fix: Check if AWS S3 bucket is public before generate signed url (M2-8020) #1640
Conversation
|
➡️ Preview environment failed to be destroyed |
|
❌ E2E tests failed |
There was a problem hiding this comment.
I couldn't validate cdn_client.py on the debugger but I review the code and aws bucket policies and the code seems correct. I also used test_presign_answer_url test to review the code but it requires to match legacy_file_url_pattern. After this requirement we need to pass a couple of validations that looked correct and then configure the client and _generate_public_url. After this I couldn't look further as I needed to setup an S3 bucket with the required settings and policies. I'm trying to setup S3 but as I said the code inside cdn_client.py it's accurate.
There was a problem hiding this comment.
I tested this by pointing a local Admin Panel to a local backend (on this branch), pointing to UAT DB, UAT s3 and prod legacy S3 with VPN.
I couldn't find the right set of env vars to successfully fetch both UAT and legacy media files, but was able to get it configured to download the legacy media files successfully. I'm going to assume it's my local configuration vs this implementation if you were able to successfully test it and both UAT and legacy media files were exported @rcmerlo.
📝 Description
AWS S3 is returning http 403 error when signing a public S3 bucket, so this code add a check for publicity of the bucket before generated signed url
🔗 Jira Ticket M2-8020
🪤 Peer Testing
Requires
pipenv sync --dev --system