feat: added unauthenticated version of gcs object store (#916)

Adding unauthenticated version of GCS object store. It's needed for EN to be able to download snapshots from our GCS
matter-labs · Jan 24, 2024 · 638a813 · 638a813
1 parent f833b6c
commit 638a813
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 17 deletions.
diff --git a/core/lib/config/src/configs/object_store.rs b/core/lib/config/src/configs/object_store.rs
@@ -5,6 +5,7 @@ pub enum ObjectStoreMode {
     GCS,
     GCSWithCredentialFile,
     FileBacked,
+    GCSAnonymousReadOnly,
 }
 
 /// Configuration for the object store

diff --git a/core/lib/object_store/src/gcs.rs b/core/lib/object_store/src/gcs.rs
@@ -63,17 +63,22 @@ impl fmt::Debug for GoogleCloudStorage {
     }
 }
 
+#[derive(Debug, Clone)]
+pub enum GoogleCloudStorageAuthMode {
+    AuthenticatedWithCredentialFile(String),
+    Authenticated,
+    Anonymous,
+}
+
 impl GoogleCloudStorage {
     pub async fn new(
-        credential_file_path: Option<String>,
+        auth_mode: GoogleCloudStorageAuthMode,
         bucket_prefix: String,
         max_retries: u16,
     ) -> Self {
-        let client_config = retry(max_retries, || {
-            Self::get_client_config(credential_file_path.clone())
-        })
-        .await
-        .expect("failed fetching GCS client config after retries");
+        let client_config = retry(max_retries, || Self::get_client_config(auth_mode.clone()))
+            .await
+            .expect("failed fetching GCS client config after retries");
 
         Self {
             client: Client::new(client_config),
@@ -83,15 +88,17 @@ impl GoogleCloudStorage {
     }
 
     async fn get_client_config(
-        credential_file_path: Option<String>,
+        auth_mode: GoogleCloudStorageAuthMode,
     ) -> Result<ClientConfig, Error> {
-        if let Some(path) = credential_file_path {
-            let cred_file = CredentialsFile::new_from_file(path)
-                .await
-                .expect("failed loading GCS credential file");
-            ClientConfig::default().with_credentials(cred_file).await
-        } else {
-            ClientConfig::default().with_auth().await
+        match auth_mode {
+            GoogleCloudStorageAuthMode::AuthenticatedWithCredentialFile(path) => {
+                let cred_file = CredentialsFile::new_from_file(path)
+                    .await
+                    .expect("failed loading GCS credential file");
+                ClientConfig::default().with_credentials(cred_file).await
+            }
+            GoogleCloudStorageAuthMode::Authenticated => ClientConfig::default().with_auth().await,
+            GoogleCloudStorageAuthMode::Anonymous => Ok(ClientConfig::default().anonymous()),
         }
     }
 

diff --git a/core/lib/object_store/src/raw.rs b/core/lib/object_store/src/raw.rs
@@ -3,7 +3,11 @@ use std::{error, fmt, sync::Arc};
 use async_trait::async_trait;
 use zksync_config::configs::object_store::{ObjectStoreConfig, ObjectStoreMode};
 
-use crate::{file::FileBackedObjectStore, gcs::GoogleCloudStorage, mock::MockStore};
+use crate::{
+    file::FileBackedObjectStore,
+    gcs::{GoogleCloudStorage, GoogleCloudStorageAuthMode},
+    mock::MockStore,
+};
 
 /// Bucket for [`ObjectStore`] in which objects can be placed.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
@@ -196,7 +200,7 @@ impl ObjectStoreFactory {
                     "Initialized GoogleCloudStorage Object store without credential file"
                 );
                 let store = GoogleCloudStorage::new(
-                    gcs_credential_file_path,
+                    GoogleCloudStorageAuthMode::Authenticated,
                     config.bucket_base_url.clone(),
                     config.max_retries,
                 )
@@ -206,7 +210,10 @@ impl ObjectStoreFactory {
             ObjectStoreMode::GCSWithCredentialFile => {
                 tracing::trace!("Initialized GoogleCloudStorage Object store with credential file");
                 let store = GoogleCloudStorage::new(
-                    gcs_credential_file_path,
+                    GoogleCloudStorageAuthMode::AuthenticatedWithCredentialFile(
+                        gcs_credential_file_path
+                            .expect("Credentials path must be provided for GCSWithCredentialFile"),
+                    ),
                     config.bucket_base_url.clone(),
                     config.max_retries,
                 )
@@ -218,6 +225,16 @@ impl ObjectStoreFactory {
                 let store = FileBackedObjectStore::new(config.file_backed_base_path.clone()).await;
                 Arc::new(store)
             }
+            ObjectStoreMode::GCSAnonymousReadOnly => {
+                tracing::trace!("Initialized GoogleCloudStoragePublicReadOnly store");
+                let store = GoogleCloudStorage::new(
+                    GoogleCloudStorageAuthMode::Anonymous,
+                    config.bucket_base_url.clone(),
+                    config.max_retries,
+                )
+                .await;
+                Arc::new(store)
+            }
         }
     }
 }