diff --git a/apiserver/bin/bucket_script.py b/apiserver/bin/bucket_script.py index cb2d05540..89717d527 100644 --- a/apiserver/bin/bucket_script.py +++ b/apiserver/bin/bucket_script.py @@ -1,5 +1,6 @@ import os, sys import boto3 +import json from botocore.exceptions import ClientError @@ -10,6 +11,28 @@ import django django.setup() +def set_bucket_public_policy(s3_client, bucket_name): + public_policy = { + "Version": "2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Principal": "*", + "Action": ["s3:GetObject"], + "Resource": [f"arn:aws:s3:::{bucket_name}/*"] + }] + } + + try: + s3_client.put_bucket_policy( + Bucket=bucket_name, + Policy=json.dumps(public_policy) + ) + print(f"Public read access policy set for bucket '{bucket_name}'.") + except ClientError as e: + print(f"Error setting public read access policy: {e}") + + + def create_bucket(): try: from django.conf import settings @@ -31,6 +54,8 @@ def create_bucket(): # If head_bucket does not raise an exception, the bucket exists print(f"Bucket '{bucket_name}' already exists.") + + set_bucket_public_policy(s3_client, bucket_name) except ClientError as e: error_code = int(e.response['Error']['Code']) @@ -41,6 +66,7 @@ def create_bucket(): try: s3_client.create_bucket(Bucket=bucket_name) print(f"Bucket '{bucket_name}' created successfully.") + set_bucket_public_policy(s3_client, bucket_name) except ClientError as create_error: print(f"Failed to create bucket: {create_error}") elif error_code == 403: diff --git a/deploy/selfhost/docker-compose.yml b/deploy/selfhost/docker-compose.yml index 70a88d92b..e334a97a2 100644 --- a/deploy/selfhost/docker-compose.yml +++ b/deploy/selfhost/docker-compose.yml @@ -144,14 +144,6 @@ services: volumes: - uploads:/export - createbuckets: - <<: *app-env - image: minio/mc - entrypoint: > - /bin/sh -c " /usr/bin/mc config host add plane-minio http://plane-minio:9000 \$AWS_ACCESS_KEY_ID \$AWS_SECRET_ACCESS_KEY; /usr/bin/mc mb plane-minio/\$AWS_S3_BUCKET_NAME; /usr/bin/mc anonymous set download plane-minio/\$AWS_S3_BUCKET_NAME; exit 0; " - depends_on: - - plane-minio - # Comment this if you already have a reverse proxy running proxy: <<: *app-env diff --git a/docker-compose-local.yml b/docker-compose-local.yml index 4f433e3ac..58cab3776 100644 --- a/docker-compose-local.yml +++ b/docker-compose-local.yml @@ -35,17 +35,6 @@ services: MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID} MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY} - createbuckets: - image: minio/mc - networks: - - dev_env - entrypoint: > - /bin/sh -c " /usr/bin/mc config host add plane-minio http://plane-minio:9000 \$AWS_ACCESS_KEY_ID \$AWS_SECRET_ACCESS_KEY; /usr/bin/mc mb plane-minio/\$AWS_S3_BUCKET_NAME; /usr/bin/mc anonymous set download plane-minio/\$AWS_S3_BUCKET_NAME; exit 0; " - env_file: - - .env - depends_on: - - plane-minio - plane-db: container_name: plane-db image: postgres:15.2-alpine diff --git a/docker-compose.yml b/docker-compose.yml index 0895aa1ae..e39f0d8d2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -108,15 +108,6 @@ services: MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID} MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY} - createbuckets: - image: minio/mc - entrypoint: > - /bin/sh -c " /usr/bin/mc config host add plane-minio http://plane-minio:9000 \$AWS_ACCESS_KEY_ID \$AWS_SECRET_ACCESS_KEY; /usr/bin/mc mb plane-minio/\$AWS_S3_BUCKET_NAME; /usr/bin/mc anonymous set download plane-minio/\$AWS_S3_BUCKET_NAME; exit 0; " - env_file: - - .env - depends_on: - - plane-minio - # Comment this if you already have a reverse proxy running proxy: container_name: proxy