
talk
about
what
happened,
but
I
mean
it's
gonna,
be
one
hour
is
probably
better
but
having
one
hour
in
the
morning
and
one
hour
in
the
afternoon
is
not
really
something
we
can
do
so.
A
Is
this
okay
for
all
of
you?
Do
you
have
other
ideas
or
counter
proposal?
Okay,
okay,
so
thank
you.
I'm
sorry
we
had
to
rush
at
the
end.
We
will
try
to
figure
this
things
out
and
yeah.
So
please
watch
the
recording
for
the
afternoon
session
and
I
will
adjust
the
meeting
schedule
so
that
we
can
have
on
every
other
week
on
the
two
zone
friendly
meeting.