objstore: extract AWS SDK related logic into separate client and extract common code of s3 like store

[D3Hunter]

What problem does this PR solve?

Issue Number: ref #65461

Problem Summary:

What changed and how does it work?

• extract code commmon to s3 and s3 compatible store into a separate pkg
• extract AWS SDK related logic into separate client, and refactor the way to check permissions
• fix a issue that we take permission check of GetObject as success when the error is not smithy.APIError, this issue shouldn't happen normally, but we fix it anyway

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No need to test

  • I checked and no code files have been changed.

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

[tiprow]

Hi @D3Hunter. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[D3Hunter]

this is from here

tidb/pkg/objstore/s3store/s3.go

Lines 1397 to 1407 in 1d4344f

	s3Writer.wg.Add(1)
	go func() {
	_, err := up.Upload(ctx, upParams)
	// like a channel we only let sender close the pipe in happy path
	if err != nil {
	log.Warn("upload to s3 failed", zap.String("filename", name), zap.Error(err))
	_ = rd.CloseWithError(err)
	}
	s3Writer.err = err
	s3Writer.wg.Done()
	}()

[D3Hunter]

moved to s3like permission test

[D3Hunter]

previously we take other error as success

tidb/pkg/objstore/s3store/s3.go

Lines 708 to 715 in 1d4344f

	// if key not exists and we reach this error, that
	// means we have the correct permission to GetObject
	// other we will get another error
	return nil
	}
	return errors.Trace(err)
	}
	return nil

[codecov]

Codecov Report

❌ Patch coverage is 66.42066% with 182 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.7342%. Comparing base (8333420) to head (512691b).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@               Coverage Diff                @@
##             master     #65561        +/-   ##
================================================
- Coverage   77.8487%   77.7342%   -0.1146%     
================================================
  Files          1978       1905        -73     
  Lines        542181     530747     -11434     
================================================
- Hits         422081     412572      -9509     
+ Misses       118441     118168       -273     
+ Partials       1659          7      -1652     

Flag	Coverage Δ
integration	41.6391% <0.0000%> (-6.5508%)	⬇️
unit	76.8621% <66.4206%> (+0.4029%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
dumpling	56.7974% <ø> (ø)
parser	∅ <ø> (∅)
br	48.8272% <ø> (-12.3154%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[D3Hunter]

renamed from

tidb/pkg/objstore/s3store/s3.go

Lines 154 to 158 in 87e4e71

	type S3Uploader struct {
	svc S3API
	createOutput *s3.CreateMultipartUploadOutput
	completeParts []types.CompletedPart
	}

[D3Hunter]

abstracted from

tidb/pkg/objstore/s3store/s3.go

Lines 1391 to 1399 in 87e4e71

	upParams := &s3.PutObjectInput{
	Bucket: aws.String(rs.options.Bucket),
	Key: aws.String(rs.options.Prefix + name),
	Body: rd,
	}
	s3Writer := &s3ObjectWriter{wd: wd, wg: &sync.WaitGroup{}}
	s3Writer.wg.Add(1)
	go func() {
	_, err := up.Upload(ctx, upParams)

[D3Hunter]

/retest

[D3Hunter]

/retest

[tiprow]

@D3Hunter: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joechenrh, Leavrth

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Leavrth,joechenrh]
• pkg/objstore/OWNERS [Leavrth]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2026-01-15 13:21:19.037752582 +0000 UTC m=+68106.651709438: ☑️ agreed by joechenrh.
• 2026-01-16 01:44:43.892091587 +0000 UTC m=+112711.506048433: ☑️ agreed by Leavrth.

[tiprow]

@D3Hunter: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
tidb_parser_test	512691b	link	true	/test tidb_parser_test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[lance6716]

/retest

[tiprow]

@lance6716: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.