Support S3-compatible credentials for pds blobstore (#1787)

* support s3 credentials for pds blobstore

* tidy

packages/pds/src/config/config.ts

@@ -54,15 +54,23 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     throw new Error('Cannot set both S3 and disk blobstore env vars')
   }
   if (env.blobstoreS3Bucket) {
-    blobstoreCfg = { provider: 's3', bucket: env.blobstoreS3Bucket }
-    if (env.blobstoreS3Region) {
-      blobstoreCfg.region = env.blobstoreS3Region
-    }
-    if (env.blobstoreS3Endpoint) {
-      blobstoreCfg.endpoint = env.blobstoreS3Endpoint
+    blobstoreCfg = {
+      provider: 's3',
+      bucket: env.blobstoreS3Bucket,
+      region: env.blobstoreS3Region,
+      endpoint: env.blobstoreS3Endpoint,
+      forcePathStyle: env.blobstoreS3ForcePathStyle,
     }
-    if (env.blobstoreS3ForcePathStyle !== undefined) {
-      blobstoreCfg.forcePathStyle = env.blobstoreS3ForcePathStyle
+    if (env.blobstoreS3AccessKeyId || env.blobstoreS3SecretAccessKey) {
+      if (!env.blobstoreS3AccessKeyId || !env.blobstoreS3SecretAccessKey) {
+        throw new Error(
+          'Must specify both S3 access key id and secret access key blobstore env vars',
+        )
+      }
+      blobstoreCfg.credentials = {
+        accessKeyId: env.blobstoreS3AccessKeyId,
+        secretAccessKey: env.blobstoreS3SecretAccessKey,
+      }
     }
   } else if (env.blobstoreDiskLocation) {
     blobstoreCfg = {
@@ -250,6 +258,10 @@ export type S3BlobstoreConfig = {
   region?: string
   endpoint?: string
   forcePathStyle?: boolean
+  credentials?: {
+    accessKeyId: string
+    secretAccessKey: string
+  }
 }
 
 export type DiskBlobstoreConfig = {

packages/pds/src/config/env.ts

@@ -27,6 +27,8 @@ export const readEnv = (): ServerEnvironment => {
     blobstoreS3Region: envStr('PDS_BLOBSTORE_S3_REGION'),
     blobstoreS3Endpoint: envStr('PDS_BLOBSTORE_S3_ENDPOINT'),
     blobstoreS3ForcePathStyle: envBool('PDS_BLOBSTORE_S3_FORCE_PATH_STYLE'),
+    blobstoreS3AccessKeyId: envStr('PDS_BLOBSTORE_S3_ACCESS_KEY_ID'),
+    blobstoreS3SecretAccessKey: envStr('PDS_BLOBSTORE_S3_SECRET_ACCESS_KEY'),
     // disk
     blobstoreDiskLocation: envStr('PDS_BLOBSTORE_DISK_LOCATION'),
     blobstoreDiskTmpLocation: envStr('PDS_BLOBSTORE_DISK_TMP_LOCATION'),
@@ -125,6 +127,8 @@ export type ServerEnvironment = {
   blobstoreS3Region?: string
   blobstoreS3Endpoint?: string
   blobstoreS3ForcePathStyle?: boolean
+  blobstoreS3AccessKeyId?: string
+  blobstoreS3SecretAccessKey?: string
 
   // identity
   didPlcUrl?: string

packages/pds/src/context.ts

@@ -108,6 +108,7 @@ export class AppContext {
             region: cfg.blobstore.region,
             endpoint: cfg.blobstore.endpoint,
             forcePathStyle: cfg.blobstore.forcePathStyle,
+            credentials: cfg.blobstore.credentials,
           })
         : await DiskBlobStore.create(
             cfg.blobstore.location,