[pbs-devel] [PATCH proxmox-backup v4 07/45] s3 client: add dedicated type for s3 object keys

Christian Ebner c.ebner at proxmox.com
Mon Jun 23 11:40:28 CEST 2025 

S3 objects are uniquely identified within a bucket by their object
key [0].

Implements conversion and utility traits to easily convert and encode
a string or a chunk digest as corresponding object key for the S3
storage backend. Adds type checking for s3 client operations requiring
an object key.

[0] https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 pbs-s3-client/Cargo.toml        |  1 +
 pbs-s3-client/src/lib.rs        |  4 +-
 pbs-s3-client/src/object_key.rs | 99 +++++++++++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 pbs-s3-client/src/object_key.rs

diff --git a/pbs-s3-client/Cargo.toml b/pbs-s3-client/Cargo.toml
index 9f32535e9..146fde84e 100644
--- a/pbs-s3-client/Cargo.toml
+++ b/pbs-s3-client/Cargo.toml
@@ -13,6 +13,7 @@ http-body-util.workspace = true
 hyper-util = { workspace = true, features = ["client-legacy", "tokio", "http1"] }
 hyper.workspace = true
 openssl.workspace = true
+serde.workspace = true
 tracing.workspace = true
 url.workspace = true
 
diff --git a/pbs-s3-client/src/lib.rs b/pbs-s3-client/src/lib.rs
index b9bd0d03d..14f86bf88 100644
--- a/pbs-s3-client/src/lib.rs
+++ b/pbs-s3-client/src/lib.rs
@@ -1,4 +1,6 @@
 mod aws_sign_v4;
 pub use aws_sign_v4::uri_decode;
 mod client;
-pub use client::{S3Client, S3ClientOptions};
+pub use client::{S3Client, S3ClientOptions, S3PathPrefix};
+mod object_key;
+pub use object_key::{S3ObjectKey, S3_CONTENT_PREFIX};
diff --git a/pbs-s3-client/src/object_key.rs b/pbs-s3-client/src/object_key.rs
new file mode 100644
index 000000000..9f692d271
--- /dev/null
+++ b/pbs-s3-client/src/object_key.rs
@@ -0,0 +1,99 @@
+use anyhow::Error;
+
+use crate::aws_sign_v4::aws_sign_v4_uri_encode;
+
+pub const S3_CONTENT_PREFIX: &str = ".cnt";
+
+#[derive(Clone, Debug)]
+pub struct S3ObjectKey {
+    object_key: String,
+}
+
+#[derive(Clone, Debug)]
+pub struct RelS3ObjectKey {
+    rel_object_key: String,
+}
+
+// All regular keys (non-digests) get prefixed by a `/.cnt`, so that
+// content listing without all the chunks can be done by that prefix.
+impl core::convert::From<&str> for RelS3ObjectKey {
+    fn from(s: &str) -> Self {
+        let s = s.strip_prefix("/").unwrap_or(s);
+        let rel_object_key = format!(
+            "{S3_CONTENT_PREFIX}/{encoded_key}",
+            encoded_key = aws_sign_v4_uri_encode(s, true),
+        );
+
+        Self { rel_object_key }
+    }
+}
+
+impl core::convert::From<&[u8; 32]> for RelS3ObjectKey {
+    fn from(digest: &[u8; 32]) -> Self {
+        // Use the same layout as on regular PBS datastores, including the 4 hex digit digest prefix
+        let object_key = hex::encode(digest);
+        let digest_prefix = &object_key[..4];
+        Self {
+            rel_object_key: format!(".chunks/{digest_prefix}/{object_key}"),
+        }
+    }
+}
+
+impl core::convert::From<[u8; 32]> for RelS3ObjectKey {
+    fn from(digest: [u8; 32]) -> Self {
+        Self::from(&digest)
+    }
+}
+
+impl RelS3ObjectKey {
+    pub fn to_full_key(&self, prefix: &str) -> S3ObjectKey {
+        S3ObjectKey {
+            object_key: format!("{prefix}/{}", self.rel_object_key),
+        }
+    }
+}
+
+impl std::ops::Deref for RelS3ObjectKey {
+    type Target = str;
+
+    fn deref(&self) -> &Self::Target {
+        &self.rel_object_key
+    }
+}
+
+impl std::ops::Deref for S3ObjectKey {
+    type Target = str;
+
+    fn deref(&self) -> &Self::Target {
+        &self.object_key
+    }
+}
+
+impl std::fmt::Display for S3ObjectKey {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.object_key)
+    }
+}
+
+impl std::str::FromStr for S3ObjectKey {
+    type Err = Error;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(Self {
+            object_key: s.to_string(),
+        })
+    }
+}
+
+proxmox_serde::forward_serialize_to_display!(S3ObjectKey);
+
+// Do not mangle with prefixes when de-serializing
+impl<'de> serde::Deserialize<'de> for S3ObjectKey {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        let object_key = std::borrow::Cow::<'de, str>::deserialize(deserializer)?.to_string();
+        Ok(Self { object_key })
+    }
+}
-- 
2.47.2

More information about the pbs-devel mailing list