@adobe/helix-config 2.10.4 → 2.11.1

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [2.11.1](https://github.com/adobe/helix-config/compare/v2.11.0...v2.11.1) (2024-04-30)
+
+
+### Bug Fixes
+
+* cleanup admin.access ([#66](https://github.com/adobe/helix-config/issues/66)) ([28b1c28](https://github.com/adobe/helix-config/commit/28b1c28a71894b98e7748f3c671e4a79879ae81b))
+
+# [2.11.0](https://github.com/adobe/helix-config/compare/v2.10.4...v2.11.0) (2024-04-29)
+
+
+### Features
+
+* use helix-shared-storage ([#65](https://github.com/adobe/helix-config/issues/65)) ([ec73aa6](https://github.com/adobe/helix-config/commit/ec73aa63141422239cb022251645272beab2cf14))
+
 ## [2.10.4](https://github.com/adobe/helix-config/compare/v2.10.3...v2.10.4) (2024-04-27)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "2.10.4",
+  "version": "2.11.1",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -51,8 +51,7 @@
     "mocha-multi-reporters": "1.5.1",
     "mocha-suppress-logs": "0.5.1",
     "nock": "13.5.4",
-    "semantic-release": "23.0.8",
-    "xml2js": "0.6.2"
+    "semantic-release": "23.0.8"
   },
   "lint-staged": {
     "*.js": "eslint",
@@ -62,13 +61,10 @@
     "@adobe/fetch": "4.1.2",
     "@adobe/helix-shared-config": "10.4.3",
     "@adobe/helix-shared-git": "3.0.8",
-    "@adobe/helix-shared-process-queue": "3.0.4",
+    "@adobe/helix-shared-storage": "1.0.0",
     "@adobe/helix-shared-utils": "3.0.2",
-    "@aws-sdk/client-s3": "3.564.0",
-    "@smithy/node-http-handler": "2.5.0",
     "ajv": "8.12.0",
     "ajv-formats": "3.0.1",
-    "jose": "5.2.4",
-    "mime": "4.0.3"
+    "jose": "5.2.4"
   }
 }

package/src/config-legacy.js

@@ -15,6 +15,13 @@ const HELIX_CODE_BUS = 'helix-code-bus';
 
 const HELIX_CONTENT_BUS = 'helix-content-bus';
 
+export function toArray(v) {
+  if (!v) {
+    return [];
+  }
+  return Array.isArray(v) ? v : [v];
+}
+
 /**
  * Retrieves the helix-config.json which is an aggregate from fstab.yaml and head.html.
  *
@@ -79,6 +86,23 @@ export async function fetchRobotsTxt(ctx, owner, repo) {
   return res.body;
 }
 
+async function resolveAdminAccess(ctx, admin) {
+  const ret = {
+    ...admin,
+  };
+  if (ret.apiKeyId) {
+    ret.apiKeyId = toArray(ret.apiKeyId);
+  }
+  if (ret.defaultRole) {
+    ret.defaultRole = toArray(ret.defaultRole);
+  }
+  for (const [role, users] of Object.entries(ret.role ?? [])) {
+    // todo: load users.json
+    ret.role[role] = toArray(users);
+  }
+  return ret;
+}
+
 /**
  * Loads the content from a helix 4 project.
  * @param {ConfigContext} ctx
@@ -101,6 +125,8 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
         : 'onedrive',
       url: source,
     };
+  } else {
+    delete source.contentBusId;
   }
   const config = {
     version: 1,
@@ -122,10 +148,16 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
   };
   const configAllPreview = await fetchConfigAll(ctx, config.content.contentBusId, 'preview');
   const configAllLive = await fetchConfigAll(ctx, config.content.contentBusId, 'live');
-  const { access } = configAllPreview?.config?.data || {};
+  const { access, admin } = configAllPreview?.config?.data || {};
   if (access) {
     config.access = access;
   }
+  if (admin) {
+    if (!config.access) {
+      config.access = { };
+    }
+    config.access.admin = await resolveAdminAccess(ctx, admin);
+  }
   if (configAllPreview) {
     config.cdn = configAllPreview.config?.data.cdn ?? {};
     if (!config.cdn.prod?.host && configAllPreview.config?.data.host) {

package/src/config-view.js

@@ -18,7 +18,7 @@ import {
   SCOPE_DELIVERY,
   SCOPE_RAW,
 } from './ConfigContext.js';
-import { resolveLegacyConfig, fetchRobotsTxt } from './config-legacy.js';
+import { resolveLegacyConfig, fetchRobotsTxt, toArray } from './config-legacy.js';
 
 /**
  * @typedef Config
@@ -45,13 +45,6 @@ const HELIX_CONFIG_BUS = 'helix-config-bus';
 
 const HELIX_CONTENT_BUS = 'helix-content-bus';
 
-export function toArray(v) {
-  if (!v) {
-    return [];
-  }
-  return Array.isArray(v) ? v : [v];
-}
-
 /**
  * Creates a string representation of the given array that is suitable for substring matching by
  * delimiting each entry with `,` eg: ,foo@adobe.com,bar@adobe.com,
@@ -75,8 +68,8 @@ export function canonicalArrayString(root, partition, prop) {
 export function getAccessConfig(config, partition) {
   const { access, tokens = {} } = config;
   const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
+  const allow = toArray(access[partition]?.allow ?? access.allow);
   const cfg = {
-    allow: toArray(access[partition]?.allow ?? access.allow),
     apiKeyId,
     tokenHash: apiKeyId
       // token ids are always stored in base64url format, but legacy apiKeyIds are not
@@ -87,7 +80,7 @@ export function getAccessConfig(config, partition) {
   };
   // if an allow is defined but no apiKeyId, create a fake one so that auth is still
   // enforced. later we can remove the allow and the apiKeyId in favor of the tokenHash
-  if (cfg.allow.length && !cfg.apiKeyId.length) {
+  if (allow.length && !cfg.apiKeyId.length) {
     cfg.apiKeyId.push('fake');
   }
   // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still
@@ -95,6 +88,10 @@ export function getAccessConfig(config, partition) {
   if (cfg.apiKeyId.length && !cfg.tokenHash.length) {
     cfg.tokenHash.push('n/a');
   }
+  // todo: remove after auth rewrite
+  if (allow) {
+    cfg.allow = allow;
+  }
   return cfg;
 }
 
@@ -277,8 +274,6 @@ export async function getConfigResponse(ctx, opts) {
     const adminConfig = {
       ...rso,
       ...config,
-      // todo: delete after admin uses new structure
-      contentBusId: config.content.contentBusId,
       content: {
         ...config.content,
         ...config.content.source,

package/src/schemas/access-admin.schema.json

@@ -25,7 +25,6 @@
           "items": {"type": "string"}
         }
       },
-      "required": ["role"],
       "additionalProperties": false
     },
     "requireAuth": {

package/src/storage/config-store.js

@@ -11,7 +11,7 @@
  */
 /* eslint-disable no-param-reassign */
 import { isDeepStrictEqual } from 'util';
-import { HelixStorage } from './storage.js';
+import { HelixStorage } from '@adobe/helix-shared-storage';
 import { StatusCodeError } from './status-code-error.js';
 import {
   createToken,

package/src/storage/storage.js

@@ -1,612 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-
-/* eslint-disable max-classes-per-file,no-param-reassign */
-import { Agent } from 'node:https';
-import { promisify } from 'util';
-import zlib from 'zlib';
-import {
-  CopyObjectCommand,
-  DeleteObjectCommand,
-  DeleteObjectsCommand,
-  GetObjectCommand,
-  HeadObjectCommand,
-  ListObjectsV2Command,
-  PutObjectCommand,
-  S3Client,
-} from '@aws-sdk/client-s3';
-import { NodeHttpHandler } from '@smithy/node-http-handler';
-import { Response } from '@adobe/fetch';
-import mime from 'mime';
-import processQueue from '@adobe/helix-shared-process-queue';
-
-const gzip = promisify(zlib.gzip);
-const gunzip = promisify(zlib.gunzip);
-
-/**
- * @typedef {import('@aws-sdk/client-s3').CommandInput} CommandInput
- */
-
-/**
- * @typedef ObjectInfo
- * @property {string} key
- * @property {string} path the path to the object, w/o the prefix
- * @property {string} lastModified
- * @property {number} contentLength
- * @property {string} contentType
- */
-
-/**
- * @callback ObjectFilter
- * @param {ObjectInfo} info of the object to filter
- * @returns {boolean} {@code true} if the object is accepted
- */
-
-/**
- * result object headers
- */
-const AWS_META_HEADERS = [
-  'CacheControl',
-  'ContentType',
-  'ContentEncoding',
-  'Expires',
-];
-
-/**
- * Sanitizes the input key or path and returns a bucket relative key (without leading / ).
- * @param {string} keyOrPath
- * @returns {string}
- */
-function sanitizeKey(keyOrPath) {
-  if (keyOrPath.charAt(0) === '/') {
-    return keyOrPath.substring(1);
-  }
-  return keyOrPath;
-}
-
-/**
- * Bucket class
- */
-class Bucket {
-  constructor(opts) {
-    Object.assign(this, {
-      _s3: opts.s3,
-      _r2: opts.r2,
-      _log: opts.log,
-      _clients: [opts.s3],
-      _bucket: opts.bucketId,
-    });
-    if (opts.r2) {
-      this._clients.push(opts.r2);
-    }
-  }
-
-  get client() {
-    return this._s3;
-  }
-
-  get bucket() {
-    return this._bucket;
-  }
-
-  get log() {
-    return this._log;
-  }
-
-  /**
-   * Return an object contents.
-   *
-   * @param {string} key object key
-   * @param {object} [meta] output object to receive metadata if specified
-   * @returns object contents as a Buffer or null if no found.
-   * @throws an error if the object could not be loaded due to an unexpected error.
-   */
-  async get(key, meta = null) {
-    const { log } = this;
-    const input = {
-      Bucket: this.bucket,
-      Key: sanitizeKey(key),
-    };
-
-    try {
-      const result = await this.client.send(new GetObjectCommand(input));
-      log.info(`object downloaded from: ${input.Bucket}/${input.Key}`);
-
-      const buf = await new Response(result.Body, {}).buffer();
-      if (meta) {
-        Object.assign(meta, result.Metadata);
-        for (const name of AWS_META_HEADERS) {
-          if (name in result) {
-            meta[name] = result[name];
-          }
-        }
-      }
-      if (result.ContentEncoding === 'gzip') {
-        return await gunzip(buf);
-      }
-      return buf;
-    } catch (e) {
-      /* c8 ignore next 3 */
-      if (e.$metadata.httpStatusCode !== 404) {
-        throw e;
-      }
-      return null;
-    }
-  }
-
-  async head(path) {
-    const input = {
-      Bucket: this._bucket,
-      Key: sanitizeKey(path),
-    };
-    try {
-      const result = await this.client.send(new HeadObjectCommand(input));
-      this.log.info(`Object metadata downloaded from: ${input.Bucket}/${input.Key}`);
-      return result;
-    } catch (e) {
-      /* c8 ignore next 3 */
-      if (e.$metadata.httpStatusCode !== 404) {
-        throw e;
-      }
-      return null;
-    }
-  }
-
-  /**
-   * Return an object's metadata.
-   *
-   * @param {string} key object key
-   * @returns object metadata or null
-   * @throws an error if the object could not be loaded due to an unexpected error.
-   */
-  async metadata(key) {
-    const res = await this.head(key);
-    return res?.Metadata;
-  }
-
-  /**
-   * Internal helper for sending a command to both S3 and R2 clients.
-   * @param {function} CommandConstructor constructor of command to send to the client
-   * @param {CommandInput} input command input
-   * @returns {Promise<*>} the command result
-   */
-  async sendToS3andR2(CommandConstructor, input) {
-    // send cmd to s3 and r2 (mirror) in parallel
-    const tasks = this._clients.map((c) => c.send(new CommandConstructor(input)));
-    const result = await Promise.allSettled(tasks);
-
-    const rejected = result.filter(({ status }) => status === 'rejected');
-    if (!rejected.length) {
-      return result[0].value;
-    } else {
-      // at least 1 cmd failed
-      /* c8 ignore next */
-      const type = result[0].status === 'rejected' ? 'S3' : 'R2';
-      const err = rejected[0].reason;
-      err.message = `[${type}] ${err.message}`;
-      throw err;
-    }
-  }
-
-  /**
-   * Store an object contents, along with metadata.
-   *
-   * @param {string} path object key
-   * @param {Buffer|string} body data to store
-   * @param {string} [contentType] content type. defaults to 'application/octet-stream'
-   * @param {object} [meta] metadata to store with the object. defaults to '{}'
-   * @param {boolean} [compress = true]
-   * @returns result obtained from S3
-   */
-  async put(path, body, contentType = 'application/octet-stream', meta = {}, compress = true) {
-    const input = {
-      Body: body,
-      Bucket: this.bucket,
-      ContentType: contentType,
-      Metadata: meta,
-      Key: sanitizeKey(path),
-    };
-    if (compress) {
-      input.ContentEncoding = 'gzip';
-      input.Body = await gzip(body);
-    }
-    // write to s3 and r2 (mirror) in parallel
-    const res = await this.sendToS3andR2(PutObjectCommand, input);
-    this.log.info(`object uploaded to: ${input.Bucket}/${input.Key}`);
-    return res;
-  }
-
-  /**
-   * Updates the metadata
-   * @param {string} path
-   * @param {object} meta
-   * @param {object} opts
-   * @returns {Promise<*>}
-   */
-  async putMeta(path, meta, opts = {}) {
-    const key = sanitizeKey(path);
-    const input = {
-      Bucket: this._bucket,
-      Key: key,
-      CopySource: `${this.bucket}/${key}`,
-      Metadata: meta,
-      MetadataDirective: 'REPLACE',
-      ...opts,
-    };
-
-    // write to s3 and r2 (mirror) in parallel
-    const result = await this.sendToS3andR2(CopyObjectCommand, input);
-    this.log.info(`Metadata updated for: ${input.CopySource}`);
-    return result;
-  }
-
-  /**
-   * Copy an object in the same bucket.
-   *
-   * @param {string} src source key
-   * @param {string} dst destination key
-   * @returns result obtained from S3
-   */
-  async copy(src, dst) {
-    const input = {
-      Bucket: this.bucket,
-      CopySource: `${this.bucket}/${sanitizeKey(src)}`,
-      Key: sanitizeKey(dst),
-    };
-
-    try {
-      // write to s3 and r2 (mirror) in parallel
-      await this.sendToS3andR2(CopyObjectCommand, input);
-      this.log.info(`object copied from ${input.CopySource} to: ${input.Bucket}/${input.Key}`);
-    } catch (e) {
-      /* c8 ignore next 3 */
-      if (e.Code !== 'NoSuchKey') {
-        throw e;
-      }
-      const e2 = new Error(`source does not exist: ${input.CopySource}`);
-      e2.status = 404;
-      throw e2;
-    }
-  }
-
-  /**
-   * Remove object(s)
-   *
-   * @param {string|string[]} path source key(s)
-   * @returns result obtained from S3
-   */
-  async remove(path) {
-    if (Array.isArray(path)) {
-      const input = {
-        Bucket: this.bucket,
-        Delete: {
-          Objects: path.map((p) => ({ Key: sanitizeKey(p) })),
-        },
-      };
-      // delete on s3 and r2 (mirror) in parallel
-      try {
-        const result = await this.sendToS3andR2(DeleteObjectsCommand, input);
-        this.log.info(`${result.Deleted.length} objects deleted from bucket ${input.Bucket}.`);
-        return result;
-      } catch (e) {
-        const msg = `removing ${input.Delete.Objects.length} objects from bucket ${input.Bucket} failed: ${e.message}`;
-        this.log.error(msg);
-        const e2 = new Error(msg);
-        e2.status = e.$metadata?.httpStatusCode;
-        throw e2;
-      }
-    }
-
-    const input = {
-      Bucket: this.bucket,
-      Key: sanitizeKey(path),
-    };
-    // delete on s3 and r2 (mirror) in parallel
-    try {
-      const result = await this.sendToS3andR2(DeleteObjectCommand, input);
-      this.log.info(`object deleted: ${input.Bucket}/${input.Key}`);
-      return result;
-    } catch (e) {
-      const msg = `removing ${input.Bucket}/${input.Key} from storage failed: ${e.message}`;
-      this.log.error(msg);
-      const e2 = new Error(msg);
-      e2.status = e.$metadata.httpStatusCode;
-      throw e2;
-    }
-  }
-
-  /**
-   * Returns a list of object below the given prefix
-   * @param {string} prefix
-   * @returns {Promise<ObjectInfo[]>}
-   */
-  async list(prefix) {
-    let ContinuationToken;
-    const objects = [];
-    do {
-      // eslint-disable-next-line no-await-in-loop
-      const result = await this.client.send(new ListObjectsV2Command({
-        Bucket: this.bucket,
-        ContinuationToken,
-        Prefix: prefix,
-      }));
-      ContinuationToken = result.IsTruncated ? result.NextContinuationToken : '';
-      (result.Contents || []).forEach((content) => {
-        const key = content.Key;
-        objects.push({
-          key,
-          lastModified: content.LastModified,
-          contentLength: content.Size,
-          contentType: mime.getType(key),
-          path: `${key.substring(prefix.length)}`,
-        });
-      });
-    } while (ContinuationToken);
-    return objects;
-  }
-
-  async listFolders(prefix) {
-    let ContinuationToken;
-    const folders = [];
-    do {
-      // eslint-disable-next-line no-await-in-loop
-      const result = await this.client.send(new ListObjectsV2Command({
-        Bucket: this.bucket,
-        ContinuationToken,
-        Prefix: prefix,
-        Delimiter: '/',
-      }));
-      ContinuationToken = result.IsTruncated ? result.NextContinuationToken : '';
-      (result.CommonPrefixes || []).forEach(({ Prefix }) => {
-        folders.push(Prefix);
-      });
-    } while (ContinuationToken);
-    return folders;
-  }
-
-  /**
-   * Copies the tree below src to dst.
-   * @param {string} src Source prefix
-   * @param {string} dst Destination prefix
-   * @param {ObjectFilter} filter Filter function
-   * @returns {Promise<*[]>}
-   */
-  async copyDeep(src, dst, filter = () => true) {
-    const { log } = this;
-    const tasks = [];
-    const Prefix = sanitizeKey(src);
-    const dstPrefix = sanitizeKey(dst);
-    this.log.info(`fetching list of files to copy ${this.bucket}/${Prefix} => ${dstPrefix}`);
-    (await this.list(Prefix)).forEach((obj) => {
-      const {
-        path, key, contentLength, contentType,
-      } = obj;
-      if (filter(obj)) {
-        tasks.push({
-          src: key,
-          path,
-          contentLength,
-          contentType,
-          dst: `${dstPrefix}${path}`,
-        });
-      }
-    });
-
-    let errors = 0;
-    const changes = [];
-    await processQueue(tasks, async (task) => {
-      log.info(`copy to ${task.dst}`);
-      const input = {
-        Bucket: this.bucket,
-        CopySource: `${this.bucket}/${task.src}`,
-        Key: task.dst,
-      };
-      try {
-        // write to s3 and r2 (mirror) in parallel
-        await this.sendToS3andR2(CopyObjectCommand, input);
-        changes.push(task);
-      } catch (e) {
-        // at least 1 cmd failed
-        log.warn(`error while copying ${task.dst}: ${e}`);
-        errors += 1;
-      }
-    }, 64);
-    log.info(`copied ${changes.length} files to ${dst} (${errors} errors)`);
-    return changes;
-  }
-
-  async rmdir(src) {
-    const { log } = this;
-    src = sanitizeKey(src);
-    log.info(`fetching list of files to delete from ${this.bucket}/${src}`);
-    const items = await this.list(src);
-
-    let oks = 0;
-    let errors = 0;
-    await processQueue(items, async (item) => {
-      const { key } = item;
-      log.info(`deleting ${this.bucket}/${key}`);
-      const input = {
-        Bucket: this.bucket,
-        Key: key,
-      };
-
-      try {
-        // delete on s3 and r2 (mirror) in parallel
-        await this.sendToS3andR2(DeleteObjectCommand, input);
-        oks += 1;
-      } catch (e) {
-        // at least 1 cmd failed
-        log.warn(`error while deleting ${key}: ${e.$metadata.httpStatusCode}`);
-        errors += 1;
-      }
-    }, 64);
-    log.info(`deleted ${oks} files (${errors} errors)`);
-  }
-}
-
-/**
- * The Helix Storage provides a factory for simplified bucket operations to S3 and R2
- */
-export class HelixStorage {
-  static fromContext(context) {
-    if (!context.attributes.storage) {
-      const {
-        HELIX_HTTP_CONNECTION_TIMEOUT: connectionTimeout = 5000,
-        HELIX_HTTP_SOCKET_TIMEOUT: socketTimeout = 15000,
-        HELIX_HTTP_S3_KEEP_ALIVE: keepAlive,
-        CLOUDFLARE_ACCOUNT_ID: r2AccountId,
-        CLOUDFLARE_R2_ACCESS_KEY_ID: r2AccessKeyId,
-        CLOUDFLARE_R2_SECRET_ACCESS_KEY: r2SecretAccessKey,
-      } = context.env;
-
-      context.attributes.storage = new HelixStorage({
-        connectionTimeout,
-        socketTimeout,
-        r2AccountId,
-        r2AccessKeyId,
-        r2SecretAccessKey,
-        keepAlive: String(keepAlive) === 'true',
-        log: context.log,
-      });
-    }
-    return context.attributes.storage;
-  }
-
-  static AWS_S3_SYSTEM_HEADERS = {
-    'content-type': 'ContentType',
-    'content-disposition': 'ContentDisposition',
-    'content-encoding': 'ContentEncoding',
-    'content-language': 'ContentLanguage',
-  };
-
-  /**
-   * Create an instance
-   *
-   * @param {object} [opts] options
-   * @param {string} [opts.region] AWS region
-   * @param {string} [opts.accessKeyId] AWS access key
-   * @param {string} [opts.secretAccessKey] AWS secret access key
-   * @param {strong} [opts.r2AccountId]
-   * @param {strong} [opts.r2AccessKeyId]
-   * @param {strong} [opts.r2SecretAccessKey]
-   * @param {object} [opts.log] logger
-   */
-  constructor(opts = {}) {
-    const {
-      region, accessKeyId, secretAccessKey,
-      connectionTimeout, socketTimeout,
-      r2AccountId, r2AccessKeyId, r2SecretAccessKey,
-      log = console,
-      keepAlive = true,
-    } = opts;
-
-    if (region && accessKeyId && secretAccessKey) {
-      log.debug('Creating S3Client with credentials');
-      this._s3 = new S3Client({
-        region,
-        credentials: {
-          accessKeyId,
-          secretAccessKey,
-        },
-        requestHandler: new NodeHttpHandler({
-          httpsAgent: new Agent({
-            keepAlive,
-          }),
-          connectionTimeout,
-          socketTimeout,
-        }),
-      });
-    } else {
-      log.debug('Creating S3Client without credentials');
-      this._s3 = new S3Client({
-        requestHandler: new NodeHttpHandler({
-          httpsAgent: new Agent({
-            keepAlive,
-          }),
-          connectionTimeout,
-          socketTimeout,
-        }),
-      });
-    }
-
-    // initializing the R2 client which is used for mirroring all S3 writes to R2
-    log.debug('Creating R2 S3Client');
-    this._r2 = new S3Client({
-      endpoint: `https://${r2AccountId}.r2.cloudflarestorage.com`,
-      region: 'us-east-1', // https://github.com/aws/aws-sdk-js-v3/issues/1845#issuecomment-754832210
-      credentials: {
-        accessKeyId: r2AccessKeyId,
-        secretAccessKey: r2SecretAccessKey,
-      },
-      requestHandler: new NodeHttpHandler({
-        httpsAgent: new Agent({
-          keepAlive,
-        }),
-        connectionTimeout,
-        socketTimeout,
-      }),
-    });
-    this._log = log;
-  }
-
-  /**
-   * creates a bucket instance that allows to perform storage related operations.
-   * @param bucketId
-   * @returns {Bucket}
-   */
-  bucket(bucketId) {
-    if (!this._s3) {
-      throw new Error('storage already closed.');
-    }
-    if (!bucketId) {
-      throw new Error('bucketId is required.');
-    }
-    return new Bucket({
-      bucketId,
-      s3: this._s3,
-      r2: this._r2,
-      log: this._log,
-    });
-  }
-
-  /**
-   * @returns {Bucket}
-   */
-  contentBus() {
-    return this.bucket('helix-content-bus');
-  }
-
-  /**
-   * @returns {Bucket}
-   */
-  codeBus() {
-    return this.bucket('helix-code-bus');
-  }
-
-  /**
-   * @returns {Bucket}
-   */
-  configBus() {
-    return this.bucket('helix-config-bus');
-  }
-
-  /**
-   * Close this storage. Destroys the S3 client used.
-   */
-  close() {
-    this._s3?.destroy();
-    this._r2?.destroy();
-    delete this._s3;
-    delete this._r2;
-  }
-}