Merge branch 'main' into add-expiration-files-remote-s3

2025-12-18 12:19:47 +00:00 · 2025-08-29 15:32:31 -04:00 · 2025-08-29 15:32:31 -04:00 · 42d15a4516
commit 42d15a4516
parent 76a59e4a55 efdb5558b8
27 changed files with 2165 additions and 2402 deletions
--- a/llama_stack/providers/remote/files/s3/files.py
+++ b/llama_stack/providers/remote/files/s3/files.py
@ -22,8 +22,10 @@ from llama_stack.apis.files import (
    OpenAIFileObject,
    OpenAIFilePurpose,
 )
+from llama_stack.core.datatypes import AccessRule
 from llama_stack.providers.utils.sqlstore.api import ColumnDefinition, ColumnType
-from llama_stack.providers.utils.sqlstore.sqlstore import SqlStore, sqlstore_impl
+from llama_stack.providers.utils.sqlstore.authorized_sqlstore import AuthorizedSqlStore
+from llama_stack.providers.utils.sqlstore.sqlstore import sqlstore_impl

 from .config import S3FilesImplConfig

@ -120,10 +122,11 @@ def _make_file_object(
 class S3FilesImpl(Files):
    """S3-based implementation of the Files API."""

-    def __init__(self, config: S3FilesImplConfig) -> None:
+    def __init__(self, config: S3FilesImplConfig, policy: list[AccessRule]) -> None:
        self._config = config
+        self.policy = policy
        self._client: boto3.client | None = None
-        self._sql_store: SqlStore | None = None
+        self._sql_store: AuthorizedSqlStore | None = None

    def _now(self) -> int:
        """Return current UTC timestamp as int seconds."""
@ -133,7 +136,7 @@ class S3FilesImpl(Files):
        where: dict[str, str | dict] = {"id": file_id}
        if not return_expired:
            where["expires_at"] = {">": self._now()}
-        if not (row := await self.sql_store.fetch_one("openai_files", where=where)):
+        if not (row := await self.sql_store.fetch_one("openai_files", policy=self.policy, where=where)):
            raise ResourceNotFoundError(file_id, "File", "files.list()")
        return row

@ -160,7 +163,7 @@ class S3FilesImpl(Files):
        self._client = _create_s3_client(self._config)
        await _create_bucket_if_not_exists(self._client, self._config)

-        self._sql_store = sqlstore_impl(self._config.metadata_store)
+        self._sql_store = AuthorizedSqlStore(sqlstore_impl(self._config.metadata_store))
        await self._sql_store.create_table(
            "openai_files",
            {
@ -183,7 +186,7 @@ class S3FilesImpl(Files):
        return self._client

    @property
-    def sql_store(self) -> SqlStore:
+    def sql_store(self) -> AuthorizedSqlStore:
        assert self._sql_store is not None, "Provider not initialized"
        return self._sql_store

@ -264,6 +267,7 @@ class S3FilesImpl(Files):

        paginated_result = await self.sql_store.fetch_all(
            table="openai_files",
+            policy=self.policy,
            where=where_conditions,
            order_by=[("created_at", order.value)],
            cursor=("id", after) if after else None,