Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Signed, Secure and Expiring URLs with CloudFront/S3 #138

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Support Signed, Secure and Expiring URLs with CloudFront/S3 #138

wants to merge 6 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Jan 23, 2013

This pull request is mainly a solution to Issue #133. By default instantiation, S3BotoStorage automatically sets parameters so that files getting placed on S3/CloudFront require SSL, be signed by account that uploads them and sets an expiration of 3600 seconds.

This obviously was a problem for us and @yusufhm as we use this in conjunction with the CDN module on Drupal. I have made attempts to make this as clean as possible but my python experience is extremely limited. The following configuration options are available for the S3 and CloudFront transports:

Cloudfront:

  <servers>
    <server name="cloudfront example" transporter="cf">
      <bucket_name>mybucket</bucket_name>
      <access_key_id>myaccesskey</access_key_id>
      <secret_access_key>mysecretaccesskey</secret_access_key>
      <distro_domain_name>CNAME or cloudfront.net address</distro_domain_name>
      <!-- only required if not using *.cloudfront.net in distro_domain_name -->
     <secure_distro_domain_name>example.cloudfront.net<secure_distro_domain>
      <use_signed_urls>false</use_signed_urls>
      <use_secure_urls>false</use_secure_urls>
      <!-- expiration is stored in seconds -->
      <set_url_expiration>0</set_url_expiration>
    </server>
  </servers>

S3:

  <servers>
    <server name="s3 example" transporter="s3">
      <bucket_name>mybucket</bucket_name>
      <access_key_id>myaccesskey</access_key_id>
      <secret_access_key>mysecretaccesskey</secret_access_key>
      <use_signed_urls>false</use_signed_urls>
      <use_secure_urls>false</use_secure_urls>
      <!-- expiration is stored in seconds -->
      <set_url_expiration>0</set_url_expiration>
    </server>
  </servers>

Let me know what you think, I'm sure it probably needs some polishing but I wanted to do what I could to help out.

Add the ability for file conveyor to properly handle secure urls, sig…
0935df7 
…ned urls and expiring urls from CloudFront/S3 properly.
@yusufhm
Copy link

yusufhm commented Jan 24, 2013

Man, that's great! I'll test it later tonight and let you know how it goes!

@ghost
Copy link
Author

ghost commented Jan 24, 2013

Yeah let me know if you have any problems, we're already using it in a production environment and it seems to work without a hitch so far.

Alan Brault and others added 5 commits January 24, 2013 11:17
Forgot to tell alter_url about the new use_secure_urls logic
ffdec36
@yusufhm
Update fileconveyor/transporters/transporter_cf.py
6f1d1a2 
I had to call TransporterS3's __init__(), otherwise I got an error of settings not existing..
Merge pull request #1 from yusufhm/patch-1
00fb54a 
Update fileconveyor/transporters/transporter_cf.py

Strange, but glad you found it.
@yusufhm
Update fileconveyor/transporters/transporter_s3.py
32f737e 
I had to comment out the url_protocol argument due to which the call to S3BotoStorage failed, saying it did not recognize that argument.
Merge pull request #2 from yusufhm/patch-2
6a2e7c2 
Update fileconveyor/transporters/transporter_s3.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yusufhm