bucketwarden-server 0.1.0

BucketWarden storage server runtime.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

use super::*;

pub const LARGE_OBJECT_MODE_MULTIPART: &str = "multipart-large-object";
pub const LARGE_OBJECT_MODE_STRIPED: &str = "striped-large-object";
pub const LARGE_OBJECT_MODE_PARALLEL_READ: &str = "parallel-read-large-object";
pub const LARGE_OBJECT_MODE_PARALLEL_WRITE: &str = "parallel-write-large-object";

pub const LARGE_OBJECT_MULTIPART_THRESHOLD_BYTES: usize = 5 * 1024 * 1024;

const LARGE_OBJECT_CAPABILITIES: &[&str] = &[
    "multipart-throughput",
    "striping",
    "parallel-reads",
    "parallel-writes",
    "range-read-behavior",
    "native-support-state",
    "semantic-parity",
    "configuration-admin-surface",
    "security-governance-impact",
    "observability-evidence",
    "failure-mode-behavior",
    "validation-test-coverage",
    "product-specific-caveats",
];

const LARGE_OBJECT_CAVEATS: &[&str] = &[
    "BucketWarden supports multipart upload, part listing, multipart completion, copy-source ranges, HTTP range reads, integrity, encryption, audit, and notification semantics under the local runtime boundary.",
    "Large-object multipart support is semantically validated, but no storage-engine throughput SLO or benchmark-backed numeric performance claim is made.",
    "Striping, parallel read scheduling, and parallel write scheduling are tracked but fail closed until a durable scheduler and placement contract exist.",
    "Large-object proof does not claim distributed striping, concurrent IO fanout, adaptive chunk sizing, or p95/p99 throughput targets.",
];

const LARGE_OBJECT_FAILURE_MODES: &[&str] = &[
    "unsupported-large-object-mode-rejected",
    "striped-large-object-mode-rejected",
    "parallel-read-mode-rejected",
    "parallel-write-mode-rejected",
    "invalid-large-object-threshold-rejected",
];

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct LargeObjectOptimizationEntry {
    pub mode: &'static str,
    pub native_support: bool,
    pub semantic_parity: &'static str,
    pub storage_behavior: &'static str,
    pub throughput_behavior: &'static str,
    pub failure_mode: &'static str,
    pub caveat: &'static str,
}

#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
pub struct LargeObjectOptimizationReport {
    pub active_mode: &'static str,
    pub multipart_threshold_bytes: usize,
    pub supported_modes: Vec<&'static str>,
    pub unsupported_modes: Vec<&'static str>,
    pub capabilities: Vec<&'static str>,
    pub failure_modes: Vec<&'static str>,
    pub caveats: Vec<&'static str>,
    pub entries: Vec<LargeObjectOptimizationEntry>,
}

#[derive(Clone, Debug, Default, Eq, PartialEq, Serialize)]
pub struct LargeObjectOptimizationPolicy {
    pub mode: String,
    pub multipart_threshold_bytes: Option<usize>,
    pub enable_striping: bool,
    pub enable_parallel_reads: bool,
    pub enable_parallel_writes: bool,
    pub throughput_slo_bytes_per_second: Option<u64>,
}

impl BucketWarden {
    pub fn large_object_optimization_report(&self) -> LargeObjectOptimizationReport {
        LargeObjectOptimizationReport {
            active_mode: LARGE_OBJECT_MODE_MULTIPART,
            multipart_threshold_bytes: LARGE_OBJECT_MULTIPART_THRESHOLD_BYTES,
            supported_modes: vec![LARGE_OBJECT_MODE_MULTIPART],
            unsupported_modes: vec![
                LARGE_OBJECT_MODE_STRIPED,
                LARGE_OBJECT_MODE_PARALLEL_READ,
                LARGE_OBJECT_MODE_PARALLEL_WRITE,
            ],
            capabilities: LARGE_OBJECT_CAPABILITIES.to_vec(),
            failure_modes: LARGE_OBJECT_FAILURE_MODES.to_vec(),
            caveats: LARGE_OBJECT_CAVEATS.to_vec(),
            entries: vec![
                LargeObjectOptimizationEntry {
                    mode: LARGE_OBJECT_MODE_MULTIPART,
                    native_support: true,
                    semantic_parity: "Multipart uploads, ordered part completion, part checksums, version creation, encryption, lock defaults, audit, notifications, and range reads preserve the same object semantics as single PUT objects.",
                    storage_behavior: "Completed multipart objects are stored as committed object versions with multipart integrity records.",
                    throughput_behavior: "Multipart part ingestion and range reads are supported as protocol/runtime behavior; no benchmark-backed throughput SLO is claimed.",
                    failure_mode: "Invalid threshold or unsupported optimization policy is rejected before claiming support.",
                    caveat: "Multipart proof does not claim distributed striping or concurrent IO fanout.",
                },
                LargeObjectOptimizationEntry {
                    mode: LARGE_OBJECT_MODE_STRIPED,
                    native_support: false,
                    semantic_parity: "No stripe placement, stripe index, or stripe recovery semantics are claimed.",
                    storage_behavior: "Striped large-object storage is out of the current runtime boundary.",
                    throughput_behavior: "Striping-related throughput improvement is not claimed.",
                    failure_mode: "Striped large-object mode selection is rejected as unsupported.",
                    caveat: "Striping needs durable placement, repair, recovery, and integrity contracts.",
                },
                LargeObjectOptimizationEntry {
                    mode: LARGE_OBJECT_MODE_PARALLEL_READ,
                    native_support: false,
                    semantic_parity: "No parallel range scheduler or fanout read semantics are claimed.",
                    storage_behavior: "Parallel read scheduling is out of the current runtime boundary.",
                    throughput_behavior: "Parallel read throughput improvement is not claimed.",
                    failure_mode: "Parallel read mode selection is rejected as unsupported.",
                    caveat: "Parallel reads need scheduler, cancellation, ordering, and observability proof.",
                },
                LargeObjectOptimizationEntry {
                    mode: LARGE_OBJECT_MODE_PARALLEL_WRITE,
                    native_support: false,
                    semantic_parity: "No parallel write scheduler or fanout write commit semantics are claimed.",
                    storage_behavior: "Parallel write scheduling is out of the current runtime boundary.",
                    throughput_behavior: "Parallel write throughput improvement is not claimed.",
                    failure_mode: "Parallel write mode selection is rejected as unsupported.",
                    caveat: "Parallel writes need atomic multi-part scheduling and failure recovery proof.",
                },
            ],
        }
    }

    pub fn is_large_object(&self, body_len: usize) -> bool {
        body_len >= LARGE_OBJECT_MULTIPART_THRESHOLD_BYTES
    }

    pub fn ensure_large_object_mode_supported(&self, mode: &str) -> Result<(), RuntimeError> {
        let report = self.large_object_optimization_report();
        if report.supported_modes.contains(&mode) {
            Ok(())
        } else {
            Err(RuntimeError::UnsupportedLargeObjectOptimization(
                mode.to_string(),
            ))
        }
    }

    pub fn validate_large_object_optimization_policy(
        &self,
        policy: &LargeObjectOptimizationPolicy,
    ) -> Result<(), RuntimeError> {
        self.ensure_large_object_mode_supported(&policy.mode)?;
        if policy
            .multipart_threshold_bytes
            .is_some_and(|threshold| threshold == 0)
        {
            return Err(RuntimeError::InvalidLargeObjectOptimizationPolicy(
                "large-object multipart threshold must be nonzero".to_string(),
            ));
        }
        if policy.enable_striping {
            return Err(RuntimeError::InvalidLargeObjectOptimizationPolicy(
                "large-object striping is outside the current boundary".to_string(),
            ));
        }
        if policy.enable_parallel_reads {
            return Err(RuntimeError::InvalidLargeObjectOptimizationPolicy(
                "parallel large-object reads are outside the current boundary".to_string(),
            ));
        }
        if policy.enable_parallel_writes {
            return Err(RuntimeError::InvalidLargeObjectOptimizationPolicy(
                "parallel large-object writes are outside the current boundary".to_string(),
            ));
        }
        if policy.throughput_slo_bytes_per_second.is_some() {
            return Err(RuntimeError::InvalidLargeObjectOptimizationPolicy(
                "numeric large-object throughput SLOs require benchmark evidence".to_string(),
            ));
        }
        Ok(())
    }
}