IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

support for EC2 IAM roles with Amazon S3 file store/backup

Browse Source
This commit is contained in:
Gary Windham
2014-07-05 12:33:39 -07:00
parent b5c57fa947
commit 3f6bd0606a
5 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/admin_dashboard_data.rb
View File

@@ -135,8 +135,8 @@ class AdminDashboardData
end end
def s3_config_check def s3_config_check
return I18n.t('dashboard.s3_config_warning') if SiteSetting.enable_s3_uploads and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank? or SiteSetting.s3_upload_bucket.blank?) return I18n.t('dashboard.s3_config_warning') if SiteSetting.enable_s3_uploads and ((!SiteSetting.s3_use_iam_profile and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank?)) or SiteSetting.s3_upload_bucket.blank?)
return I18n.t('dashboard.s3_backup_config_warning') if SiteSetting.enable_s3_backups and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank? or SiteSetting.s3_backup_bucket.blank?) return I18n.t('dashboard.s3_backup_config_warning') if SiteSetting.enable_s3_backups and ((!SiteSetting.s3_use_iam_profile and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank?)) or SiteSetting.s3_backup_bucket.blank?)
nil nil
end end

16
app/models/backup.rb
View File

@@ -73,18 +73,24 @@ class Backup
private private
def s3_options def s3_options
{ options = {
provider: 'AWS', provider: 'AWS',
aws_access_key_id: SiteSetting.s3_access_key_id,
aws_secret_access_key: SiteSetting.s3_secret_access_key,
region: SiteSetting.s3_region.blank? ? "us-east-1" : SiteSetting.s3_region, region: SiteSetting.s3_region.blank? ? "us-east-1" : SiteSetting.s3_region,
} }
if (SiteSetting.s3_use_iam_profile.present?)
options.merge!(:use_iam_profile => true)
else
options.merge!(:aws_access_key_id => SiteSetting.s3_access_key_id,
:aws_secret_access_key => SiteSetting.s3_secret_access_key)
end
options
end end
def fog def fog
return @fog if @fog return @fog if @fog
return unless SiteSetting.s3_access_key_id.present? && return unless ((SiteSetting.s3_access_key_id.present? &&
SiteSetting.s3_secret_access_key.present? && SiteSetting.s3_secret_access_key.present?) ||
SiteSetting.s3_use_iam_profile.present?) &&
SiteSetting.s3_backup_bucket.present? SiteSetting.s3_backup_bucket.present?
require 'fog' require 'fog'
@fog = Fog::Storage.new(s3_options) @fog = Fog::Storage.new(s3_options)

1
config/locales/server.en.yml
View File

@@ -810,6 +810,7 @@ en:
clean_orphan_uploads_grace_period_hours: "Grace period (in hours) before an orphan upload is removed." clean_orphan_uploads_grace_period_hours: "Grace period (in hours) before an orphan upload is removed."
purge_deleted_uploads_grace_period_days: "Grace period (in days) before a deleted upload is erased." purge_deleted_uploads_grace_period_days: "Grace period (in days) before a deleted upload is erased."
enable_s3_uploads: "Place uploads on Amazon S3 storage." enable_s3_uploads: "Place uploads on Amazon S3 storage."
s3_use_iam_profile: 'Use AWS EC2 IAM role to retrieve keys. NOTE: enabling will override "s3 access key id" and "s3 secret access key" settings.'
s3_upload_bucket: "The Amazon S3 bucket name that files will be uploaded into. WARNING: must be lowercase, no periods." s3_upload_bucket: "The Amazon S3 bucket name that files will be uploaded into. WARNING: must be lowercase, no periods."
s3_access_key_id: "The Amazon S3 access key id that will be used to upload images." s3_access_key_id: "The Amazon S3 access key id that will be used to upload images."
s3_secret_access_key: "The Amazon S3 secret access key that will be used to upload images." s3_secret_access_key: "The Amazon S3 secret access key that will be used to upload images."

1
config/site_settings.yml
View File

@@ -422,6 +422,7 @@ files:
clean_orphan_uploads_grace_period_hours: 1 clean_orphan_uploads_grace_period_hours: 1
purge_deleted_uploads_grace_period_days: 30 purge_deleted_uploads_grace_period_days: 30
enable_s3_uploads: false enable_s3_uploads: false
s3_use_iam_profile: false
s3_access_key_id: '' s3_access_key_id: ''
s3_secret_access_key: '' s3_secret_access_key: ''
s3_region: s3_region:

14
lib/file_store/s3_store.rb
View File

@@ -98,20 +98,26 @@ module FileStore
def check_missing_site_settings def check_missing_site_settings
raise Discourse::SiteSettingMissing.new("s3_upload_bucket") if SiteSetting.s3_upload_bucket.blank? raise Discourse::SiteSettingMissing.new("s3_upload_bucket") if SiteSetting.s3_upload_bucket.blank?
raise Discourse::SiteSettingMissing.new("s3_access_key_id") if SiteSetting.s3_access_key_id.blank? unless SiteSetting.s3_use_iam_profile.present?
raise Discourse::SiteSettingMissing.new("s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank? raise Discourse::SiteSettingMissing.new("s3_access_key_id") if SiteSetting.s3_access_key_id.blank?
raise Discourse::SiteSettingMissing.new("s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank?
end
end end
def s3_options def s3_options
options = { options = {
provider: 'AWS', provider: 'AWS',
aws_access_key_id: SiteSetting.s3_access_key_id,
aws_secret_access_key: SiteSetting.s3_secret_access_key,
scheme: SiteSetting.scheme, scheme: SiteSetting.scheme,
# cf. https://github.com/fog/fog/issues/2381 # cf. https://github.com/fog/fog/issues/2381
path_style: dns_compatible?(s3_bucket, SiteSetting.use_https?), path_style: dns_compatible?(s3_bucket, SiteSetting.use_https?),
} }
options[:region] = SiteSetting.s3_region unless SiteSetting.s3_region.empty? options[:region] = SiteSetting.s3_region unless SiteSetting.s3_region.empty?
if (SiteSetting.s3_use_iam_profile.present?)
options.merge!(:use_iam_profile => true)
else
options.merge!(:aws_access_key_id => SiteSetting.s3_access_key_id,
:aws_secret_access_key => SiteSetting.s3_secret_access_key)
end
options options
end end