rustack-s3-core 0.9.0

S3 service implementation for Rustack
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

//! S3 authentication via the `CredentialProvider` trait.
//!
//! [`RustackAuth`] implements the [`rustack_auth::credentials::CredentialProvider`]
//! trait to provide authentication for the Rustack S3 service. When signature
//! validation is skipped (the default for local development), any access key maps
//! to an empty secret key, effectively disabling signature verification.
//!
//! When validation is enabled, all access keys map to the secret key `"test"`,
//! matching LocalStack's default behavior.

use rustack_auth::{credentials::CredentialProvider, error::AuthError};
use tracing::debug;

/// Rustack authentication provider.
///
/// # Examples
///
/// ```
/// use rustack_s3_core::auth::RustackAuth;
///
/// let auth = RustackAuth::new(true);
/// assert!(auth.skip_validation());
/// ```
#[derive(Debug, Clone)]
pub struct RustackAuth {
    skip_validation: bool,
}

impl RustackAuth {
    /// Create a new authentication provider.
    ///
    /// When `skip_validation` is `true`, all signature checks are effectively
    /// bypassed by returning an empty secret key for any access key.
    #[must_use]
    pub fn new(skip_validation: bool) -> Self {
        Self { skip_validation }
    }

    /// Whether signature validation is skipped.
    #[must_use]
    pub fn skip_validation(&self) -> bool {
        self.skip_validation
    }
}

impl CredentialProvider for RustackAuth {
    fn get_secret_key(&self, access_key_id: &str) -> Result<String, AuthError> {
        if self.skip_validation {
            debug!(access_key_id, "Skipping signature validation");
            return Ok(String::new());
        }

        debug!(access_key_id, "Returning default secret key for access key");
        Ok("test".to_owned())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_should_create_auth_with_skip_validation() {
        let auth = RustackAuth::new(true);
        assert!(auth.skip_validation());
    }

    #[test]
    fn test_should_create_auth_with_validation() {
        let auth = RustackAuth::new(false);
        assert!(!auth.skip_validation());
    }

    #[test]
    fn test_should_return_empty_key_when_skipping_validation() {
        let auth = RustackAuth::new(true);
        let key = auth.get_secret_key("any-key").expect("test get_secret_key");
        assert_eq!(key, "");
    }

    #[test]
    fn test_should_return_test_key_when_validating() {
        let auth = RustackAuth::new(false);
        let key = auth
            .get_secret_key("AKIAIOSFODNN7EXAMPLE")
            .expect("test get_secret_key");
        assert_eq!(key, "test");
    }
}