Supabase Storage 现在支持 S3 协议

Supabase Storage 现在支持 S3 协议
Supabase Storage now supports the S3 protocol

原始链接: https://supabase.com/blog/s3-compatible-storage

Supabase Storage 是后端即服务平台 Supabase 的一部分，现在在其公共 alpha 阶段支持 Amazon S3 兼容性。此功能包括可恢复上传从测试版转向正式版。 Supabase Storage 使用三种可互换协议（REST、TUS 和现在的 S3）来处理文件。开发人员可以利用任何 S3 客户端（例如 AWS CLI、rclone 或 Cyberduck），使用熟悉的方法处理他们的存储桶和文件。两种身份验证方法包括标准 access_key 和 Secret_key 凭据或利用行级安全性 (RLS) 的用户范围凭据。 S3 集成允许无缝连接到多个第三方工具，从而增强功能和灵活性。随着数据工程师受益于改进的数据管理功能，开发人员可以利用 S3 原语与流行的数据处理系统集成。此外，新功能还包括分段上传、跨存储桶传输、标准化错误代码、多租户迁移和解耦依赖项。

本文讨论 Supabase 的实现，Supabase 是一个提供托管 PostgreSQL 数据库和实时功能的平台。作者重点介绍了对“Oriole”的收购，这是由负责 Supabase 的同一团队开发的 PostgreSQL 扩展，以增强 S3 中大文件的管理。他们分享了实现流式读/写 vianpgsql 的经验，并报告了不错的性能。作者表示有兴趣探索 CloudflareR2 的潜在集成。该文本还谈到了自托管 Supabase 的易用性，承认部署的复杂性，但强调转回自托管的灵活性。人们对由大量风险投资支持的服务的可靠性以及处理 S3 兼容云提供商的必要性提出了担忧，特别是在需要适配器方面。此外，讨论还围绕着所需的改进展开，包括 PostgreSQL 中的可插拔存储、使用 Oriole 扩展解耦存储和计算、列式存储的潜在优势、时间序列存储的高压缩以及作为各种工作负载需求替代方案的其他存储引擎。此外，他们建议与社区一起开发可插拔存储，以扩展传统 PostgreSQL 存储之外的选项。

原文

Supabase Storage is now officially an S3-Compatible Storage Provider. This is one of the most-requested features and is available today in public alpha. Resumable Uploads are also transitioning from Beta to Generally Available.

The Supabase Storage Engine is fully open source and is one of the few storage solutions that offer 3 interoperable protocols to manage your files:

We always strive to adopt industry standards at Supabase. Supporting standards makes workloads portable, a key product principle. The S3 API is undoubtedly a storage standard, and we're making it accessible to developers of various experience-levels.

The S3 protocol is backwards compatible with our other APIs. If you are already using Storage via our REST or TUS APIs, today you can use any S3 client to interact with your buckets and files: upload with TUS, serve them with REST, and manage them with the S3 protocol.

The protocol works on the cloud, local development, and self-hosting. Check out the API compatibility in our docs

Authenticating with Supabase S3

To authenticate with Supabase S3 you have 2 options:

The standard access_key and secret_key credentials. You can generate these from the storage settings page. This authentication method is widely compatible with tools supporting the S3 protocol. It is also meant to be used exclusively serverside since it provides full access to your Storage resources.

We will add scoped access key credentials in the near future which can have access to specific buckets.
User-scoped credentials with RLS. This takes advantage of a well-adopted concept across all Supabase services, Row Level Security. It allows you to interact with the S3 protocol by scoping storage operations to a particular authenticated user or role, respecting your existing RLS policies. This method is made possible by using the Session token header which the S3 protocol supports. You can find more information on how to use the Session token mechanism in the doc.

S3-compatible Integrations

With the support of the S3 protocol, you can now connect Supabase Storage to many 3rd-party tools and services by providing a pair of credentials which can be revoked at any time.

You can use popular tools for backups and migrations, such as:

AWS CLI: The official AWS CLI
rclone: a command-line program to manage files on cloud storage.
Cyberduck: a cloud storage browser for Mac and Windows.
and any other s3-compatible tool ...

Supabase Cyberduck

Check out our Cyberduck guide here.

S3 for Data Engineers

S3 compatibility provides a nice primitive for Data Engineers. You can use it with many popular tools:

Data Warehouses like ClickHouse
Query engines like DuckDB, Spark, Trino, & Snowflake External Table
Data Loaders like Fivetran & Airbyte

In this example our incredible data analyst, Tyler, demonstrates how to store Parquet files in Supabase Storage and query them directly using DuckDB:

Multipart Uploads in S3

In addition to the standard uploads and resumable uploads, we now support multipart uploads via the S3 protocol. This allows you to maximize upload throughput by uploading chunks in parallel, which are then concatenated at the end.

Along with the platform GA announcement, we are also thrilled to announce that resumable uploads are also generally available.

Resumable uploads are powered by the TUS protocol. The journey to get here was immensely rewarding, working closely with the TUS team. A big shoutout to the maintainers of the TUS protocol, @murderlon and @acconut, for their collaborative approach to open source.

Supabase contributed some advanced features from the Node implementation of TUS Spec including distributed locks, max file size, expiration extension and numerous bug fixes:

Supabase contributions

These features were essential for Supabase, and since the TUS node server is open source, they are also available for you to use. This is another core principle: wherever possible, we use and support existing tools rather than developing from scratch.

Cross-bucket transfers: We have added the availability to copy and move objects across buckets, where previously you could do these operations only within the same Supabase bucket.
Standardized error codes: Error codes have now been standardized across the Storage server and now will be much easier to branch logic on specific errors. You can find the list of error codes here.
Multi-tenant migrations: We made significant improvements to the running migrations across all our tenants. This has reduced migration errors across the fleet and enables us to run long running migrations in an asynchronous manner. Stay tuned for a separate blog post with more details.
Decoupled dependencies: Storage is fully decoupled from other Supabase products, which means you can run Storage as a standalone service. Get started with this docker-compose file.