Skip to content

[External]Add S3 blob storage with cashier billing to ic-gateway#197

Draft
shilingwang wants to merge 26 commits intodfinity:mainfrom
shilingwang:shiling/blob-storage
Draft

[External]Add S3 blob storage with cashier billing to ic-gateway#197
shilingwang wants to merge 26 commits intodfinity:mainfrom
shilingwang:shiling/blob-storage

Conversation

@shilingwang
Copy link
Copy Markdown
Contributor

@shilingwang shilingwang commented Apr 29, 2026

#NODE-1941

Summary

  • Adds a full blob storage API to ic-gateway, enabling upload/download of content-addressed blobs backed by a single AWS S3 bucket with per-owner billing through the cashier canister.
  • Introduces new /v1/ HTTP endpoints for blob metadata, chunk operations, and owner data management, gated behind --s3-endpoint and --cashier-canister-id CLI flags.
  • Integrates billing (budget checks, usage reporting) via a CashierConnector that caches budgets locally and flushes usage counters periodically, wired into ic-gateway's existing TaskManager and HealthManager.

New modules

  • src/s3/ — S3 client abstraction (BucketLike trait, AWSBucket impl, RamFakeBucket for dev), config
  • src/cashier/ — CashierClient (4 canister calls: whoami, pricelist, budget, usage reporting), CashierConnector (local billing cache + periodic flush)
  • src/storage/ — Shared types (blob metadata, hash tree, chunk constants), S3 key paths, IC egress certificate auth
  • src/routing/storage/ — Axum handlers + router for all /v1/ endpoints

HTTP endpoints (under /v1/)

  • HEAD /v1/blob — Blob metadata headers (size, content type)
  • GET /v1/blob — Download blob with Range header support
  • GET /v1/blob-tree — Raw blob metadata JSON
  • PUT /v1/blob-tree — Upload blob metadata (with IC egress cert auth)
  • GET /v1/chunk — Download a single chunk
  • PUT /v1/chunk — Upload a single chunk (SHA-256 verified)
  • DELETE /v1/owner — Delete all data for an owner (host-gated)

Design decisions

  • Single S3 bucket: One bucket configured via CLI, no multi-bucket routing. Simpler than the multi-instance model in object-storage.
  • Billing gated: Storage routes are only mounted when both --s3-endpoint and --cashier-canister-id are provided. Without either, ic-gateway serves only normal IC traffic.
  • Budget caching: Per-owner budgets cached for 30s to avoid hitting the cashier canister on every request. Usage counters flushed every 10s.
  • IC egress auth: PUT /blob-tree verifies an OwnerEgressSignature certificate from the request body. Bypassable with --fake-ingress-auth for local dev.

@shilingwang
add s3 connection with billing to ic-gateway
608d9a6
@shilingwang
remove the whoami part
f134ffe
@shilingwang
use cors middleware
9130d35
@shilingwang
move header constant to router
0073d2c
@shilingwang
refactor storage/handlers.rs
7e4873c
@shilingwang
refactor storage to be similar like ic
bb89666
@shilingwang
refactor to put all storage related code under routing/storage
589733e
@shilingwang
address comments
049e553
@shilingwang
change the new endpoint name with prefix of storage/v1
0dfc412
@shilingwang
remove the fake ingress to prevent production leak
47ddf5d
@shilingwang
remove unreachable second BUDGET_REFRESH_DELAY
a0a65d3
@shilingwang
use existing dns resolver
0206638
@shilingwang
merge buckt config into bucket
eef096c
@shilingwang
rename type into wire
24bc0ab
@shilingwang
use axum for typed header
31d5f30
@shilingwang
use ic-certificate instead of agent
da44896
@shilingwang
remove unnecessary enum
e500812
@shilingwang
addressing comments
ae53726
@shilingwang
add comments for IngressAuthImpl
a9b0a7d
@shilingwang
remove intelligent_teering probe but just use CLI
47011eb
@shilingwang
remove &self
163ce6a
@shilingwang
addressing comments
c538716
@shilingwang
make price_component safe
96acd36
@shilingwang
make download in parallel
32a87ab
@shilingwang
let the certificate last only 30 minutes
77d80ea
@shilingwang
auth: avoid root_hash String allocation
ce2d6bd 
`check_payload` accepts `&str`, so keep `root_hash` as the borrowed
slice returned by `root_hash()` instead of allocating a `String`.

Made-with: Cursor
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

Thank you for contributing! Unfortunately this repository does not accept external contributions yet.

We are working on enabling this by aligning our internal processes and our CI setup to handle external contributions. However this will take some time to set up so in the meantime we unfortunately have to close this Pull Request.

We hope you understand and will come back once we accept external PRs.

— The DFINITY Foundation

@github-actions github-actions Bot closed this Apr 29, 2026
@r-birkner r-birkner reopened this Apr 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

external-contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shilingwang @r-birkner