[Issue #3094] Use CDN URLs for attachments instead of S3 URLs #3659
Conversation
| def test_get_opportunity_returns_cdn_urls( | ||
| client, api_auth_token, monkeypatch_session, enable_factory_create, db_session, mock_s3_bucket | ||
| ): | ||
| monkeypatch_session.setenv("CDN_URL", "https://cdn.example.com") |
There was a problem hiding this comment.
Could we set this in some autouse conftest value? Otherwise we'll need to set it for every API test with attachments. Fine to override it here.
Also we should set CDN_URL in local.env to be localhost:4566 and test that this works locally as well?
There was a problem hiding this comment.
Tried this locally and receive:
This would be the correct path is <s3_path> was replaced with <cdn_path>
There was a problem hiding this comment.
If you go to that path, does the file download work? I think for local, it also needs the bucket name (ie. CDN_URL should include the bucket for our local dev purposes).
There was a problem hiding this comment.
I added the bucket name to CDN_URL in local.env and it works. Checking that in shortly.
mikehgrantsgov
requested review from
mdragon,
acouch,
coilysiren and
widal001
as code owners
|
|
||
| class AttachmentConfig(PydanticBaseEnvConfig): | ||
| # If the CDN URL is set, we'll use it instead of pre-signing the file locations | ||
| cdn_url: str | None = None |
There was a problem hiding this comment.
This doesn't need to be in capslock?
There was a problem hiding this comment.
Pydantic will look for CDN_URL as an env var. We sometimes also give values an alias if we want a cleaner python name, but doesn't matter too much here.
api/src/util/file_util.py
Outdated
| if not is_s3_path(file_path): | ||
| raise ValueError(f"Expected s3:// path, got: {file_path}") | ||
|
|
||
| return file_path.replace(os.environ["PUBLIC_FILES_BUCKET"], cdn_url) |
There was a problem hiding this comment.
Have you testing that this URL is exactly right?
There was a problem hiding this comment.
Yes we added tests to cover a few scenarios: https://github.com/HHS/simpler-grants-gov/pull/3659/files#diff-e284f21c2216feb0f0612d0cbed5d770d98a4fccb1591714ce50bb9dc47910d0R214
Also the only scenarios where S3 -> CDN replacement happens is explicitly for files in the public files bucket.
|
|
||
| class AttachmentConfig(PydanticBaseEnvConfig): | ||
| # If the CDN URL is set, we'll use it instead of pre-signing the file locations | ||
| cdn_url: str | None = None |
There was a problem hiding this comment.
Pydantic will look for CDN_URL as an env var. We sometimes also give values an alias if we want a cleaner python name, but doesn't matter too much here.
| else: | ||
| pre_sign_opportunity_file_location(opportunity.opportunity_attachments) |
There was a problem hiding this comment.
I'm not sure there will be a case where it's not set once we merge this. (NOTE - we should first verify with @coilysiren that the CDN is fully working before we merge this - I think it's still in progress)
api/src/util/file_util.py
Outdated
| if not is_s3_path(file_path): | ||
| raise ValueError(f"Expected s3:// path, got: {file_path}") | ||
|
|
||
| return file_path.replace(os.environ["PUBLIC_FILES_BUCKET"], cdn_url) |
There was a problem hiding this comment.
Can you use the s3 config for this instead of the os module? Just so we only define the env vars in a single place
| def test_get_opportunity_returns_cdn_urls( | ||
| client, api_auth_token, monkeypatch_session, enable_factory_create, db_session, mock_s3_bucket | ||
| ): | ||
| monkeypatch_session.setenv("CDN_URL", "https://cdn.example.com") |
There was a problem hiding this comment.
If you go to that path, does the file download work? I think for local, it also needs the bucket name (ie. CDN_URL should include the bucket for our local dev purposes).
|
@mikehgrantsgov - FYI - the change looks good, but holding approval until we can confirm the CDN itself is actually working. |
mdragon
changed the title
There was a problem hiding this comment.
LGTM - I think we're safe to merge this now.
After this is deployed, can you check that dev is using the CDN URL instead of presigned URLs?
Here's an opportunity with two attachments already on it: http://frontend-dev-1739892538.us-east-1.elb.amazonaws.com/opportunity/70111
mikehgrantsgov
deleted the
mikehgrantsgov/3094-use-cdn-urls-for-attachments
branch
## Summary Fixes #3094 ### Time to review: 10 mins ## Changes proposed Branch logic for attachment URLs whether CDN_URL is set or not. If set, use CDN_URL to replace s3://<foo>/<path_to_file> ## Context for reviewers Instead of changing actual values in the DB, evaluate at run-time if the CDN_URL is set and use that value instead of presigning S3 URLS. ## Additional information One thing to figure out: `AttachmentConfig` relies on *.env files being set, but doesn't appear to work when setting ENV vars via Monkeypatch.
Summary
Fixes #3094
Time to review: 10 mins
Changes proposed
Branch logic for attachment URLs whether CDN_URL is set or not. If set, use CDN_URL to replace s3:///<path_to_file>
Context for reviewers
Instead of changing actual values in the DB, evaluate at run-time if the CDN_URL is set and use that value instead of presigning S3 URLS.
Additional information
One thing to figure out:
AttachmentConfigrelies on *.env files being set, but doesn't appear to work when setting ENV vars via Monkeypatch.