Add support for S3 compatible storage

[gyakami]

Description

This PR enables support for S3-compatible storage services other than AWS S3.

Changes

Extended the implementation to allow configuring:

• Custom endpoints
• Custom CA certificates
• Checksum validation

Backward Compatibility: This change does not affect existing AWS S3 configurations. The default settings maintain the original behavior.

Contribution Checklist:

• The pull request does not introduce any breaking changes
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Attach Screenshots (Optional)

[gemini-code-assist]

Summary of Changes

Hello @gyakami, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the flexibility of Athenz's S3 integration by enabling support for generic S3-compatible storage solutions. It achieves this by introducing configurable options for custom endpoints, custom CA certificates for secure connections, and optional checksum validation for data integrity. These additions broaden the deployment possibilities for Athenz components that rely on S3 for storage, without impacting existing AWS S3 setups.

Highlights

• S3-Compatible Endpoint Configuration: Introduced the ability to configure a custom S3 endpoint URL, allowing the use of S3-compatible storage services beyond AWS S3. This is managed via the athenz.zts.aws_s3_endpoint system property for S3ChangeLogStore and aws_s3_endpoint config parameter for S3ClientFactory.
• Custom CA Certificate Support: Added support for providing custom CA certificates for TLS verification when connecting to S3-compatible endpoints. This is configured using the athenz.zts.aws_s3_ca_cert system property for S3ChangeLogStore and aws_s3_ca_cert config parameter for S3ClientFactory.
• Checksum Validation for S3 Operations: Implemented an option to enable request and response checksum validation for S3 operations in S3ClientFactory, configurable via the aws_s3_use_checksum_validation_when_required parameter. This enhances data integrity checks.
• Backward Compatibility: The changes are designed to be backward compatible, ensuring that existing AWS S3 configurations continue to function without modification.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces support for S3-compatible storage by enabling custom endpoints and CA certificates, along with an option for checksum validation. The changes are well-implemented across S3ChangeLogStore and S3ClientFactory, with corresponding configuration updates and tests. My review focuses on improving maintainability by reducing code duplication and enhancing exception handling for better robustness.

[gemini-code-assist]

This block of code for handling custom CA certificates is nearly identical to the one in S3ClientFactory.java. To improve maintainability and reduce code duplication, consider extracting this logic into a shared utility method. This method could take the caCertPath and return a configured TlsTrustManagersProvider or directly configure an ApacheHttpClient.Builder.

[gemini-code-assist]

This logic for handling custom CA certificates is duplicated in S3ChangeLogStore.java. To avoid code duplication and improve maintainability, this logic should be extracted into a common utility method.

[gemini-code-assist]

The three new tests for checksum validation (testGetS3ClientWithChecksumValidationEnabled, testGetS3ClientWithChecksumValidationDisabled, testGetS3ClientWithChecksumValidationNotConfigured) contain a lot of duplicated code for setting up system properties and mocks. This can be refactored into a private helper method to reduce duplication and improve test readability and maintainability. The helper method could take the checksum configuration value and a Consumer<S3ClientBuilder> for verification logic as parameters.