bucketwarden_server/

storage_backend_support.rs

use super::*;

pub const STORAGE_BACKEND_NATIVE_OBJECT_ENGINE: &str = "native-object-engine";
pub const STORAGE_BACKEND_S3_GATEWAY: &str = "s3-gateway";
pub const STORAGE_BACKEND_FILESYSTEM: &str = "filesystem-backed";
pub const STORAGE_BACKEND_RADOS: &str = "rados";
pub const STORAGE_BACKEND_VOLUME_FILER: &str = "volume-filer";
pub const STORAGE_BACKEND_HADOOP_OBJECT_STORE: &str = "hadoop-object-store";

const STORAGE_BACKEND_CAPABILITIES: &[&str] = &[
    "native-support-state",
    "semantic-parity",
    "configuration-admin-surface",
    "security-governance-impact",
    "observability-evidence",
    "failure-mode-behavior",
    "validation-test-coverage",
    "product-specific-caveats",
];

const STORAGE_BACKEND_CAVEATS: &[&str] = &[
    "BucketWarden is an S3-compatible object runtime, not a POSIX filesystem.",
    "Filesystem persistence stores encrypted object bytes plus canonical metadata manifests.",
    "RADOS, volume/filer, and Hadoop backends are tracked but fail closed outside the current product boundary.",
];

const STORAGE_BACKEND_FAILURE_MODES: &[&str] = &[
    "unsupported-backend-rejected",
    "metadata-manifest-validation",
    "object-byte-checksum-mismatch",
    "operator-audit-event-required",
];

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct StorageBackendSupportEntry {
    pub backend: &'static str,
    pub native_support: bool,
    pub semantic_parity: &'static str,
    pub failure_mode: &'static str,
    pub caveat: &'static str,
}

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct StorageBackendSupportReport {
    pub active_backend: &'static str,
    pub supported_backends: Vec<&'static str>,
    pub unsupported_backends: Vec<&'static str>,
    pub capabilities: Vec<&'static str>,
    pub failure_modes: Vec<&'static str>,
    pub caveats: Vec<&'static str>,
    pub entries: Vec<StorageBackendSupportEntry>,
}

impl BucketWarden {
    pub fn storage_backend_support_report(&self) -> StorageBackendSupportReport {
        StorageBackendSupportReport {
            active_backend: STORAGE_BACKEND_FILESYSTEM,
            supported_backends: vec![
                STORAGE_BACKEND_NATIVE_OBJECT_ENGINE,
                STORAGE_BACKEND_S3_GATEWAY,
                STORAGE_BACKEND_FILESYSTEM,
            ],
            unsupported_backends: vec![
                STORAGE_BACKEND_RADOS,
                STORAGE_BACKEND_VOLUME_FILER,
                STORAGE_BACKEND_HADOOP_OBJECT_STORE,
            ],
            capabilities: STORAGE_BACKEND_CAPABILITIES.to_vec(),
            failure_modes: STORAGE_BACKEND_FAILURE_MODES.to_vec(),
            caveats: STORAGE_BACKEND_CAVEATS.to_vec(),
            entries: vec![
                StorageBackendSupportEntry {
                    backend: STORAGE_BACKEND_NATIVE_OBJECT_ENGINE,
                    native_support: true,
                    semantic_parity: "BucketWarden native object-version semantics.",
                    failure_mode: "runtime object mutations return typed errors and do not silently switch engines.",
                    caveat: "Native object engine semantics are scoped to BucketWarden, not AWS internal storage.",
                },
                StorageBackendSupportEntry {
                    backend: STORAGE_BACKEND_S3_GATEWAY,
                    native_support: true,
                    semantic_parity: "S3-compatible HTTP gateway over the same object engine.",
                    failure_mode: "unsupported or malformed S3 requests return explicit S3-compatible errors.",
                    caveat: "Gateway support is endpoint-compatible and excludes AWS account control-plane behavior.",
                },
                StorageBackendSupportEntry {
                    backend: STORAGE_BACKEND_FILESYSTEM,
                    native_support: true,
                    semantic_parity: "Encrypted object bytes on local filesystem with manifest metadata restore.",
                    failure_mode: "manifest schema, path, length, and checksum validation fail closed.",
                    caveat: "Filesystem backend is an object persistence engine, not a general file-sharing protocol.",
                },
                StorageBackendSupportEntry {
                    backend: STORAGE_BACKEND_RADOS,
                    native_support: false,
                    semantic_parity: "No RADOS cluster, pool, placement group, or Ceph semantics are claimed.",
                    failure_mode: "RADOS backend selection is rejected as unsupported.",
                    caveat: "RADOS remains tracked out of bounds until a dedicated backend is implemented.",
                },
                StorageBackendSupportEntry {
                    backend: STORAGE_BACKEND_VOLUME_FILER,
                    native_support: false,
                    semantic_parity: "No filer volume, inode, lock, or share semantics are claimed.",
                    failure_mode: "Volume/filer backend selection is rejected as unsupported.",
                    caveat: "Volume/filer integration requires an external adapter or future backend.",
                },
                StorageBackendSupportEntry {
                    backend: STORAGE_BACKEND_HADOOP_OBJECT_STORE,
                    native_support: false,
                    semantic_parity: "No Hadoop filesystem, NameNode, block placement, or HDFS semantics are claimed.",
                    failure_mode: "Hadoop backend selection is rejected as unsupported.",
                    caveat: "Hadoop object-store compatibility is outside the current runtime boundary.",
                },
            ],
        }
    }

    pub fn ensure_storage_backend_supported(&self, backend: &str) -> Result<(), RuntimeError> {
        let report = self.storage_backend_support_report();
        if report.supported_backends.contains(&backend) {
            Ok(())
        } else {
            Err(RuntimeError::UnsupportedStorageBackend(backend.to_string()))
        }
    }
}