refactor(libstore): move preResolveS3Credentials into aws-creds

lovesegfault · lovesegfault · commit 9d7a2dd4b29b · 2025-09-19T17:46:26.000Z
diff --git a/src/libstore/aws-creds.cc b/src/libstore/aws-creds.cc
@@ -2,9 +2,11 @@
 
 #if NIX_WITH_S3_SUPPORT
 
+#  include "nix/store/s3-url.hh"
 #  include "nix/util/finally.hh"
 #  include "nix/util/logging.hh"
 #  include "nix/util/sync.hh"
+#  include "nix/util/url.hh"
 #  include "nix/util/util.hh"
 
 #  include <aws/crt/Api.h>
@@ -221,6 +223,28 @@ void clearAwsCredentialsCache()
     credentialProviderCache.clear();
 }
 
+std::optional<AwsCredentials> preResolveS3Credentials(const std::string & url)
+{
+    try {
+        auto parsedUrl = parseURL(url);
+        if (parsedUrl.scheme != "s3") {
+            return std::nullopt;
+        }
+
+        auto s3Url = ParsedS3URL::parse(parsedUrl);
+        std::string profile = s3Url.profile.value_or("");
+
+        // Get credentials (automatically cached)
+        return getAwsCredentials(profile);
+    } catch (const AwsAuthError & e) {
+        debug("Failed to pre-resolve S3 credentials: %s", e.what());
+        return std::nullopt;
+    } catch (const std::exception & e) {
+        debug("Error pre-resolving S3 credentials: %s", e.what());
+        return std::nullopt;
+    }
+}
+
 } // namespace nix
 
 #endif // NIX_WITH_S3_SUPPORT
diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc
@@ -911,30 +911,6 @@ struct curlFileTransfer : public FileTransfer
 
         enqueueItem(std::make_shared<TransferItem>(*this, request, std::move(callback)));
     }
-
-#if NIX_WITH_S3_SUPPORT
-    std::optional<AwsCredentials> preResolveS3Credentials(const std::string & url) override
-    {
-        try {
-            auto parsedUrl = parseURL(url);
-            if (parsedUrl.scheme != "s3") {
-                return std::nullopt;
-            }
-
-            auto s3Url = ParsedS3URL::parse(parsedUrl);
-            std::string profile = s3Url.profile.value_or("");
-
-            // Get credentials (automatically cached)
-            return getAwsCredentials(profile);
-        } catch (const AwsAuthError & e) {
-            debug("Failed to pre-resolve S3 credentials: %s", e.what());
-            return std::nullopt;
-        } catch (const std::exception & e) {
-            debug("Error pre-resolving S3 credentials: %s", e.what());
-            return std::nullopt;
-        }
-    }
-#endif
 };
 
 ref<curlFileTransfer> makeCurlFileTransfer()
diff --git a/src/libstore/include/nix/store/aws-creds.hh b/src/libstore/include/nix/store/aws-creds.hh
@@ -62,6 +62,14 @@ void invalidateAwsCredentials(const std::string & profile);
  */
 void clearAwsCredentialsCache();
 
+/**
+ * Pre-resolve AWS credentials for S3 URLs.
+ * Used to cache credentials in parent process before forking.
+ * Returns credentials if URL is S3 and credentials are available.
+ * Returns nullopt if URL is not S3 or credentials cannot be resolved.
+ */
+std::optional<AwsCredentials> preResolveS3Credentials(const std::string & url);
+
 } // namespace nix
 
 #endif // NIX_WITH_S3_SUPPORT
diff --git a/src/libstore/include/nix/store/filetransfer.hh b/src/libstore/include/nix/store/filetransfer.hh
@@ -165,19 +165,6 @@ struct FileTransfer
      */
     virtual void enqueueFileTransfer(const FileTransferRequest & request, Callback<FileTransferResult> callback) = 0;
 
-#ifdef NIX_WITH_S3_SUPPORT
-    /**
-     * Pre-resolve AWS credentials for S3 URLs.
-     * Used to cache credentials in parent process before forking.
-     * Returns nullopt if URL is not S3 or credentials cannot be resolved.
-     */
-    virtual std::optional<AwsCredentials> preResolveS3Credentials(const std::string & url)
-    {
-        // Default implementation returns nothing
-        return std::nullopt;
-    }
-#endif
-
     std::future<FileTransferResult> enqueueFileTransfer(const FileTransferRequest & request);
 
     /**
diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc
@@ -212,8 +212,7 @@ class DerivationBuilderImpl : public DerivationBuilder, public DerivationBuilder
                         auto s3Url = ParsedS3URL::parse(parsedUrl);
 
                         // Get credentials from the parent process's cached provider
-                        auto ft = getFileTransfer();
-                        auto creds = ft->preResolveS3Credentials(url->second);
+                        auto creds = preResolveS3Credentials(url->second);
 
                         if (creds) {
                             preResolvedAwsCredentials = AwsCredentialsForBuilder{
