Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 10:50:21 +08:00
Code Packages Activity Actions 9

Merge pull request #2511 from windhamg/s3_iam_role

Browse source 
support for EC2 IAM roles with Amazon S3 file store/backup
This commit is contained in:
Régis Hanol 2014-08-18 16:14:14 +02:00
commit e1191a5fcf
5 changed files with 27 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/models/admin_dashboard_data.rb
View file

@ -134,8 +134,10 @@ class AdminDashboardData
end end
def s3_config_check def s3_config_check
return I18n.t('dashboard.s3_config_warning') if SiteSetting.enable_s3_uploads and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank? or SiteSetting.s3_upload_bucket.blank?) bad_keys = (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank?) and !SiteSetting.s3_use_iam_profile
return I18n.t('dashboard.s3_backup_config_warning') if SiteSetting.enable_s3_backups and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank? or SiteSetting.s3_backup_bucket.blank?)
return I18n.t('dashboard.s3_config_warning') if SiteSetting.enable_s3_uploads and (bad_keys or SiteSetting.s3_upload_bucket.blank?)
return I18n.t('dashboard.s3_backup_config_warning') if SiteSetting.enable_s3_backups and (bad_keys or SiteSetting.s3_backup_bucket.blank?)
nil nil
end end

16
app/models/backup.rb
View file

@ -73,18 +73,24 @@ class Backup
private private
def s3_options def s3_options
{ options = {
provider: 'AWS', provider: 'AWS',
aws_access_key_id: SiteSetting.s3_access_key_id,
aws_secret_access_key: SiteSetting.s3_secret_access_key,
region: SiteSetting.s3_region.blank? ? "us-east-1" : SiteSetting.s3_region, region: SiteSetting.s3_region.blank? ? "us-east-1" : SiteSetting.s3_region,
} }
if (SiteSetting.s3_use_iam_profile.present?)
options.merge!(:use_iam_profile => true)
else
options.merge!(:aws_access_key_id => SiteSetting.s3_access_key_id,
:aws_secret_access_key => SiteSetting.s3_secret_access_key)
end
options
end end
def fog def fog
return @fog if @fog return @fog if @fog
return unless SiteSetting.s3_access_key_id.present? && return unless ((SiteSetting.s3_access_key_id.present? &&
SiteSetting.s3_secret_access_key.present? && SiteSetting.s3_secret_access_key.present?) ||
SiteSetting.s3_use_iam_profile.present?) &&
SiteSetting.s3_backup_bucket.present? SiteSetting.s3_backup_bucket.present?
require 'fog' require 'fog'
@fog = Fog::Storage.new(s3_options) @fog = Fog::Storage.new(s3_options)

1
config/locales/server.en.yml
View file

@ -821,6 +821,7 @@ en:
purge_deleted_uploads_grace_period_days: "Grace period (in days) before a deleted upload is erased." purge_deleted_uploads_grace_period_days: "Grace period (in days) before a deleted upload is erased."
purge_inactive_users_grace_period_days: "Grace period (in days) before an inactive user is deleted." purge_inactive_users_grace_period_days: "Grace period (in days) before an inactive user is deleted."
enable_s3_uploads: "Place uploads on Amazon S3 storage." enable_s3_uploads: "Place uploads on Amazon S3 storage."
s3_use_iam_profile: 'Use AWS EC2 IAM role to retrieve keys. NOTE: enabling will override "s3 access key id" and "s3 secret access key" settings.'
s3_upload_bucket: "The Amazon S3 bucket name that files will be uploaded into. WARNING: must be lowercase, no periods." s3_upload_bucket: "The Amazon S3 bucket name that files will be uploaded into. WARNING: must be lowercase, no periods."
s3_access_key_id: "The Amazon S3 access key id that will be used to upload images." s3_access_key_id: "The Amazon S3 access key id that will be used to upload images."
s3_secret_access_key: "The Amazon S3 secret access key that will be used to upload images." s3_secret_access_key: "The Amazon S3 secret access key that will be used to upload images."

1
config/site_settings.yml
View file

@ -428,6 +428,7 @@ files:
clean_orphan_uploads_grace_period_hours: 1 clean_orphan_uploads_grace_period_hours: 1
purge_deleted_uploads_grace_period_days: 30 purge_deleted_uploads_grace_period_days: 30
enable_s3_uploads: false enable_s3_uploads: false
s3_use_iam_profile: false
s3_access_key_id: '' s3_access_key_id: ''
s3_secret_access_key: '' s3_secret_access_key: ''
s3_region: s3_region:

10
lib/file_store/s3_store.rb
View file

@ -98,20 +98,26 @@ module FileStore
def check_missing_site_settings def check_missing_site_settings
raise Discourse::SiteSettingMissing.new("s3_upload_bucket") if SiteSetting.s3_upload_bucket.blank? raise Discourse::SiteSettingMissing.new("s3_upload_bucket") if SiteSetting.s3_upload_bucket.blank?
unless SiteSetting.s3_use_iam_profile.present?
raise Discourse::SiteSettingMissing.new("s3_access_key_id") if SiteSetting.s3_access_key_id.blank? raise Discourse::SiteSettingMissing.new("s3_access_key_id") if SiteSetting.s3_access_key_id.blank?
raise Discourse::SiteSettingMissing.new("s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank? raise Discourse::SiteSettingMissing.new("s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank?
end end
end
def s3_options def s3_options
options = { options = {
provider: 'AWS', provider: 'AWS',
aws_access_key_id: SiteSetting.s3_access_key_id,
aws_secret_access_key: SiteSetting.s3_secret_access_key,
scheme: SiteSetting.scheme, scheme: SiteSetting.scheme,
# cf. https://github.com/fog/fog/issues/2381 # cf. https://github.com/fog/fog/issues/2381
path_style: dns_compatible?(s3_bucket, SiteSetting.use_https?), path_style: dns_compatible?(s3_bucket, SiteSetting.use_https?),
} }
options[:region] = SiteSetting.s3_region unless SiteSetting.s3_region.empty? options[:region] = SiteSetting.s3_region unless SiteSetting.s3_region.empty?
if (SiteSetting.s3_use_iam_profile.present?)
options.merge!(:use_iam_profile => true)
else
options.merge!(:aws_access_key_id => SiteSetting.s3_access_key_id,
:aws_secret_access_key => SiteSetting.s3_secret_access_key)
end
options options
end end