xtax-blob-storage 0.1.2

Application-level blob storage abstraction with filesystem/S3 backends, optional encryption, rekey, cleanup, and background maintenance.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

use std::fmt;

/// Categorised error for a single key in a batch operation.
#[derive(Debug, Clone)]
pub enum PerKeyError {
    /// The key was not found.
    ///
    /// Idempotent — on delete this is NOT an error (the key is treated as
    /// successfully processed). On get / get_with_metadata the backend
    /// returns `BlobStorageError::NotFound` directly.
    NotFound,

    /// The operation failed due to insufficient permissions.
    PermissionDenied(String),

    /// Any other unexpected error. The `message` contains the original error
    /// description.
    Unknown { message: String },
}

impl fmt::Display for PerKeyError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            PerKeyError::NotFound => write!(f, "not found"),
            PerKeyError::PermissionDenied(msg) => write!(f, "permission denied: {msg}"),
            PerKeyError::Unknown { message } => write!(f, "unknown: {message}"),
        }
    }
}

/// A single failed key in a batch operation, with its categorised error.
#[derive(Debug, Clone)]
pub struct KeyError {
    /// The blob key that failed.
    pub key: String,
    /// The categorised error.
    pub error: PerKeyError,
}

/// Batch error — returned when at least one key in a batch operation failed.
///
/// Contains **all** keys that succeeded and those that failed.
/// The caller can programmatically decide what to do next (e.g. retry failed keys).
#[derive(Debug, Clone)]
pub struct BatchError {
    /// Keys that were processed successfully (including `NotFound` on delete).
    pub succeeded: Vec<String>,
    /// Keys that failed, with per-key error details.
    pub errors: Vec<KeyError>,
}

impl BatchError {
    /// Total number of keys processed.
    pub fn total_count(&self) -> usize {
        self.succeeded.len() + self.errors.len()
    }

    /// Number of keys that failed.
    pub fn failed_count(&self) -> usize {
        self.errors.len()
    }
}

impl fmt::Display for BatchError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "batch operation failed: {} keys failed ({} succeeded, {} total)",
            self.failed_count(),
            self.succeeded.len(),
            self.total_count(),
        )
    }
}

impl std::error::Error for BatchError {}

/// Blob storage error.
#[derive(Debug, thiserror::Error)]
pub enum BlobStorageError {
    /// The requested blob was not found.
    #[error("blob not found: {0}")]
    NotFound(String),

    /// A blob with this key already exists.
    #[error("blob already exists: {0}")]
    AlreadyExists(String),

    /// The operation is not supported by this backend.
    #[error("operation not supported: {0}")]
    NotSupported(String),

    /// The backend is misconfigured — for example, the S3 bucket does not
    /// exist, or the FS root directory has been deleted.
    ///
    /// This is distinct from [`Storage`](Self::Storage) errors: it indicates
    /// a backend configuration problem, not a transient storage failure.
    #[error("backend misconfigured: {0}")]
    BackendMisconfigured(String),

    /// The provided input is invalid (empty key, path traversal, etc.).
    #[error("invalid input: {0}")]
    InvalidInput(String),

    /// Backend storage error. The inner `String` provides context;
    /// the optional `source` carries the underlying cause.
    #[error("storage error: {message}")]
    Storage {
        message: String,
        #[source]
        source: Option<Box<dyn std::error::Error + Send + Sync + 'static>>,
    },

    /// Encryption-layer error.
    #[error("encryption error: {message}")]
    Encryption {
        message: String,
        #[source]
        source: Option<Box<dyn std::error::Error + Send + Sync + 'static>>,
    },

    /// The caller does not have permission to perform this operation.
    #[error("permission denied: {0}")]
    PermissionDenied(String),

    /// Batch operation partially failed.
    /// Contains details about which keys succeeded and which failed.
    #[error("batch error: {0}")]
    Batch(#[from] BatchError),
}

pub type Result<T> = std::result::Result<T, BlobStorageError>;

impl From<std::io::Error> for BlobStorageError {
    fn from(e: std::io::Error) -> Self {
        Self::Storage {
            message: "I/O error".to_string(),
            source: Some(Box::new(e)),
        }
    }
}

impl From<String> for BlobStorageError {
    fn from(msg: String) -> Self {
        Self::Storage {
            message: msg,
            source: None,
        }
    }
}

impl From<&str> for BlobStorageError {
    fn from(msg: &str) -> Self {
        Self::Storage {
            message: msg.to_string(),
            source: None,
        }
    }
}

impl From<xtax_encryption::EncryptionError> for BlobStorageError {
    fn from(e: xtax_encryption::EncryptionError) -> Self {
        Self::Encryption {
            message: e.to_string(),
            source: Some(Box::new(e)),
        }
    }
}