git-remote-object-store 0.2.4

Git remote helper backed by cloud object stores (S3, Azure Blob Storage)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

//! Shared error type for every [`ObjectStore`][super::ObjectStore]
//! implementation.
//!
//! Centralises the mapping of backend-specific failure codes onto a small,
//! finite set of variants so higher layers (push, fetch, doctor, LFS) can
//! pattern-match without caring whether the underlying SDK returned an
//! `aws_sdk_s3::error::SdkError` or an `azure_core::error::Error`.
//!
//! On the conditional-write path, S3 returns 412 (`PreconditionFailed`)
//! *and* 409 (`ConditionalRequestConflict`) for the same
//! `If-None-Match: "*"` contention path; both variants are kept here so
//! backends can preserve the distinction in diagnostics, while the
//! `put_if_absent` trait method collapses both into the `Ok(false)`
//! "lock not acquired" return.

use std::error::Error as StdError;

/// Boxed source error used by [`ObjectStoreError::Network`] and
/// [`ObjectStoreError::Other`].
///
/// `Send + Sync + 'static` so the error can cross task boundaries; this
/// matches the bounds `tokio::task::JoinHandle` and friends impose.
pub type BoxError = Box<dyn StdError + Send + Sync + 'static>;

/// Errors returned by every [`ObjectStore`][super::ObjectStore] method.
///
/// The `String` payload on the four key-correlated variants names the key
/// (or, for `list`, the prefix) the operation was attempting, so
/// `tracing::error!` lines remain actionable without the caller adding
/// context.
#[derive(Debug, thiserror::Error)]
pub enum ObjectStoreError {
    /// Object (or, for `list`, every object under the prefix) is absent.
    #[error("object not found: {0}")]
    NotFound(String),

    /// Authentication succeeded but the principal is not allowed to perform
    /// the operation. Maps from S3 `AccessDenied` (HTTP 403) and Azure
    /// `AuthorizationFailure`.
    #[error("access denied: {0}")]
    AccessDenied(String),

    /// Conditional request returned 412 — the precondition (typically
    /// `If-None-Match: "*"`) was not satisfied. `put_if_absent`
    /// collapses this into `Ok(false)`, so callers should rarely
    /// observe it directly.
    #[error("precondition failed: {0}")]
    PreconditionFailed(String),

    /// Conditional request returned 409. Treated by `put_if_absent` callers
    /// the same as `PreconditionFailed`, but kept distinct for diagnostics.
    #[error("conflict: {0}")]
    Conflict(String),

    /// Upload body exceeded the backend's size ceiling for the API call
    /// in use. Maps from S3 `EntityTooLarge` (single-PUT > 5 GiB) and
    /// Azure 413 / `RequestBodyTooLarge` (single Put Blob > 5000 MiB).
    /// `limit_bytes` is the backend-specific ceiling at the time the
    /// classifier ran, surfaced so the wire-line message names a concrete
    /// number rather than dumping an opaque SDK error chain.
    #[error("upload exceeds backend size limit ({})", format_byte_limit(*limit_bytes))]
    PayloadTooLarge {
        /// The backend's documented single-call size ceiling, in bytes.
        limit_bytes: u64,
    },

    /// Ranged GET requested a byte range that the backend cannot
    /// satisfy. Maps from HTTP 416 on both S3 and Azure, and surfaces
    /// caller-side range bugs (`start > end`) without issuing a network
    /// call. The `requested` range is the half-open `[start, end)` the
    /// caller passed to `get_bytes_range`.
    #[error("range {}..{} not satisfiable for key `{key}`", requested.start, requested.end)]
    RangeNotSatisfiable {
        /// Key being read.
        key: String,
        /// Range the caller asked for (half-open, end-exclusive).
        requested: std::ops::Range<u64>,
    },

    /// Transport-level failure (DNS, TLS, timeout, connection reset).
    /// Carries the original SDK error as `#[source]` so the chain is
    /// preserved. The inner error is included in the display so the
    /// SDK-level detail (e.g. "operation timed out") surfaces in the
    /// push `error <ref>` wire line without requiring verbose logging.
    #[error("network error: {0}")]
    Network(#[source] BoxError),

    /// Operation is not implemented for the backend in use. Used by
    /// optional [`ObjectStore`](crate::object_store::ObjectStore)
    /// methods such as `presigned_get_url` that not every backend
    /// can satisfy (e.g. `MockStore` in tests, or `AzureStore`
    /// configured with a `TokenCredential` rather than a shared
    /// account key — the latter cannot generate a service-SAS). The
    /// payload is the full operator-facing message; the variant
    /// adds no prefix of its own so chained errors do not double-
    /// say "not supported".
    #[error("{0}")]
    Unsupported(String),

    /// Any backend failure that does not fit the variants above.
    #[error(transparent)]
    Other(BoxError),
}

/// Render a byte ceiling as the largest unit that divides it cleanly
/// (`5 GiB`, `5000 MiB`, otherwise raw bytes). Used in
/// [`ObjectStoreError::PayloadTooLarge`]'s `Display` so the wire-line
/// reads as a familiar quota number rather than "5368709120".
fn format_byte_limit(bytes: u64) -> String {
    const GIB: u64 = 1 << 30;
    const MIB: u64 = 1 << 20;
    if bytes >= GIB && bytes.is_multiple_of(GIB) {
        format!("{} GiB", bytes / GIB)
    } else if bytes >= MIB && bytes.is_multiple_of(MIB) {
        format!("{} MiB", bytes / MIB)
    } else {
        format!("{bytes} B")
    }
}

/// Wrap any concrete `std::error::Error` into [`ObjectStoreError::Other`].
///
/// Replaces the open-coded `|e| ObjectStoreError::Other(Box::new(e))` closure
/// that otherwise repeats at every I/O / time-conversion / persist
/// call site.
pub(crate) fn other_boxed<E: StdError + Send + Sync + 'static>(e: E) -> ObjectStoreError {
    ObjectStoreError::Other(Box::new(e))
}

/// Wrap any concrete `std::error::Error` into [`ObjectStoreError::Network`].
///
/// Replaces the open-coded `|e| ObjectStoreError::Network(Box::new(e))`
/// closure used at every body-streaming / multipart-chunk site that
/// surfaces a transport failure.
pub(crate) fn network_boxed<E: StdError + Send + Sync + 'static>(e: E) -> ObjectStoreError {
    ObjectStoreError::Network(Box::new(e))
}

#[cfg(test)]
mod tests {
    use super::*;

    fn boxed_io(message: &str) -> BoxError {
        Box::new(std::io::Error::other(message.to_string()))
    }

    #[test]
    fn display_names_the_key() {
        assert_eq!(
            ObjectStoreError::NotFound("a/b".into()).to_string(),
            "object not found: a/b"
        );
        assert_eq!(
            ObjectStoreError::AccessDenied("a/b".into()).to_string(),
            "access denied: a/b"
        );
        assert_eq!(
            ObjectStoreError::PreconditionFailed("a/b".into()).to_string(),
            "precondition failed: a/b"
        );
        assert_eq!(
            ObjectStoreError::Conflict("a/b".into()).to_string(),
            "conflict: a/b"
        );
    }

    #[test]
    fn network_preserves_source_chain() {
        let err = ObjectStoreError::Network(boxed_io("dns failure"));
        assert_eq!(err.to_string(), "network error: dns failure");
        let source = err.source().expect("Network exposes its #[source]");
        assert_eq!(source.to_string(), "dns failure");
    }

    #[test]
    fn other_is_transparent() {
        let err = ObjectStoreError::Other(boxed_io("boom"));
        // `transparent` forwards Display to the inner error.
        assert_eq!(err.to_string(), "boom");
    }

    #[test]
    fn payload_too_large_renders_gib_when_exact() {
        let err = ObjectStoreError::PayloadTooLarge {
            limit_bytes: 5 * (1 << 30),
        };
        assert_eq!(err.to_string(), "upload exceeds backend size limit (5 GiB)");
    }

    #[test]
    fn payload_too_large_renders_mib_when_not_a_clean_gib() {
        // Azure single-PUT ceiling is 5000 MiB — close to but not 5 GiB.
        let err = ObjectStoreError::PayloadTooLarge {
            limit_bytes: 5_000 * (1 << 20),
        };
        assert_eq!(
            err.to_string(),
            "upload exceeds backend size limit (5000 MiB)"
        );
    }

    #[test]
    fn payload_too_large_falls_back_to_raw_bytes() {
        let err = ObjectStoreError::PayloadTooLarge { limit_bytes: 1_234 };
        assert_eq!(
            err.to_string(),
            "upload exceeds backend size limit (1234 B)"
        );
    }

    #[test]
    fn range_not_satisfiable_names_key_and_range() {
        let err = ObjectStoreError::RangeNotSatisfiable {
            key: "packs/abc.pack".to_string(),
            requested: 100..200,
        };
        assert_eq!(
            err.to_string(),
            "range 100..200 not satisfiable for key `packs/abc.pack`"
        );
    }
}