diff --git a/core/lib/config/src/configs/object_store.rs b/core/lib/config/src/configs/object_store.rs index 5524b6ade25..4cf5553d639 100644 --- a/core/lib/config/src/configs/object_store.rs +++ b/core/lib/config/src/configs/object_store.rs @@ -5,6 +5,7 @@ pub enum ObjectStoreMode { GCS, GCSWithCredentialFile, FileBacked, + GCSAnonymousReadOnly, } /// Configuration for the object store diff --git a/core/lib/object_store/src/gcs.rs b/core/lib/object_store/src/gcs.rs index 93ee39fdef2..d2650a48ea5 100644 --- a/core/lib/object_store/src/gcs.rs +++ b/core/lib/object_store/src/gcs.rs @@ -63,17 +63,22 @@ impl fmt::Debug for GoogleCloudStorage { } } +#[derive(Debug, Clone)] +pub enum GoogleCloudStorageAuthMode { + AuthenticatedWithCredentialFile(String), + Authenticated, + Anonymous, +} + impl GoogleCloudStorage { pub async fn new( - credential_file_path: Option, + auth_mode: GoogleCloudStorageAuthMode, bucket_prefix: String, max_retries: u16, ) -> Self { - let client_config = retry(max_retries, || { - Self::get_client_config(credential_file_path.clone()) - }) - .await - .expect("failed fetching GCS client config after retries"); + let client_config = retry(max_retries, || Self::get_client_config(auth_mode.clone())) + .await + .expect("failed fetching GCS client config after retries"); Self { client: Client::new(client_config), @@ -83,15 +88,17 @@ impl GoogleCloudStorage { } async fn get_client_config( - credential_file_path: Option, + auth_mode: GoogleCloudStorageAuthMode, ) -> Result { - if let Some(path) = credential_file_path { - let cred_file = CredentialsFile::new_from_file(path) - .await - .expect("failed loading GCS credential file"); - ClientConfig::default().with_credentials(cred_file).await - } else { - ClientConfig::default().with_auth().await + match auth_mode { + GoogleCloudStorageAuthMode::AuthenticatedWithCredentialFile(path) => { + let cred_file = CredentialsFile::new_from_file(path) + .await + .expect("failed loading GCS credential file"); + ClientConfig::default().with_credentials(cred_file).await + } + GoogleCloudStorageAuthMode::Authenticated => ClientConfig::default().with_auth().await, + GoogleCloudStorageAuthMode::Anonymous => Ok(ClientConfig::default().anonymous()), } } diff --git a/core/lib/object_store/src/raw.rs b/core/lib/object_store/src/raw.rs index 764809764da..61340343c73 100644 --- a/core/lib/object_store/src/raw.rs +++ b/core/lib/object_store/src/raw.rs @@ -3,7 +3,11 @@ use std::{error, fmt, sync::Arc}; use async_trait::async_trait; use zksync_config::configs::object_store::{ObjectStoreConfig, ObjectStoreMode}; -use crate::{file::FileBackedObjectStore, gcs::GoogleCloudStorage, mock::MockStore}; +use crate::{ + file::FileBackedObjectStore, + gcs::{GoogleCloudStorage, GoogleCloudStorageAuthMode}, + mock::MockStore, +}; /// Bucket for [`ObjectStore`] in which objects can be placed. #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] @@ -196,7 +200,7 @@ impl ObjectStoreFactory { "Initialized GoogleCloudStorage Object store without credential file" ); let store = GoogleCloudStorage::new( - gcs_credential_file_path, + GoogleCloudStorageAuthMode::Authenticated, config.bucket_base_url.clone(), config.max_retries, ) @@ -206,7 +210,10 @@ impl ObjectStoreFactory { ObjectStoreMode::GCSWithCredentialFile => { tracing::trace!("Initialized GoogleCloudStorage Object store with credential file"); let store = GoogleCloudStorage::new( - gcs_credential_file_path, + GoogleCloudStorageAuthMode::AuthenticatedWithCredentialFile( + gcs_credential_file_path + .expect("Credentials path must be provided for GCSWithCredentialFile"), + ), config.bucket_base_url.clone(), config.max_retries, ) @@ -218,6 +225,16 @@ impl ObjectStoreFactory { let store = FileBackedObjectStore::new(config.file_backed_base_path.clone()).await; Arc::new(store) } + ObjectStoreMode::GCSAnonymousReadOnly => { + tracing::trace!("Initialized GoogleCloudStoragePublicReadOnly store"); + let store = GoogleCloudStorage::new( + GoogleCloudStorageAuthMode::Anonymous, + config.bucket_base_url.clone(), + config.max_retries, + ) + .await; + Arc::new(store) + } } } }