Access other object stores via the S3 API
Clone or download
Pull request Compare This branch is 406 commits behind gaul:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
s3-tests @ 04e6c8e
src
.gitignore
.gitmodules
.travis.yml
LICENSE
README.md
pom.xml

README.md

S3Proxy

S3Proxy allows applications using the S3 API to access other object stores, e.g., EMC Atmos, Google Cloud Storage, Microsoft Azure, OpenStack Swift. It also allows local testing of S3 without the cost or latency associated with using AWS. Finally users can extend S3Proxy with custom middlewares, e.g., caching, encryption, tiering.

Features

  • create, remove, and list buckets (including user-specified regions)
  • put, get, delete, and list objects
  • multi-part uploads (emulated operation, see #2)
  • copy objects (emulated operation, see #46)
  • delete multiple objects
  • store and retrieve object metadata, including user metadata
  • set and get canned bucket and object ACLs (private and public-read only)
  • authorization via AWS signature v2 (including pre-signed URLs) or anonymous access
  • listen on HTTP or HTTPS

Supported object stores:

  • atmos
  • aws-s3
  • azureblob
  • filesystem (on-disk storage)
  • google-cloud-storage
  • hpcloud-objectstorage
  • openstack-swift
  • rackspace-cloudfiles-uk and rackspace-cloudfiles-us
  • s3
  • swift and swift-keystone (legacy)
  • transient (in-memory storage)

Installation

Users can download releases from GitHub. One can also build the project by running mvn package which produces a binary at target/s3proxy. S3Proxy requires Java 7 to run.

Examples

Linux and Mac OS X users can run S3Proxy via the executable jar:

chmod +x s3proxy
s3proxy --properties s3proxy.conf

Windows users must explicitly invoke java:

java -jar s3proxy --properties s3proxy.conf

Users can configure S3Proxy via a properties file. An example using Rackspace CloudFiles (based on OpenStack Swift) as the backing store:

s3proxy.endpoint=http://127.0.0.1:8080
s3proxy.authorization=aws-v2
s3proxy.identity=local-identity
s3proxy.credential=local-credential
jclouds.provider=rackspace-cloudfiles-us
jclouds.identity=remote-identity
jclouds.credential=remote-credential

Another example using the local file system as the backing store with anonymous access:

s3proxy.authorization=none
s3proxy.endpoint=http://127.0.0.1:8080
jclouds.provider=filesystem
jclouds.identity=identity
jclouds.credential=credential
jclouds.filesystem.basedir=/tmp

S3Proxy can listen on HTTPS by setting the secure-endpoint and configuring a keystore. An example:

s3proxy.secure-endpoint=https://127.0.0.1:8080
s3proxy.keystore-path=keystore.jks
s3proxy.keystore-password=password

To setup the keystore, do

$ keytool -keystore keystore.jks -alias aws -genkey -keyalg RSA

Use *.s3.amazonaws.com as the CN if you wish to proxy access to Amazon S3 itself. Applications will reject the self-signed certificate, unless you import it to the application's trusted store. If the application is written in Java, you can do:

$ keytool -exportcert -keystore keystore.jks -alias aws -rfc > aws.crt
$ keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -import -alias aws -file aws.crt -trustcacerts

Users can also set other Java, jclouds, and S3Proxy properties.

Limitations

S3Proxy does not support:

  • POST uploads
  • object metadata with filesystem provider on Mac OS X (OpenJDK issue)
  • object server-side encryption
  • object versioning
  • XML ACLs

References

  • Apache jclouds provides object store support for S3Proxy
  • Ceph s3-tests help maintain and improve compatibility with the S3 API
  • fake-s3 provides functionality similar to S3Proxy when using the filesystem provider
  • Another project named s3proxy provides HTTP access to non-S3-aware applications
  • SwiftProxy provides similar functionality for the OpenStack Swift API

License

Copyright (C) 2014-2015 Andrew Gaul

Licensed under the Apache License, Version 2.0