From 380e79c6dcb4d7e231759a6048f7c4972d41453e Mon Sep 17 00:00:00 2001 From: Sapin Bajracharya Date: Mon, 13 Apr 2026 16:13:36 +0545 Subject: [PATCH] feat: add S3 IRSA table store backed --- bin/mosaic/src/config.rs | 74 +++++++++++++++++++++++++--------------- bin/mosaic/src/main.rs | 13 +++++++ 2 files changed, 59 insertions(+), 28 deletions(-) diff --git a/bin/mosaic/src/config.rs b/bin/mosaic/src/config.rs index c2ce2439..28b82294 100644 --- a/bin/mosaic/src/config.rs +++ b/bin/mosaic/src/config.rs @@ -143,36 +143,47 @@ impl MosaicConfig { ); } - if let TableStoreBackend::S3Compatible { - bucket, - region, - endpoint, - access_key_id, - secret_access_key, - .. - } = &self.table_store.backend - { - if bucket.is_empty() { - bail!("table_store.bucket must not be empty"); + match &self.table_store.backend { + TableStoreBackend::S3Compatible { + bucket, + region, + endpoint, + access_key_id, + secret_access_key, + .. + } => { + if bucket.is_empty() { + bail!("table_store.bucket must not be empty"); + } + + if region.is_empty() { + bail!("table_store.region must not be empty"); + } + + if access_key_id.is_empty() { + bail!("table_store.access_key_id must not be empty"); + } + + if secret_access_key.is_empty() { + bail!("table_store.secret_access_key must not be empty"); + } + + if let Some(endpoint) = endpoint + && endpoint.is_empty() + { + bail!("table_store.endpoint must not be empty when provided"); + } } - - if region.is_empty() { - bail!("table_store.region must not be empty"); - } - - if access_key_id.is_empty() { - bail!("table_store.access_key_id must not be empty"); - } - - if secret_access_key.is_empty() { - bail!("table_store.secret_access_key must not be empty"); - } - - if let Some(endpoint) = endpoint - && endpoint.is_empty() - { - bail!("table_store.endpoint must not be empty when provided"); + TableStoreBackend::S3Irsa { bucket, region, .. } => { + if bucket.is_empty() { + bail!("table_store.bucket must not be empty"); + } + + if region.is_empty() { + bail!("table_store.region must not be empty"); + } } + _ => {} } Ok(()) @@ -281,6 +292,13 @@ pub(crate) enum TableStoreBackend { #[serde(default)] virtual_hosted_style_request: bool, }, + /// Uses the default AWS credential chain (env vars, IRSA web identity token, + /// instance profile). No static credentials required. + S3Irsa { + bucket: String, + region: String, + prefix: String, + }, } #[derive(Debug, Clone, Deserialize)] diff --git a/bin/mosaic/src/main.rs b/bin/mosaic/src/main.rs index 6a5a55bf..f796319f 100644 --- a/bin/mosaic/src/main.rs +++ b/bin/mosaic/src/main.rs @@ -154,6 +154,19 @@ where let store = S3TableStore::new(Arc::new(s3) as Arc, prefix); run_with_components(config, storage, store, net_client, net_controller).await } + TableStoreBackend::S3Irsa { + bucket, + region, + prefix, + } => { + let s3 = AmazonS3Builder::new() + .with_bucket_name(bucket) + .with_region(region) + .build() + .context("failed to initialize s3 table store with IRSA credentials")?; + let store = S3TableStore::new(Arc::new(s3) as Arc, prefix); + run_with_components(config, storage, store, net_client, net_controller).await + } } }