s3z 0.1.0-rc.2

S3 ops, but fearlessly fast!
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

//! Credential resolution and request signing.

mod sigv4;

use std::env;

pub(crate) use sigv4::sign_request;

use crate::error::{self, Result};

/// How to obtain AWS credentials.
#[derive(Debug, Clone)]
#[non_exhaustive]
pub enum CredentialSource {
    /// Read from `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` env vars.
    Env,
    /// Explicit access key / secret key pair.
    Static {
        /// AWS access key ID.
        access_key: String,
        /// AWS secret access key.
        secret_key: String,
    },
}

/// Resolved credentials ready for signing.
#[derive(Debug, Clone)]
#[non_exhaustive]
pub(crate) struct Credentials {
    /// AWS access key ID.
    pub(crate) access_key: String,
    /// AWS secret access key.
    pub(crate) secret_key: String,
}

/// Resolve [`CredentialSource`] into concrete [`Credentials`].
///
/// # Errors
///
/// Returns [`error::Error::Auth`] if env vars are missing when using
/// [`CredentialSource::Env`].
pub(crate) fn resolve(source: &CredentialSource) -> Result<Credentials> {
    match source {
        CredentialSource::Env => {
            let access_key = env::var("AWS_ACCESS_KEY_ID")
                .map_err(|_e| error::missing_env("AWS_ACCESS_KEY_ID"))?;
            let secret_key = env::var("AWS_SECRET_ACCESS_KEY")
                .map_err(|_e| error::missing_env("AWS_SECRET_ACCESS_KEY"))?;
            Ok(Credentials {
                access_key,
                secret_key,
            })
        },
        CredentialSource::Static {
            access_key,
            secret_key,
        } => {
            Ok(Credentials {
                access_key: access_key.clone(),
                secret_key: secret_key.clone(),
            })
        },
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn static_credentials_resolved() {
        let source = CredentialSource::Static {
            access_key: "AKID".into(),
            secret_key: "SECRET".into(),
        };
        let creds = resolve(&source).unwrap();
        assert_eq!(creds.access_key, "AKID");
        assert_eq!(creds.secret_key, "SECRET");
    }

    #[test]
    fn static_credentials_empty_strings_accepted() {
        let source = CredentialSource::Static {
            access_key: String::new(),
            secret_key: String::new(),
        };
        let creds = resolve(&source).unwrap();
        assert_eq!(creds.access_key, "");
        assert_eq!(creds.secret_key, "");
    }

    #[test]
    fn missing_env_helper_formats_correctly() {
        let err = error::missing_env("AWS_ACCESS_KEY_ID");
        match err {
            error::Error::Auth(msg) => {
                assert_eq!(msg, "AWS_ACCESS_KEY_ID not set");
            },
            other => panic!("expected Auth error, got {other:?}"),
        }
    }
}