opendal-core 0.56.0

Apache OpenDALâ„¢: One Layer, All Storage.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

- Proposal Name: `remove_credential`
- Start Date: 2022-04-02
- RFC PR: [apache/opendal#203](https://github.com/apache/opendal/pull/203)
- Tracking Issue: [apache/opendal#203](https://github.com/apache/opendal/issues/203)

# Summary

Remove the concept of credential.

# Motivation

`Credential` intends to carry service credentials like `access_key_id` and `secret_access_key`. At OpenDAL, we designed a global `Credential` enum for services and users to use.

```rust
pub enum Credential {
    /// Plain refers to no credential has been provided, fallback to services'
    /// default logic.
    Plain,
    /// Basic refers to HTTP Basic Authentication.
    Basic { username: String, password: String },
    /// HMAC, also known as Access Key/Secret Key authentication.
    HMAC {
        access_key_id: String,
        secret_access_key: String,
    },
    /// Token refers to static API token.
    Token(String),
}
```

However, every service only supports one kind of `Credential` with different `Credential` load methods covered by [reqsign](https://github.com/Xuanwo/reqsign). As a result, only `HMAC` is used. Both users and services need to write the same logic again and again.

# Guide-level explanation

`Credential` will be removed, and the services builder will provide native credential representation directly.

For s3:

```rust
pub fn access_key_id(&mut self, v: &str) -> &mut Self {}
pub fn secret_access_key(&mut self, v: &str) -> &mut Self {}
```

For azblob:

```rust
pub fn account_name(&mut self, account_name: &str) -> &mut Self {}
pub fn account_key(&mut self, account_key: &str) -> &mut Self {}
```

All builders must implement `Debug` by hand and redact sensitive fields to avoid credentials being a leak.

```rust
impl Debug for Builder {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        let mut ds = f.debug_struct("Builder");

        ds.field("root", &self.root);
        ds.field("container", &self.container);
        ds.field("endpoint", &self.endpoint);

        if self.account_name.is_some() {
            ds.field("account_name", &"<redacted>");
        }
        if self.account_key.is_some() {
            ds.field("account_key", &"<redacted>");
        }

        ds.finish_non_exhaustive()
    }
}
```

# Reference-level explanation

Simple change without reference-level explanation needs.

# Drawbacks

API Breakage.

# Rationale and alternatives

None

# Prior art

None

# Unresolved questions

None

# Future possibilities

None