From 2221b066010029e5cf5c7ac6593c27aae0ba1c6f Mon Sep 17 00:00:00 2001 From: Amjith Titus Date: Mon, 12 Aug 2024 11:13:47 +0530 Subject: [PATCH 1/2] Explicity mention Public Read ACL for Facility Image S3 Uploads (#2344) --- care/facility/api/serializers/facility.py | 1 + 1 file changed, 1 insertion(+) diff --git a/care/facility/api/serializers/facility.py b/care/facility/api/serializers/facility.py index 28df9b80f7..7d8aea793f 100644 --- a/care/facility/api/serializers/facility.py +++ b/care/facility/api/serializers/facility.py @@ -172,6 +172,7 @@ def save(self, **kwargs): Bucket=bucket_name, Key=image_location, Body=image.file, + ACL="public-read", ) facility.cover_image_url = image_location facility.save() From aa29b8690cb273804729f08da1819af37b559e4f Mon Sep 17 00:00:00 2001 From: Mohammed Nihal <57055998+nihal467@users.noreply.github.com> Date: Wed, 14 Aug 2024 19:30:19 +0530 Subject: [PATCH 2/2] Merge Develop to Staging 24.34.0 | Patchh (#2360) fix s3 client error on gcp (#2359) Co-authored-by: Aakash Singh --- care/facility/api/serializers/facility.py | 15 +++++++++------ care/utils/csp/config.py | 18 ++++++++++++------ config/settings/base.py | 1 + 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/care/facility/api/serializers/facility.py b/care/facility/api/serializers/facility.py index 7d8aea793f..c7380edb9d 100644 --- a/care/facility/api/serializers/facility.py +++ b/care/facility/api/serializers/facility.py @@ -1,4 +1,5 @@ import boto3 +from django.conf import settings from django.contrib.auth import get_user_model from rest_framework import serializers @@ -168,12 +169,14 @@ def save(self, **kwargs): config, bucket_name = get_client_config(BucketType.FACILITY) s3 = boto3.client("s3", **config) image_location = f"cover_images/{facility.external_id}_cover.{image_extension}" - s3.put_object( - Bucket=bucket_name, - Key=image_location, - Body=image.file, - ACL="public-read", - ) + boto_params = { + "Bucket": bucket_name, + "Key": image_location, + "Body": image.file, + } + if settings.BUCKET_HAS_FINE_ACL: + boto_params["ACL"] = "public-read" + s3.put_object(**boto_params) facility.cover_image_url = image_location facility.save() return facility diff --git a/care/utils/csp/config.py b/care/utils/csp/config.py index dbd145b536..edff720dc9 100644 --- a/care/utils/csp/config.py +++ b/care/utils/csp/config.py @@ -17,6 +17,8 @@ class ClientConfig(TypedDict): class CSProvider(enum.Enum): AWS = "AWS" GCP = "GCP" + DIGITAL_OCEAN = "DIGITAL_OCEAN" + MINIO = "MINIO" DOCKER = "DOCKER" # localstack in docker LOCAL = "LOCAL" # localstack on host @@ -31,9 +33,11 @@ def get_facility_bucket_config(external) -> tuple[ClientConfig, BucketName]: "region_name": settings.FACILITY_S3_REGION, "aws_access_key_id": settings.FACILITY_S3_KEY, "aws_secret_access_key": settings.FACILITY_S3_SECRET, - "endpoint_url": settings.FACILITY_S3_BUCKET_EXTERNAL_ENDPOINT - if external - else settings.FACILITY_S3_BUCKET_ENDPOINT, + "endpoint_url": ( + settings.FACILITY_S3_BUCKET_EXTERNAL_ENDPOINT + if external + else settings.FACILITY_S3_BUCKET_ENDPOINT + ), }, settings.FACILITY_S3_BUCKET @@ -42,9 +46,11 @@ def get_patient_bucket_config(external) -> tuple[ClientConfig, BucketName]: "region_name": settings.FILE_UPLOAD_REGION, "aws_access_key_id": settings.FILE_UPLOAD_KEY, "aws_secret_access_key": settings.FILE_UPLOAD_SECRET, - "endpoint_url": settings.FILE_UPLOAD_BUCKET_EXTERNAL_ENDPOINT - if external - else settings.FILE_UPLOAD_BUCKET_ENDPOINT, + "endpoint_url": ( + settings.FILE_UPLOAD_BUCKET_EXTERNAL_ENDPOINT + if external + else settings.FILE_UPLOAD_BUCKET_ENDPOINT + ), }, settings.FILE_UPLOAD_BUCKET diff --git a/config/settings/base.py b/config/settings/base.py index 551f9d1319..8e67190fe9 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -511,6 +511,7 @@ BUCKET_SECRET = env("BUCKET_SECRET", default="") BUCKET_ENDPOINT = env("BUCKET_ENDPOINT", default="") BUCKET_EXTERNAL_ENDPOINT = env("BUCKET_EXTERNAL_ENDPOINT", default=BUCKET_ENDPOINT) +BUCKET_HAS_FINE_ACL = env.bool("BUCKET_HAS_FINE_ACL", default=False) if BUCKET_PROVIDER not in csp_config.CSProvider.__members__: print(f"Warning Invalid CSP Found! {BUCKET_PROVIDER}")