ursa.store.backends.r2

Cloudflare R2 backend, S3-protocol via obstore.

Credentials (and bucket) are pulled from constellation-utils based on the creds field of R2StoreConfig. The cred-name selector is the single source of truth for which bucket the store binds to:

  • assets_rw -> secrets.r2_assets_rw() -> constellation-assets RW

  • assets_ro -> secrets.r2_assets_ro() -> constellation-assets RO

  • raw_rw -> secrets.r2_raw_rw() -> constellation-data RW

  • raw_ro -> secrets.r2_raw_ro() -> constellation-data RO

The configured prefix is pushed into the obstore handle at construction so raw_obstore() returns a prefix-correct handle for Lance/Zarr backends to consume natively.

Module Contents

Functions

build_r2_store

Construct an R2-backed ObjectStore for the given role.

Data

_CREDS_MAP

API

ursa.store.backends.r2._CREDS_MAP: Final[dict[ursa.store.config.R2Creds, collections.abc.Callable[[], constellation_utils.secrets.models.R2Secrets]]]

None

ursa.store.backends.r2.build_r2_store(cfg: ursa.store.config.R2StoreConfig, *, role: str, allow_http: bool = False) ursa.store.base.ObjectStore[source]

Construct an R2-backed ObjectStore for the given role.

R2 requires virtual_hosted_style_request=False (path-style addressing); region is always "auto" per Cloudflare’s S3 protocol.

allow_http should only be set to True in tests against a local HTTP endpoint (e.g. MinIO). Production R2 always uses HTTPS.