opendal/services/s3/config.rs
1// Licensed to the Apache Software Foundation (ASF) under one
2// or more contributor license agreements. See the NOTICE file
3// distributed with this work for additional information
4// regarding copyright ownership. The ASF licenses this file
5// to you under the Apache License, Version 2.0 (the
6// "License"); you may not use this file except in compliance
7// with the License. You may obtain a copy of the License at
8//
9// http://www.apache.org/licenses/LICENSE-2.0
10//
11// Unless required by applicable law or agreed to in writing,
12// software distributed under the License is distributed on an
13// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14// KIND, either express or implied. See the License for the
15// specific language governing permissions and limitations
16// under the License.
17
18use std::fmt::Debug;
19
20use serde::Deserialize;
21use serde::Serialize;
22
23use super::backend::S3Builder;
24
25/// Config for Aws S3 and compatible services (including minio, digitalocean space,
26/// Tencent Cloud Object Storage(COS) and so on) support.
27#[derive(Default, Serialize, Deserialize, Clone, PartialEq, Eq)]
28#[serde(default)]
29#[non_exhaustive]
30pub struct S3Config {
31 /// root of this backend.
32 ///
33 /// All operations will happen under this root.
34 ///
35 /// default to `/` if not set.
36 pub root: Option<String>,
37 /// bucket name of this backend.
38 ///
39 /// required.
40 #[serde(alias = "aws_bucket", alias = "aws_bucket_name", alias = "bucket_name")]
41 pub bucket: String,
42 /// is bucket versioning enabled for this bucket
43 pub enable_versioning: bool,
44 /// endpoint of this backend.
45 ///
46 /// Endpoint must be full uri, e.g.
47 ///
48 /// - AWS S3: `https://s3.amazonaws.com` or `https://s3.{region}.amazonaws.com`
49 /// - Cloudflare R2: `https://<ACCOUNT_ID>.r2.cloudflarestorage.com`
50 /// - Aliyun OSS: `https://{region}.aliyuncs.com`
51 /// - Tencent COS: `https://cos.{region}.myqcloud.com`
52 /// - Minio: `http://127.0.0.1:9000`
53 ///
54 /// If user inputs endpoint without scheme like "s3.amazonaws.com", we
55 /// will prepend "https://" before it.
56 ///
57 /// - If endpoint is set, we will take user's input first.
58 /// - If not, we will try to load it from environment.
59 /// - If still not set, default to `https://s3.amazonaws.com`.
60 #[serde(
61 alias = "aws_endpoint",
62 alias = "aws_endpoint_url",
63 alias = "endpoint_url"
64 )]
65 pub endpoint: Option<String>,
66 /// Region represent the signing region of this endpoint. This is required
67 /// if you are using the default AWS S3 endpoint.
68 ///
69 /// If using a custom endpoint,
70 /// - If region is set, we will take user's input first.
71 /// - If not, we will try to load it from environment.
72 #[serde(alias = "aws_region")]
73 pub region: Option<String>,
74
75 /// access_key_id of this backend.
76 ///
77 /// - If access_key_id is set, we will take user's input first.
78 /// - If not, we will try to load it from environment.
79 #[serde(alias = "aws_access_key_id")]
80 pub access_key_id: Option<String>,
81 /// secret_access_key of this backend.
82 ///
83 /// - If secret_access_key is set, we will take user's input first.
84 /// - If not, we will try to load it from environment.
85 #[serde(alias = "aws_secret_access_key")]
86 pub secret_access_key: Option<String>,
87 /// session_token (aka, security token) of this backend.
88 ///
89 /// This token will expire after sometime, it's recommended to set session_token
90 /// by hand.
91 #[serde(alias = "aws_session_token", alias = "aws_token", alias = "token")]
92 pub session_token: Option<String>,
93 /// role_arn for this backend.
94 ///
95 /// If `role_arn` is set, we will use already known config as source
96 /// credential to assume role with `role_arn`.
97 pub role_arn: Option<String>,
98 /// external_id for this backend.
99 pub external_id: Option<String>,
100 /// role_session_name for this backend.
101 pub role_session_name: Option<String>,
102 /// Disable config load so that opendal will not load config from
103 /// environment.
104 ///
105 /// For examples:
106 ///
107 /// - envs like `AWS_ACCESS_KEY_ID`
108 /// - files like `~/.aws/config`
109 pub disable_config_load: bool,
110 /// Disable load credential from ec2 metadata.
111 ///
112 /// This option is used to disable the default behavior of opendal
113 /// to load credential from ec2 metadata, a.k.a., IMDSv2
114 pub disable_ec2_metadata: bool,
115 /// Allow anonymous will allow opendal to send request without signing
116 /// when credential is not loaded.
117 pub allow_anonymous: bool,
118 /// server_side_encryption for this backend.
119 ///
120 /// Available values: `AES256`, `aws:kms`.
121 #[serde(alias = "aws_server_side_encryption")]
122 pub server_side_encryption: Option<String>,
123 /// server_side_encryption_aws_kms_key_id for this backend
124 ///
125 /// - If `server_side_encryption` set to `aws:kms`, and `server_side_encryption_aws_kms_key_id`
126 /// is not set, S3 will use aws managed kms key to encrypt data.
127 /// - If `server_side_encryption` set to `aws:kms`, and `server_side_encryption_aws_kms_key_id`
128 /// is a valid kms key id, S3 will use the provided kms key to encrypt data.
129 /// - If the `server_side_encryption_aws_kms_key_id` is invalid or not found, an error will be
130 /// returned.
131 /// - If `server_side_encryption` is not `aws:kms`, setting `server_side_encryption_aws_kms_key_id`
132 /// is a noop.
133 #[serde(alias = "aws_sse_kms_key_id")]
134 pub server_side_encryption_aws_kms_key_id: Option<String>,
135 /// server_side_encryption_customer_algorithm for this backend.
136 ///
137 /// Available values: `AES256`.
138 pub server_side_encryption_customer_algorithm: Option<String>,
139 /// server_side_encryption_customer_key for this backend.
140 ///
141 /// Value: BASE64-encoded key that matches algorithm specified in
142 /// `server_side_encryption_customer_algorithm`.
143 #[serde(alias = "aws_sse_customer_key_base64")]
144 pub server_side_encryption_customer_key: Option<String>,
145 /// Set server_side_encryption_customer_key_md5 for this backend.
146 ///
147 /// Value: MD5 digest of key specified in `server_side_encryption_customer_key`.
148 pub server_side_encryption_customer_key_md5: Option<String>,
149 /// default storage_class for this backend.
150 ///
151 /// Available values:
152 /// - `DEEP_ARCHIVE`
153 /// - `GLACIER`
154 /// - `GLACIER_IR`
155 /// - `INTELLIGENT_TIERING`
156 /// - `ONEZONE_IA`
157 /// - `EXPRESS_ONEZONE`
158 /// - `OUTPOSTS`
159 /// - `REDUCED_REDUNDANCY`
160 /// - `STANDARD`
161 /// - `STANDARD_IA`
162 ///
163 /// S3 compatible services don't support all of them
164 pub default_storage_class: Option<String>,
165 /// Enable virtual host style so that opendal will send API requests
166 /// in virtual host style instead of path style.
167 ///
168 /// - By default, opendal will send API to `https://s3.us-east-1.amazonaws.com/bucket_name`
169 /// - Enabled, opendal will send API to `https://bucket_name.s3.us-east-1.amazonaws.com`
170 #[serde(
171 alias = "aws_virtual_hosted_style_request",
172 alias = "virtual_hosted_style_request"
173 )]
174 pub enable_virtual_host_style: bool,
175 /// Set maximum batch operations of this backend.
176 ///
177 /// Some compatible services have a limit on the number of operations in a batch request.
178 /// For example, R2 could return `Internal Error` while batch delete 1000 files.
179 ///
180 /// Please tune this value based on services' document.
181 #[deprecated(
182 since = "0.52.0",
183 note = "Please use `delete_max_size` instead of `batch_max_operations`"
184 )]
185 pub batch_max_operations: Option<usize>,
186 /// Set the maximum delete size of this backend.
187 ///
188 /// Some compatible services have a limit on the number of operations in a batch request.
189 /// For example, R2 could return `Internal Error` while batch delete 1000 files.
190 ///
191 /// Please tune this value based on services' document.
192 pub delete_max_size: Option<usize>,
193 /// Disable stat with override so that opendal will not send stat request with override queries.
194 ///
195 /// For example, R2 doesn't support stat with `response_content_type` query.
196 pub disable_stat_with_override: bool,
197 /// Checksum Algorithm to use when sending checksums in HTTP headers.
198 /// This is necessary when writing to AWS S3 Buckets with Object Lock enabled for example.
199 ///
200 /// Available options:
201 /// - "crc32c"
202 #[serde(alias = "aws_checksum_algorithm")]
203 pub checksum_algorithm: Option<String>,
204 /// Disable write with if match so that opendal will not send write request with if match headers.
205 ///
206 /// For example, Ceph RADOS S3 doesn't support write with if matched.
207 pub disable_write_with_if_match: bool,
208
209 /// Enable write with append so that opendal will send write request with append headers.
210 pub enable_write_with_append: bool,
211
212 /// OpenDAL uses List Objects V2 by default to list objects.
213 /// However, some legacy services do not yet support V2.
214 /// This option allows users to switch back to the older List Objects V1.
215 pub disable_list_objects_v2: bool,
216
217 /// Indicates whether the client agrees to pay for the requests made to the S3 bucket.
218 #[serde(alias = "aws_request_payer", alias = "request_payer")]
219 pub enable_request_payer: bool,
220}
221
222impl Debug for S3Config {
223 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
224 f.debug_struct("S3Config")
225 .field("root", &self.root)
226 .field("bucket", &self.bucket)
227 .field("endpoint", &self.endpoint)
228 .field("region", &self.region)
229 .finish_non_exhaustive()
230 }
231}
232
233impl crate::Configurator for S3Config {
234 type Builder = S3Builder;
235
236 fn from_uri(uri: &crate::types::OperatorUri) -> crate::Result<Self> {
237 let mut map = uri.options().clone();
238
239 if let Some(name) = uri.name() {
240 map.insert("bucket".to_string(), name.to_string());
241 }
242
243 if let Some(root) = uri.root() {
244 map.insert("root".to_string(), root.to_string());
245 }
246
247 Self::from_iter(map)
248 }
249
250 #[allow(deprecated)]
251 fn into_builder(self) -> Self::Builder {
252 S3Builder {
253 config: self,
254 http_client: None,
255 credential_providers: None,
256 }
257 }
258}
259
260#[cfg(test)]
261mod tests {
262 use std::iter;
263
264 use super::*;
265 use crate::Configurator;
266 use crate::types::OperatorUri;
267
268 #[test]
269 fn test_s3_config_original_field_names() {
270 let json = r#"{
271 "bucket": "test-bucket",
272 "access_key_id": "test-key",
273 "secret_access_key": "test-secret",
274 "region": "us-west-2",
275 "endpoint": "https://s3.amazonaws.com",
276 "session_token": "test-token"
277 }"#;
278
279 let config: S3Config = serde_json::from_str(json).unwrap();
280 assert_eq!(config.bucket, "test-bucket");
281 assert_eq!(config.access_key_id, Some("test-key".to_string()));
282 assert_eq!(config.secret_access_key, Some("test-secret".to_string()));
283 assert_eq!(config.region, Some("us-west-2".to_string()));
284 assert_eq!(
285 config.endpoint,
286 Some("https://s3.amazonaws.com".to_string())
287 );
288 assert_eq!(config.session_token, Some("test-token".to_string()));
289 }
290
291 #[test]
292 fn test_s3_config_aws_prefixed_aliases() {
293 let json = r#"{
294 "aws_bucket": "test-bucket",
295 "aws_access_key_id": "test-key",
296 "aws_secret_access_key": "test-secret",
297 "aws_region": "us-west-2",
298 "aws_endpoint": "https://s3.amazonaws.com",
299 "aws_session_token": "test-token"
300 }"#;
301
302 let config: S3Config = serde_json::from_str(json).unwrap();
303 assert_eq!(config.bucket, "test-bucket");
304 assert_eq!(config.access_key_id, Some("test-key".to_string()));
305 assert_eq!(config.secret_access_key, Some("test-secret".to_string()));
306 assert_eq!(config.region, Some("us-west-2".to_string()));
307 assert_eq!(
308 config.endpoint,
309 Some("https://s3.amazonaws.com".to_string())
310 );
311 assert_eq!(config.session_token, Some("test-token".to_string()));
312 }
313
314 #[test]
315 fn test_s3_config_additional_aliases() {
316 let json = r#"{
317 "bucket_name": "test-bucket",
318 "token": "test-token",
319 "endpoint_url": "https://s3.amazonaws.com",
320 "virtual_hosted_style_request": true,
321 "aws_checksum_algorithm": "crc32c",
322 "request_payer": true
323 }"#;
324
325 let config: S3Config = serde_json::from_str(json).unwrap();
326 assert_eq!(config.bucket, "test-bucket");
327 assert_eq!(config.session_token, Some("test-token".to_string()));
328 assert_eq!(
329 config.endpoint,
330 Some("https://s3.amazonaws.com".to_string())
331 );
332 assert!(config.enable_virtual_host_style);
333 assert_eq!(config.checksum_algorithm, Some("crc32c".to_string()));
334 assert!(config.enable_request_payer);
335 }
336
337 #[test]
338 fn test_s3_config_encryption_aliases() {
339 let json = r#"{
340 "bucket": "test-bucket",
341 "aws_server_side_encryption": "aws:kms",
342 "aws_sse_kms_key_id": "test-kms-key",
343 "aws_sse_customer_key_base64": "dGVzdC1jdXN0b21lci1rZXk="
344 }"#;
345
346 let config: S3Config = serde_json::from_str(json).unwrap();
347 assert_eq!(config.bucket, "test-bucket");
348 assert_eq!(config.server_side_encryption, Some("aws:kms".to_string()));
349 assert_eq!(
350 config.server_side_encryption_aws_kms_key_id,
351 Some("test-kms-key".to_string())
352 );
353 assert_eq!(
354 config.server_side_encryption_customer_key,
355 Some("dGVzdC1jdXN0b21lci1rZXk=".to_string())
356 );
357 }
358
359 #[test]
360 fn from_uri_extracts_bucket_and_root() {
361 let uri = OperatorUri::new("s3://example-bucket/path/to/root", iter::empty()).unwrap();
362 let cfg = S3Config::from_uri(&uri).unwrap();
363 assert_eq!(cfg.bucket, "example-bucket");
364 assert_eq!(cfg.root.as_deref(), Some("path/to/root"));
365 }
366
367 #[test]
368 fn from_uri_extracts_endpoint() {
369 let uri = OperatorUri::new(
370 "s3://example-bucket/path/to/root?endpoint=https%3A%2F%2Fcustom-s3-endpoint.com",
371 iter::empty(),
372 )
373 .unwrap();
374 let cfg = S3Config::from_uri(&uri).unwrap();
375 assert_eq!(cfg.bucket, "example-bucket");
376 assert_eq!(cfg.root.as_deref(), Some("path/to/root"));
377 assert_eq!(
378 cfg.endpoint.as_deref(),
379 Some("https://custom-s3-endpoint.com")
380 );
381 }
382}