feat: Add S3 implementation for object_store (matter-labs#3664)

## What ❔

Add S3 implementation for object_store.
<!-- What are the changes this PR brings about? -->
<!-- Example: This PR adds a PR template to the repo. -->
<!-- (For bigger PRs adding more context is appreciated) -->

## Why ❔

To remove hard dependency on GCS, add possibility to use any S3-like
storage for snapshots and provers.
<!-- Why are these changes done? What goal do they contribute to? What
are the principles behind them? -->
<!-- The `Why` has to be clear to non-Matter Labs entities running their
own ZK Chain -->
<!-- Example: PR templates ensure PR reviewers, observers, and future
iterators are in context about the evolution of repos. -->

## Is this a breaking change?
- [ ] Yes
- [x] No

## Operational changes
<!-- Any config changes? Any new flags? Any changes to any scripts? -->
<!-- Please add anything that non-Matter Labs entities running their own
ZK Chain may need to know -->

## Checklist

<!-- Check your PR fulfills the following items. -->
<!-- For draft PRs check the boxes as you complete them. -->

- [x] PR title corresponds to the body of PR (we generate changelog
entries from PRs).
- [x] Tests for the changes have been added / updated.
- [x] Documentation comments have been added / updated.
- [x] Code has been formatted via `zkstack dev fmt` and `zkstack dev
lint`.


ref ZKD-2415

Author: yorik

core/Cargo.lock

@@ -108,6 +108,11 @@ anyhow = "1"
 assert_matches = "1.5"
 async-trait = "0.1"
 async-recursion = "1"
+aws-config = { version = "1.1.7", default-features = false, features = [
+  "behavior-version-latest",
+] }
+aws-runtime = "1.5.5"
+aws-sdk-s3 = "1.76.0"
 axum = "0.7.5"
 backon = "0.4.4"
 bigdecimal = "0.4.5"
@@ -192,7 +197,7 @@ tower-http = "0.5.2"
 tracing = "0.1"
 tracing-subscriber = "0.3"
 tracing-opentelemetry = "0.25.0"
-time = "0.3.36"                                                               # Has to be same as used by `tracing-subscriber`
+time = "0.3.36" # Has to be same as used by `tracing-subscriber`
 url = "2"
 web3 = "0.19.0"
 yab = "0.1.0"

core/Cargo.toml

@@ -37,6 +37,17 @@ pub enum ObjectStoreMode {
         bucket_base_url: String,
         gcs_credential_file_path: String,
     },
+    S3AnonymousReadOnly {
+        bucket_base_url: String,
+        endpoint: Option<String>,
+        region: Option<String>,
+    },
+    S3WithCredentialFile {
+        bucket_base_url: String,
+        s3_credential_file_path: String,
+        endpoint: Option<String>,
+        region: Option<String>,
+    },
     FileBacked {
         file_backed_base_path: String,
     },

core/lib/config/src/configs/object_store.rs

@@ -28,7 +28,13 @@ tokio = { workspace = true, features = ["full"] }
 tracing.workspace = true
 prost.workspace = true
 reqwest.workspace = true
+aws-config.workspace = true
+aws-runtime.workspace = true
+aws-sdk-s3.workspace = true
 
 [dev-dependencies]
 assert_matches.workspace = true
 tempfile.workspace = true
+clap = { workspace = true, features = ["derive"] }
+tracing-subscriber = { workspace = true, features = ["env-filter"] }
+zksync_core_leftovers.workspace = true

core/lib/object_store/Cargo.toml

@@ -15,3 +15,25 @@ Besides the lower-level storage abstraction, the crate provides high-level types
 objects. Prefer using these methods whenever possible.
 
 [configuration]: ../config
+
+## S3
+
+S3 implementation can be used to access different storages. Here is list of recommended values.
+
+### GCS
+
+See [details](https://cloud.google.com/storage/docs/authentication/managing-hmackeys)
+
+- Endpoint: `https://storage.googleapis.com`
+- Region: `us` or `auto`
+- Access Key ID: Access key
+- Secret Access Key: Corresponding secret
+
+### R2
+
+See [details](https://developers.cloudflare.com/r2/api/s3/tokens/)
+
+- Endpoint: `https://<ACCOUNT_ID>.r2.cloudflarestorage.com`
+- Region: `auto` or `us-east-1`
+- Access Key ID: The id of the API token
+- Secret Access Key: The SHA-256 hash of the API token value

core/lib/object_store/README.md

@@ -0,0 +1,7 @@
+core_object_store:
+  s3_with_credential_file:
+    bucket_base_url: some-bucket
+    s3_credential_file_path: credentials.example
+    region: us
+    endpoint: https://storage.googleapis.com
+  max_retries: 2

core/lib/object_store/examples/config.yaml

@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id = <Your access key>
+aws_secret_access_key = <Your secret key>

core/lib/object_store/examples/credentials.example

@@ -0,0 +1,69 @@
+//! Object store manual connection test.
+
+use anyhow::Context as _;
+use clap::Parser;
+use tracing::level_filters::LevelFilter;
+use tracing_subscriber::EnvFilter;
+use zksync_core_leftovers::temp_config_store::load_general_config;
+use zksync_object_store::ObjectStoreFactory;
+use zksync_types::{
+    snapshots::{SnapshotStorageLogsChunk, SnapshotStorageLogsStorageKey},
+    L1BatchNumber, H256,
+};
+
+/// CLI for testing Object Storage using core_object_store config field.
+#[derive(Debug, Parser)]
+struct Cli {
+    /// Number of updates to perform.
+    #[arg(name = "config", alias = "c")]
+    config_path: Option<std::path::PathBuf>,
+}
+
+impl Cli {
+    fn init_logging() {
+        tracing_subscriber::fmt()
+            .pretty()
+            .with_env_filter(
+                EnvFilter::builder()
+                    .with_default_directive(LevelFilter::INFO.into())
+                    .from_env_lossy()
+                    .add_directive("zksync_object_store=trace".parse().unwrap()),
+            )
+            .init();
+    }
+
+    #[tokio::main]
+    async fn run(self) -> anyhow::Result<()> {
+        Self::init_logging();
+        tracing::info!("Launched with options: {self:?}");
+        let general_config = load_general_config(self.config_path).context("general config")?;
+
+        let object_store_config = general_config
+            .core_object_store
+            .context("core object store config")?;
+        let object_store = ObjectStoreFactory::new(object_store_config)
+            .create_store()
+            .await
+            .context("failed to create object store")?;
+
+        let key = SnapshotStorageLogsStorageKey {
+            l1_batch_number: L1BatchNumber(123456),
+            chunk_id: 4321,
+        };
+        let snapshot_chunk = SnapshotStorageLogsChunk::<H256> {
+            storage_logs: vec![],
+        };
+
+        object_store
+            .put::<SnapshotStorageLogsChunk>(key, &snapshot_chunk)
+            .await?;
+        let result = object_store.get::<SnapshotStorageLogsChunk>(key).await?;
+        tracing::info!("Result: {result:?}");
+        object_store.remove::<SnapshotStorageLogsChunk>(key).await?;
+        Ok(())
+    }
+}
+
+fn main() -> anyhow::Result<()> {
+    Cli::parse().run()
+}

core/lib/object_store/examples/object_store.rs

@@ -10,6 +10,7 @@ use crate::{
     mirror::MirroringObjectStore,
     raw::{ObjectStore, ObjectStoreError},
     retries::StoreWithRetries,
+    s3::{S3Store, S3StoreAuthMode},
 };
 
 /// Factory of [`ObjectStore`]s that caches the store instance once it's created. Used mainly for legacy reasons.
@@ -98,6 +99,42 @@ impl ObjectStoreFactory {
                 Self::wrap_mirroring(store, config.local_mirror_path.as_ref()).await
             }
 
+            ObjectStoreMode::S3WithCredentialFile {
+                bucket_base_url,
+                s3_credential_file_path,
+                endpoint,
+                region,
+            } => {
+                let store = StoreWithRetries::try_new(config.max_retries, || {
+                    S3Store::new(
+                        S3StoreAuthMode::AuthenticatedWithCredentialFile(
+                            s3_credential_file_path.clone(),
+                        ),
+                        bucket_base_url.clone(),
+                        endpoint.clone(),
+                        region.clone(),
+                    )
+                })
+                .await?;
+                Self::wrap_mirroring(store, config.local_mirror_path.as_ref()).await
+            }
+            ObjectStoreMode::S3AnonymousReadOnly {
+                bucket_base_url,
+                endpoint,
+                region,
+            } => {
+                let store = StoreWithRetries::try_new(config.max_retries, || {
+                    S3Store::new(
+                        S3StoreAuthMode::Anonymous,
+                        bucket_base_url.clone(),
+                        endpoint.clone(),
+                        region.clone(),
+                    )
+                })
+                .await?;
+                Self::wrap_mirroring(store, config.local_mirror_path.as_ref()).await
+            }
+
             ObjectStoreMode::FileBacked {
                 file_backed_base_path,
             } => {

core/lib/object_store/src/factory.rs

@@ -32,6 +32,7 @@ mod mock;
 mod objects;
 mod raw;
 mod retries;
+mod s3;
 
 // Re-export `bincode` crate so that client binaries can conveniently use it.
 pub use bincode;