forked from github/plane
dev: update bucket script to make the bucket public (#2767)
* dev: update bucket script to make the bucket public * dev: remove auto bucket script from docker compose
This commit is contained in:
parent
fc51ffc589
commit
7b965179d8
@ -1,5 +1,6 @@
|
|||||||
import os, sys
|
import os, sys
|
||||||
import boto3
|
import boto3
|
||||||
|
import json
|
||||||
from botocore.exceptions import ClientError
|
from botocore.exceptions import ClientError
|
||||||
|
|
||||||
|
|
||||||
@ -10,6 +11,28 @@ import django
|
|||||||
|
|
||||||
django.setup()
|
django.setup()
|
||||||
|
|
||||||
|
def set_bucket_public_policy(s3_client, bucket_name):
|
||||||
|
public_policy = {
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": "*",
|
||||||
|
"Action": ["s3:GetObject"],
|
||||||
|
"Resource": [f"arn:aws:s3:::{bucket_name}/*"]
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
|
||||||
|
try:
|
||||||
|
s3_client.put_bucket_policy(
|
||||||
|
Bucket=bucket_name,
|
||||||
|
Policy=json.dumps(public_policy)
|
||||||
|
)
|
||||||
|
print(f"Public read access policy set for bucket '{bucket_name}'.")
|
||||||
|
except ClientError as e:
|
||||||
|
print(f"Error setting public read access policy: {e}")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def create_bucket():
|
def create_bucket():
|
||||||
try:
|
try:
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
@ -31,6 +54,8 @@ def create_bucket():
|
|||||||
|
|
||||||
# If head_bucket does not raise an exception, the bucket exists
|
# If head_bucket does not raise an exception, the bucket exists
|
||||||
print(f"Bucket '{bucket_name}' already exists.")
|
print(f"Bucket '{bucket_name}' already exists.")
|
||||||
|
|
||||||
|
set_bucket_public_policy(s3_client, bucket_name)
|
||||||
|
|
||||||
except ClientError as e:
|
except ClientError as e:
|
||||||
error_code = int(e.response['Error']['Code'])
|
error_code = int(e.response['Error']['Code'])
|
||||||
@ -41,6 +66,7 @@ def create_bucket():
|
|||||||
try:
|
try:
|
||||||
s3_client.create_bucket(Bucket=bucket_name)
|
s3_client.create_bucket(Bucket=bucket_name)
|
||||||
print(f"Bucket '{bucket_name}' created successfully.")
|
print(f"Bucket '{bucket_name}' created successfully.")
|
||||||
|
set_bucket_public_policy(s3_client, bucket_name)
|
||||||
except ClientError as create_error:
|
except ClientError as create_error:
|
||||||
print(f"Failed to create bucket: {create_error}")
|
print(f"Failed to create bucket: {create_error}")
|
||||||
elif error_code == 403:
|
elif error_code == 403:
|
||||||
|
@ -144,14 +144,6 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- uploads:/export
|
- uploads:/export
|
||||||
|
|
||||||
createbuckets:
|
|
||||||
<<: *app-env
|
|
||||||
image: minio/mc
|
|
||||||
entrypoint: >
|
|
||||||
/bin/sh -c " /usr/bin/mc config host add plane-minio http://plane-minio:9000 \$AWS_ACCESS_KEY_ID \$AWS_SECRET_ACCESS_KEY; /usr/bin/mc mb plane-minio/\$AWS_S3_BUCKET_NAME; /usr/bin/mc anonymous set download plane-minio/\$AWS_S3_BUCKET_NAME; exit 0; "
|
|
||||||
depends_on:
|
|
||||||
- plane-minio
|
|
||||||
|
|
||||||
# Comment this if you already have a reverse proxy running
|
# Comment this if you already have a reverse proxy running
|
||||||
proxy:
|
proxy:
|
||||||
<<: *app-env
|
<<: *app-env
|
||||||
|
@ -35,17 +35,6 @@ services:
|
|||||||
MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID}
|
MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID}
|
||||||
MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY}
|
MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY}
|
||||||
|
|
||||||
createbuckets:
|
|
||||||
image: minio/mc
|
|
||||||
networks:
|
|
||||||
- dev_env
|
|
||||||
entrypoint: >
|
|
||||||
/bin/sh -c " /usr/bin/mc config host add plane-minio http://plane-minio:9000 \$AWS_ACCESS_KEY_ID \$AWS_SECRET_ACCESS_KEY; /usr/bin/mc mb plane-minio/\$AWS_S3_BUCKET_NAME; /usr/bin/mc anonymous set download plane-minio/\$AWS_S3_BUCKET_NAME; exit 0; "
|
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
depends_on:
|
|
||||||
- plane-minio
|
|
||||||
|
|
||||||
plane-db:
|
plane-db:
|
||||||
container_name: plane-db
|
container_name: plane-db
|
||||||
image: postgres:15.2-alpine
|
image: postgres:15.2-alpine
|
||||||
|
@ -108,15 +108,6 @@ services:
|
|||||||
MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID}
|
MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID}
|
||||||
MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY}
|
MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY}
|
||||||
|
|
||||||
createbuckets:
|
|
||||||
image: minio/mc
|
|
||||||
entrypoint: >
|
|
||||||
/bin/sh -c " /usr/bin/mc config host add plane-minio http://plane-minio:9000 \$AWS_ACCESS_KEY_ID \$AWS_SECRET_ACCESS_KEY; /usr/bin/mc mb plane-minio/\$AWS_S3_BUCKET_NAME; /usr/bin/mc anonymous set download plane-minio/\$AWS_S3_BUCKET_NAME; exit 0; "
|
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
depends_on:
|
|
||||||
- plane-minio
|
|
||||||
|
|
||||||
# Comment this if you already have a reverse proxy running
|
# Comment this if you already have a reverse proxy running
|
||||||
proxy:
|
proxy:
|
||||||
container_name: proxy
|
container_name: proxy
|
||||||
|
Loading…
Reference in New Issue
Block a user