Abstract persistent files through Apache OpenDAL #5626
Conversation
|
On the same topic, I recommend https://github.com/lusingander/stu as a simple CLI tool to visualize the uploaded files |
can they all be S3 ? |
|
No, they can’t all be abstracted through opendal, nor should they be. You don’t want your entire sqlite db to be streamed back and forth to s3 on every record change, for example. One could also imagine tmp files could go through opendal, but it doesn’t make sense to do so even if it’s possible. |
Okay, but TEMPLATES_FOLDER can be in s3 ? |
|
I believe they are for customizing email and/or admin page html using handlebars. I had two thoughts on them:
|
txase
force-pushed
the
opendal
branch
2 times, most recently
from
6b18a84 to
e6204d9
Compare
|
I fixed all the GHA check issues so they pass. No material changes were made. |
Might want to install |
| @@ -82,6 +82,12 @@ impl Fairing for AppHeaders { | |||
| // 2FA/MFA Site check: api.2fa.directory | |||
| // # Mail Relay: https://bitwarden.com/blog/add-privacy-and-security-using-email-aliases-with-bitwarden/ | |||
| // app.simplelogin.io, app.addy.io, api.fastmail.com, quack.duckduckgo.com | |||
|
|
|||
| #[cfg(s3)] | |||
| let s3_connect_src = "https://*.amazonaws.com"; | |||
There was a problem hiding this comment.
this should be configurable, not all S3 use AWS
there is MinIO or Garage as examples
There was a problem hiding this comment.
We could remove this and instruct users to add their service's specific url via ALLOWED_CONNECT_SRC?
There was a problem hiding this comment.
yes, less specific code could be better
This PR represents the first set of attempting to incorporate the changes from the AWS Serverless POC in #5591 and contains two commits:
s3feature flagThe first commit looks quite large at first glance, but many changes simply make all file accesses asynchronous and fallible by returning
Resulttypes. I think the key changes worth reviewing are:initialize_keys()as needed for OpenDAL access of private key fileCONFIGis still a synchronousLazytype, but we have to calculate it from async methods. I shoehorned a tiny tokio async thread that runs to completion to calculate the value. The alternative of patching every use ofCONFIGto be async, for no runtime benefit, seemed not worth doing.opendal_operator_for_path()and the abstractedCONFIG.opendal_operator_for_path_type()methods for the core of how operators are managed for various paths.save_temp_file()that abstracts the saving of TempFiles that Rocket creates when files are uploadedThe second commit is much smaller and more straightforward. The only thing worth pointing out is that OpenDAL uses reqsign under the covers to configure AWS credentials. However, AWS SDK configs have repeatedly been extended for better credential generation. For example, I use AWS Identity Center (aka AWS SSO) to generate temporary access tokens in my dev environment. reqsign doesn't support AWS SSO configs, but it has an escape hatch I utilized to load credentials. In the escape hatch I load the official AWS SDK config and credential generation crates to generate credentials. The one annoying part of the escape hatch is that reqsign's AwsCredentialLoad trait uses
anyhow::Result, so we have to pull in anyhow just for this escape hatch :(.Trying it out
These changes should be a behavioral no-op for existing use cases. The one minor change is the attachments, icon_cache, and sends folders aren't created at startup as OpenDAL FS service creates them when the first Operator is instantiated for each.
To try out the new S3 changes:
s3feature turned onAWS_PROFILEandAWS_REGIONalong with standard AWS configs like~/.aws/config)DATA_FOLDER->s3://<bucket in the matching AWS region>[/<optional path prefix>]TMP_FOLDER->data/tmp(or your preference, but must be set to a local path)TEMPLATES_FOLDER->data/templates(or your preference, but must be set to a local path)DATABASE_URL->data/db.sqlite3(or your preference, but must be set to a valid value)