SFR-2430: Set flags based on limited access permissions #494
Conversation
| @@ -26,9 +26,10 @@ def __init__(self): | |||
| self.s3_manager.createS3Client() | |||
| self.title_prefix = 'titles/publisher_backlist' | |||
| self.file_bucket = os.environ['FILE_BUCKET'] | |||
|
|
|||
| self.limited_file_bucket = self.build_limited_bucket(self.file_bucket) | |||
There was a problem hiding this comment.
what are your thoughts on just using the environment config variable?
f"drb-files-limited-${os.environment.get('ENVIRONMENT', 'qa')}"
There was a problem hiding this comment.
I think that works fine, but I was (I guess arbitrarily) trying to avoid it because it felt like hard-coding the variable - like, why have os.environ['FILE_BUCKET'] if the limited bucket is just going to be concatenated from a string - but maybe it's not worth worrying about.
There was a problem hiding this comment.
It also looks like Amazon has changed their pricing structure such that revealing bucket names is no longer a DDOS vector via 400-level errors, so I am less concerned about the bucket names being publicly discoverable: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ErrorCodeBilling.html
Building the "limited" bucket names: This is pretty ugly. I wish that I had proposed the convention "drb-files-qa-limited" or "drb-files-production-limited" instead of "drb-files-limited-qa" etc. I think it would be much clearer to just build the bucket name by concatenating "limited" to the end, and this function assumes a particular naming convention anyway (an environment preceded by a hyphen on the end of the bucket name). I wonder if it's worth renaming the new buckets so that the convention is clearer and consistent; if we named them with "-limited" on the end it's something we could stick with even if we moved to a different storage provider.