Merge pull request #2511 from windhamg/s3_iam_role
support for EC2 IAM roles with Amazon S3 file store/backup
This commit is contained in:
commit
e1191a5fcf
|
@ -134,8 +134,10 @@ class AdminDashboardData
|
|||
end
|
||||
|
||||
def s3_config_check
|
||||
return I18n.t('dashboard.s3_config_warning') if SiteSetting.enable_s3_uploads and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank? or SiteSetting.s3_upload_bucket.blank?)
|
||||
return I18n.t('dashboard.s3_backup_config_warning') if SiteSetting.enable_s3_backups and (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank? or SiteSetting.s3_backup_bucket.blank?)
|
||||
bad_keys = (SiteSetting.s3_access_key_id.blank? or SiteSetting.s3_secret_access_key.blank?) and !SiteSetting.s3_use_iam_profile
|
||||
|
||||
return I18n.t('dashboard.s3_config_warning') if SiteSetting.enable_s3_uploads and (bad_keys or SiteSetting.s3_upload_bucket.blank?)
|
||||
return I18n.t('dashboard.s3_backup_config_warning') if SiteSetting.enable_s3_backups and (bad_keys or SiteSetting.s3_backup_bucket.blank?)
|
||||
nil
|
||||
end
|
||||
|
||||
|
|
|
@ -73,18 +73,24 @@ class Backup
|
|||
private
|
||||
|
||||
def s3_options
|
||||
{
|
||||
options = {
|
||||
provider: 'AWS',
|
||||
aws_access_key_id: SiteSetting.s3_access_key_id,
|
||||
aws_secret_access_key: SiteSetting.s3_secret_access_key,
|
||||
region: SiteSetting.s3_region.blank? ? "us-east-1" : SiteSetting.s3_region,
|
||||
}
|
||||
if (SiteSetting.s3_use_iam_profile.present?)
|
||||
options.merge!(:use_iam_profile => true)
|
||||
else
|
||||
options.merge!(:aws_access_key_id => SiteSetting.s3_access_key_id,
|
||||
:aws_secret_access_key => SiteSetting.s3_secret_access_key)
|
||||
end
|
||||
options
|
||||
end
|
||||
|
||||
def fog
|
||||
return @fog if @fog
|
||||
return unless SiteSetting.s3_access_key_id.present? &&
|
||||
SiteSetting.s3_secret_access_key.present? &&
|
||||
return unless ((SiteSetting.s3_access_key_id.present? &&
|
||||
SiteSetting.s3_secret_access_key.present?) ||
|
||||
SiteSetting.s3_use_iam_profile.present?) &&
|
||||
SiteSetting.s3_backup_bucket.present?
|
||||
require 'fog'
|
||||
@fog = Fog::Storage.new(s3_options)
|
||||
|
|
|
@ -821,6 +821,7 @@ en:
|
|||
purge_deleted_uploads_grace_period_days: "Grace period (in days) before a deleted upload is erased."
|
||||
purge_inactive_users_grace_period_days: "Grace period (in days) before an inactive user is deleted."
|
||||
enable_s3_uploads: "Place uploads on Amazon S3 storage."
|
||||
s3_use_iam_profile: 'Use AWS EC2 IAM role to retrieve keys. NOTE: enabling will override "s3 access key id" and "s3 secret access key" settings.'
|
||||
s3_upload_bucket: "The Amazon S3 bucket name that files will be uploaded into. WARNING: must be lowercase, no periods."
|
||||
s3_access_key_id: "The Amazon S3 access key id that will be used to upload images."
|
||||
s3_secret_access_key: "The Amazon S3 secret access key that will be used to upload images."
|
||||
|
|
|
@ -428,6 +428,7 @@ files:
|
|||
clean_orphan_uploads_grace_period_hours: 1
|
||||
purge_deleted_uploads_grace_period_days: 30
|
||||
enable_s3_uploads: false
|
||||
s3_use_iam_profile: false
|
||||
s3_access_key_id: ''
|
||||
s3_secret_access_key: ''
|
||||
s3_region:
|
||||
|
|
|
@ -98,20 +98,26 @@ module FileStore
|
|||
|
||||
def check_missing_site_settings
|
||||
raise Discourse::SiteSettingMissing.new("s3_upload_bucket") if SiteSetting.s3_upload_bucket.blank?
|
||||
raise Discourse::SiteSettingMissing.new("s3_access_key_id") if SiteSetting.s3_access_key_id.blank?
|
||||
raise Discourse::SiteSettingMissing.new("s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank?
|
||||
unless SiteSetting.s3_use_iam_profile.present?
|
||||
raise Discourse::SiteSettingMissing.new("s3_access_key_id") if SiteSetting.s3_access_key_id.blank?
|
||||
raise Discourse::SiteSettingMissing.new("s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank?
|
||||
end
|
||||
end
|
||||
|
||||
def s3_options
|
||||
options = {
|
||||
provider: 'AWS',
|
||||
aws_access_key_id: SiteSetting.s3_access_key_id,
|
||||
aws_secret_access_key: SiteSetting.s3_secret_access_key,
|
||||
scheme: SiteSetting.scheme,
|
||||
# cf. https://github.com/fog/fog/issues/2381
|
||||
path_style: dns_compatible?(s3_bucket, SiteSetting.use_https?),
|
||||
}
|
||||
options[:region] = SiteSetting.s3_region unless SiteSetting.s3_region.empty?
|
||||
if (SiteSetting.s3_use_iam_profile.present?)
|
||||
options.merge!(:use_iam_profile => true)
|
||||
else
|
||||
options.merge!(:aws_access_key_id => SiteSetting.s3_access_key_id,
|
||||
:aws_secret_access_key => SiteSetting.s3_secret_access_key)
|
||||
end
|
||||
options
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue