llm-shield-cloud 0.1.1

Cloud abstraction layer for LLM Shield - unified traits for AWS, GCP, and Azure
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355

//! Cloud storage abstractions.
//!
//! Provides unified trait for object storage across cloud providers:
//! - AWS S3
//! - GCP Cloud Storage
//! - Azure Blob Storage

use crate::error::{CloudError, Result};
use async_trait::async_trait;
use std::time::SystemTime;

/// Metadata about a storage object.
#[derive(Debug, Clone)]
pub struct ObjectMetadata {
    /// Size of the object in bytes.
    pub size: u64,

    /// When the object was last modified.
    pub last_modified: SystemTime,

    /// Content type of the object (e.g., "application/json").
    pub content_type: Option<String>,

    /// ETag or version identifier.
    pub etag: Option<String>,

    /// Storage class/tier (e.g., "STANDARD", "GLACIER", "ARCHIVE").
    pub storage_class: Option<String>,
}

/// Options for uploading objects.
#[derive(Debug, Clone, Default)]
pub struct PutObjectOptions {
    /// Content type of the object.
    pub content_type: Option<String>,

    /// Storage class/tier.
    pub storage_class: Option<String>,

    /// Server-side encryption algorithm.
    pub encryption: Option<String>,

    /// Custom metadata key-value pairs.
    pub metadata: Vec<(String, String)>,
}

/// Options for downloading objects.
#[derive(Debug, Clone, Default)]
pub struct GetObjectOptions {
    /// Byte range to fetch (start, end).
    pub range: Option<(u64, u64)>,

    /// Expected ETag for conditional fetch.
    pub if_match: Option<String>,
}

/// Unified trait for cloud object storage.
///
/// This trait provides a consistent interface for object storage operations
/// across different cloud providers (AWS S3, GCP Cloud Storage, Azure Blob Storage).
#[async_trait]
pub trait CloudStorage: Send + Sync {
    /// Gets an object by key.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path
    ///
    /// # Returns
    ///
    /// Returns the object data as bytes.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageObjectNotFound` if the object doesn't exist.
    /// Returns `CloudError::StorageFetch` if the fetch operation fails.
    async fn get_object(&self, key: &str) -> Result<Vec<u8>>;

    /// Gets an object with options.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path
    /// * `options` - Fetch options (range, conditional fetch, etc.)
    ///
    /// # Returns
    ///
    /// Returns the object data as bytes.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageFetch` if the fetch operation fails.
    async fn get_object_with_options(
        &self,
        key: &str,
        options: &GetObjectOptions,
    ) -> Result<Vec<u8>> {
        // Default implementation ignores options
        self.get_object(key).await
    }

    /// Puts an object with key.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path
    /// * `data` - The object data
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StoragePut` if the put operation fails.
    async fn put_object(&self, key: &str, data: &[u8]) -> Result<()>;

    /// Puts an object with options.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path
    /// * `data` - The object data
    /// * `options` - Upload options (content type, encryption, etc.)
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StoragePut` if the put operation fails.
    async fn put_object_with_options(
        &self,
        key: &str,
        data: &[u8],
        options: &PutObjectOptions,
    ) -> Result<()> {
        // Default implementation ignores options
        self.put_object(key, data).await
    }

    /// Deletes an object.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path to delete
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageDelete` if the delete operation fails.
    async fn delete_object(&self, key: &str) -> Result<()>;

    /// Lists objects with a given prefix.
    ///
    /// # Arguments
    ///
    /// * `prefix` - The prefix to filter objects
    ///
    /// # Returns
    ///
    /// Returns a vector of object keys/paths.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageList` if the list operation fails.
    async fn list_objects(&self, prefix: &str) -> Result<Vec<String>>;

    /// Lists objects with a given prefix and limit.
    ///
    /// # Arguments
    ///
    /// * `prefix` - The prefix to filter objects
    /// * `max_results` - Maximum number of results to return
    ///
    /// # Returns
    ///
    /// Returns a vector of object keys/paths.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageList` if the list operation fails.
    async fn list_objects_with_limit(
        &self,
        prefix: &str,
        max_results: usize,
    ) -> Result<Vec<String>> {
        // Default implementation gets all and truncates
        let mut objects = self.list_objects(prefix).await?;
        objects.truncate(max_results);
        Ok(objects)
    }

    /// Checks if an object exists.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path to check
    ///
    /// # Returns
    ///
    /// Returns `true` if the object exists, `false` otherwise.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageFetch` if the check operation fails
    /// (but not if the object simply doesn't exist).
    async fn object_exists(&self, key: &str) -> Result<bool> {
        match self.get_object_metadata(key).await {
            Ok(_) => Ok(true),
            Err(CloudError::StorageObjectNotFound(_)) => Ok(false),
            Err(e) => Err(e),
        }
    }

    /// Gets object metadata without fetching the full object.
    ///
    /// # Arguments
    ///
    /// * `key` - The object key/path
    ///
    /// # Returns
    ///
    /// Returns metadata about the object.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageObjectNotFound` if the object doesn't exist.
    /// Returns `CloudError::StorageFetch` if the metadata fetch fails.
    async fn get_object_metadata(&self, key: &str) -> Result<ObjectMetadata>;

    /// Copies an object within the same storage.
    ///
    /// # Arguments
    ///
    /// * `from_key` - Source object key/path
    /// * `to_key` - Destination object key/path
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageFetch` if the source doesn't exist.
    /// Returns `CloudError::StoragePut` if the copy operation fails.
    async fn copy_object(&self, from_key: &str, to_key: &str) -> Result<()> {
        // Default implementation: get then put
        let data = self.get_object(from_key).await?;
        self.put_object(to_key, &data).await
    }

    /// Moves an object (copy then delete).
    ///
    /// # Arguments
    ///
    /// * `from_key` - Source object key/path
    /// * `to_key` - Destination object key/path
    ///
    /// # Errors
    ///
    /// Returns errors from copy or delete operations.
    async fn move_object(&self, from_key: &str, to_key: &str) -> Result<()> {
        self.copy_object(from_key, to_key).await?;
        self.delete_object(from_key).await
    }

    /// Gets the storage provider name (e.g., "s3", "gcs", "azure").
    fn provider_name(&self) -> &str {
        "unknown"
    }

    /// Deletes multiple objects in batch.
    ///
    /// # Arguments
    ///
    /// * `keys` - Vector of object keys/paths to delete
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageDelete` if the batch delete fails.
    async fn delete_objects(&self, keys: &[String]) -> Result<()> {
        // Default implementation: delete one by one
        for key in keys {
            self.delete_object(key).await?;
        }
        Ok(())
    }

    /// Lists objects with metadata.
    ///
    /// # Arguments
    ///
    /// * `prefix` - The prefix to filter objects
    ///
    /// # Returns
    ///
    /// Returns a vector of (key, metadata) tuples.
    ///
    /// # Errors
    ///
    /// Returns `CloudError::StorageList` if the list operation fails.
    async fn list_objects_with_metadata(&self, prefix: &str) -> Result<Vec<ObjectMetadata>> {
        // Default implementation not provided - must be overridden
        Err(CloudError::OperationFailed(
            "list_objects_with_metadata not implemented".to_string(),
        ))
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_object_metadata() {
        let metadata = ObjectMetadata {
            size: 1024,
            last_modified: SystemTime::now(),
            content_type: Some("application/json".to_string()),
            etag: Some("abc123".to_string()),
            storage_class: Some("STANDARD".to_string()),
        };

        assert_eq!(metadata.size, 1024);
        assert!(metadata.content_type.is_some());
        assert_eq!(metadata.content_type.unwrap(), "application/json");
    }

    #[test]
    fn test_put_object_options_default() {
        let options = PutObjectOptions::default();
        assert!(options.content_type.is_none());
        assert!(options.storage_class.is_none());
        assert!(options.encryption.is_none());
        assert_eq!(options.metadata.len(), 0);
    }

    #[test]
    fn test_put_object_options_builder() {
        let options = PutObjectOptions {
            content_type: Some("text/plain".to_string()),
            storage_class: Some("GLACIER".to_string()),
            encryption: Some("AES256".to_string()),
            metadata: vec![
                ("author".to_string(), "John Doe".to_string()),
                ("version".to_string(), "1.0".to_string()),
            ],
        };

        assert_eq!(options.content_type.unwrap(), "text/plain");
        assert_eq!(options.storage_class.unwrap(), "GLACIER");
        assert_eq!(options.metadata.len(), 2);
    }

    #[test]
    fn test_get_object_options() {
        let options = GetObjectOptions {
            range: Some((0, 1023)),
            if_match: Some("etag-123".to_string()),
        };

        assert!(options.range.is_some());
        assert_eq!(options.range.unwrap(), (0, 1023));
        assert_eq!(options.if_match.unwrap(), "etag-123");
    }
}