Skip to main content

lance_namespace_impls/
lib.rs

1// SPDX-License-Identifier: Apache-2.0
2// SPDX-FileCopyrightText: Copyright The Lance Authors
3
4//! Lance Namespace implementations.
5//!
6//! This crate provides various implementations of the Lance Namespace trait.
7//!
8//! ## Features
9//!
10//! - `rest`: REST API-based namespace implementation
11//! - `rest-adapter`: REST server adapter that exposes any namespace via HTTP
12//! - `dir-aws`, `dir-azure`, `dir-gcp`, `dir-oss`: Cloud storage backend support for directory namespace (via lance-io)
13//! - `credential-vendor-aws`, `credential-vendor-gcp`, `credential-vendor-azure`: Credential vending for cloud storage
14//!
15//! ## Implementations
16//!
17//! - `DirectoryNamespace`: Directory-based implementation (always available)
18//! - `RestNamespace`: REST API-based implementation (requires `rest` feature)
19//!
20//! ## Credential Vending
21//!
22//! The `credentials` module provides temporary credential vending for cloud storage:
23//! - AWS: STS AssumeRole with scoped IAM policies (requires `credential-vendor-aws` feature)
24//! - GCP: OAuth2 tokens with access boundaries (requires `credential-vendor-gcp` feature)
25//! - Azure: SAS tokens with user delegation keys (requires `credential-vendor-azure` feature)
26//!
27//! The credential vendor is automatically selected based on the table location URI scheme:
28//! - `s3://` for AWS
29//! - `gs://` for GCP
30//! - `az://` for Azure
31//!
32//! Configuration properties (prefixed with `credential_vendor.`, prefix is stripped):
33//!
34//! ```text
35//! # Required to enable credential vending
36//! credential_vendor.enabled = "true"
37//!
38//! # Common properties (apply to all providers)
39//! credential_vendor.permission = "read"          # read, write, or admin (default: read)
40//!
41//! # AWS-specific properties (for s3:// locations)
42//! credential_vendor.aws_role_arn = "arn:aws:iam::123456789012:role/MyRole"  # required for AWS
43//! credential_vendor.aws_duration_millis = "3600000"  # 1 hour (default, range: 15min-12hrs)
44//!
45//! # GCP-specific properties (for gs:// locations)
46//! # Note: GCP uses ADC; set GOOGLE_APPLICATION_CREDENTIALS env var for service account key
47//! # Note: GCP token duration cannot be configured; it's determined by the STS endpoint
48//! credential_vendor.gcp_service_account = "my-sa@project.iam.gserviceaccount.com"
49//!
50//! # Azure-specific properties (for az:// locations)
51//! credential_vendor.azure_account_name = "mystorageaccount"  # required for Azure
52//! credential_vendor.azure_tenant_id = "my-tenant-id"
53//! credential_vendor.azure_duration_millis = "3600000"  # 1 hour (default, up to 7 days)
54//! ```
55//!
56//! ## Usage
57//!
58//! The recommended way to connect to a namespace is using [`ConnectBuilder`]:
59//!
60//! ```no_run
61//! # use lance_namespace_impls::ConnectBuilder;
62//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
63//! let namespace = ConnectBuilder::new("dir")
64//!     .property("root", "/path/to/data")
65//!     .connect()
66//!     .await?;
67//! # Ok(())
68//! # }
69//! ```
70
71pub mod connect;
72pub mod context;
73pub mod credentials;
74pub mod dir;
75
76#[cfg(feature = "rest")]
77pub mod rest;
78
79#[cfg(feature = "rest-adapter")]
80pub mod rest_adapter;
81
82// Re-export connect builder
83pub use connect::ConnectBuilder;
84pub use context::{DynamicContextProvider, OperationInfo};
85pub use dir::{manifest::ManifestNamespace, DirectoryNamespace, DirectoryNamespaceBuilder};
86
87// Re-export credential vending
88pub use credentials::{
89    create_credential_vendor_for_location, detect_provider_from_uri, has_credential_vendor_config,
90    redact_credential, CredentialVendor, VendedCredentials, DEFAULT_CREDENTIAL_DURATION_MILLIS,
91};
92
93#[cfg(feature = "credential-vendor-aws")]
94pub use credentials::aws::{AwsCredentialVendor, AwsCredentialVendorConfig};
95#[cfg(feature = "credential-vendor-aws")]
96pub use credentials::aws_props;
97
98#[cfg(feature = "credential-vendor-gcp")]
99pub use credentials::gcp::{GcpCredentialVendor, GcpCredentialVendorConfig};
100#[cfg(feature = "credential-vendor-gcp")]
101pub use credentials::gcp_props;
102
103#[cfg(feature = "credential-vendor-azure")]
104pub use credentials::azure::{AzureCredentialVendor, AzureCredentialVendorConfig};
105#[cfg(feature = "credential-vendor-azure")]
106pub use credentials::azure_props;
107
108#[cfg(feature = "rest")]
109pub use rest::{RestNamespace, RestNamespaceBuilder};
110
111#[cfg(feature = "rest-adapter")]
112pub use rest_adapter::{RestAdapter, RestAdapterConfig, RestAdapterHandle};