From 74c0bc54a8a118987f1a8c28882885fb771f2906 Mon Sep 17 00:00:00 2001 From: Florian Haas Date: Wed, 2 Oct 2024 09:12:49 +0200 Subject: [PATCH 1/2] feat: Introduce S3_DEFAULT_ACL Introduce a new configuration option, S3_DEFAULT_ACL, defaulting to None. When set, this populates the AWS_DEFAULT_ACL option for the S3Storage backend. Reference: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings --- CHANGELOG.md | 4 ++++ README.md | 5 +++++ tutors3/patches/openedx-common-settings | 2 +- tutors3/plugin.py | 1 + 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2753e3..c7225f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## Unreleased + +* [Enhancement] Introduce `S3_DEFAULT_ACL` configuration option. + ## Version 1.5.0 (2024-08-08) * [Enhancement] Support Tutor 18 and Open edX Redwood. diff --git a/README.md b/README.md index e3069c4..adc16fb 100644 --- a/README.md +++ b/README.md @@ -62,11 +62,16 @@ Plugin configuration * `S3_SIGNATURE_VERSION` (default: `"s3v4"`) * `S3_CUSTOM_DOMAIN` (default: `""`) - do not set if you are using AWS S3 * `S3_PROFILE_IMAGE_CUSTOM_DOMAIN` (default: `""`) +* `S3_DEFAULT_ACL` (default: `None`[^null], meaning inherit from the parent bucket and fall back to the S3 provider's default canned ACL[^private] if unset) These values can be modified by the `tutor config save --set PARAM_NAME=VALUE` command, or by setting them in `$(tutor config printroot)/config.yaml`. +[^null]: If you want to explicitly set a value to None in `config.yaml`, use `!!null`. + +[^private]: In AWS S3, the default ACL is `private`. + Depending on the nature and configuration of your S3-compatible service, some of these values may be required to set. diff --git a/tutors3/patches/openedx-common-settings b/tutors3/patches/openedx-common-settings index 4c7c49c..86336e8 100644 --- a/tutors3/patches/openedx-common-settings +++ b/tutors3/patches/openedx-common-settings @@ -15,7 +15,7 @@ AWS_S3_ENDPOINT_URL = "{{ "https" if S3_USE_SSL else "http" }}://{{ S3_HOST }}{% AWS_S3_USE_SSL = {{ "True" if S3_USE_SSL else "False" }} AWS_S3_SECURE_URLS = {{ "True" if S3_USE_SSL else "False" }} -AWS_DEFAULT_ACL = None # inherit from the bucket +AWS_DEFAULT_ACL = {% if S3_DEFAULT_ACL %}"{{ S3_DEFAULT_ACL }}"{% else %}None{% endif %} AWS_S3_ADDRESSING_STYLE = "{{ S3_ADDRESSING_STYLE }}" AWS_AUTO_CREATE_BUCKET = False diff --git a/tutors3/plugin.py b/tutors3/plugin.py index 3624395..a66e3a6 100644 --- a/tutors3/plugin.py +++ b/tutors3/plugin.py @@ -28,6 +28,7 @@ "ADDRESSING_STYLE": "auto", "SIGNATURE_VERSION": "s3v4", "CUSTOM_DOMAIN": "", + "DEFAULT_ACL": None, }, } From 3e751a08a0ab38f5c5f523f245c75643a98f8fe4 Mon Sep 17 00:00:00 2001 From: Florian Haas Date: Wed, 2 Oct 2024 09:19:06 +0200 Subject: [PATCH 2/2] docs: Minor fixes to the README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Replace references to config.yaml with the correct filename, config.yml * Replace - with — as appropriate * Fix formatting on reference to Ceph rgw_dns_name option --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index adc16fb..9c5a003 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,8 @@ Plugin configuration * `OPENEDX_AWS_ACCESS_KEY` (default: `""`) * `OPENEDX_AWS_SECRET_ACCESS_KEY` (default: `""`) -* `S3_HOST` (default: `""`) - set only if using any other service than AWS S3 -* `S3_PORT` (default: `""`) - set only if using any other service than AWS S3 +* `S3_HOST` (default: `""`) — set only if using any other service than AWS S3 +* `S3_PORT` (default: `""`) — set only if using any other service than AWS S3 * `S3_REGION` (default: `""`) * `S3_USE_SSL` (default: `true`) * `S3_STORAGE_BUCKET` (default: `"openedx"`) @@ -60,15 +60,15 @@ Plugin configuration * `S3_GRADE_BUCKET` (default: `"{{ S3_STORAGE_BUCKET }}"`) * `S3_ADDRESSING_STYLE` (default: `"auto"`) * `S3_SIGNATURE_VERSION` (default: `"s3v4"`) -* `S3_CUSTOM_DOMAIN` (default: `""`) - do not set if you are using AWS S3 +* `S3_CUSTOM_DOMAIN` (default: `""`) — do not set if you are using AWS S3 * `S3_PROFILE_IMAGE_CUSTOM_DOMAIN` (default: `""`) * `S3_DEFAULT_ACL` (default: `None`[^null], meaning inherit from the parent bucket and fall back to the S3 provider's default canned ACL[^private] if unset) These values can be modified by the `tutor config save --set PARAM_NAME=VALUE` command, or by setting them in `$(tutor config -printroot)/config.yaml`. +printroot)/config.yml`. -[^null]: If you want to explicitly set a value to None in `config.yaml`, use `!!null`. +[^null]: If you want to explicitly set a value to None in `config.yml`, use `!!null`. [^private]: In AWS S3, the default ACL is `private`. @@ -81,7 +81,7 @@ service, some of these values may be required to set. * If you want to use an alternative S3-compatible service, you need to set the `S3_HOST` and `S3_PORT` parameters. * For a Ceph Object Gateway that doesn’t set - [rgw_dns_name](https://docs.ceph.com/en/latest/radosgw/config-ref/#confval-rgw_dns_name), + [`rgw_dns_name`](https://docs.ceph.com/en/latest/radosgw/config-ref/#confval-rgw_dns_name), you will need `S3_ADDRESSING_STYLE: path`. * Due to limitations in Open edX, if you are using `s3v4` signatures, your `S3_PROFILE_IMAGE_BUCKET` must have a public ACL and you must set