From 15511411bd7b026bf919fd179bacb7a5b1f6b82d Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Wed, 14 Jun 2023 12:29:46 +0100 Subject: [PATCH] Allow manually specifying credentials for CloudFront frontend cache backend (#10565) --- CHANGELOG.txt | 1 + docs/reference/contrib/frontendcache.md | 16 +++++++++++++++- docs/releases/6.2.md | 1 + .../frontend_cache/backends/cloudfront.py | 8 +++++++- wagtail/contrib/frontend_cache/tests.py | 12 ++++++++++-- 5 files changed, 34 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index d08efc7ca8..7131cf93a6 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -17,6 +17,7 @@ Changelog * Implement a new design for locale labels in listings (Albina Starykova) * Add alt text validation rule in the accessibility checker (Albina Starykova) * Add a `deactivate()` method to `ProgressController` (Alex Morega) + * Allow manually specifying credentials for CloudFront frontend cache backend (Jake Howard) * Fix: Make `WAGTAILIMAGES_CHOOSER_PAGE_SIZE` setting functional again (Rohit Sharma) * Fix: Enable `richtext` template tag to convert lazy translation values (Benjamin Bach) * Fix: Ensure permission labels on group permissions page are translated where available (Matt Westcott) diff --git a/docs/reference/contrib/frontendcache.md b/docs/reference/contrib/frontendcache.md index fa9462dc2b..9bffc6ed31 100644 --- a/docs/reference/contrib/frontendcache.md +++ b/docs/reference/contrib/frontendcache.md @@ -109,7 +109,7 @@ WAGTAILFRONTENDCACHE = { Previous versions allowed passing a dict for `DISTRIBUTION_ID` to allow specifying different distribution IDs for different hostnames. This is now deprecated; instead, multiple distribution IDs should be defined as [multiple backends](frontendcache_multiple_backends), with a `HOSTNAMES` parameter to define the hostnames associated with each one. ``` -Configuration of credentials can done in multiple ways. You won't need to store them in your Django settings file. You can read more about this here: [Boto 3 Docs](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html). The user will need a policy similar to: +`boto3` will attempt to discover credentials itself. You can read more about this here: [Boto 3 Docs](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html). The user will need a policy similar to: ```json { @@ -125,6 +125,20 @@ Configuration of credentials can done in multiple ways. You won't need to store } ``` +To specify credentials manually, pass them as additional parameters: + +```python +WAGTAILFRONTENDCACHE = { + 'cloudfront': { + 'BACKEND': 'wagtail.contrib.frontend_cache.backends.CloudfrontBackend', + 'DISTRIBUTION_ID': 'your-distribution-id', + 'AWS_ACCESS_KEY_ID': os.environ['FRONTEND_CACHE_AWS_ACCESS_KEY_ID'], + 'AWS_SECRET_ACCESS_KEY': os.environ['FRONTEND_CACHE_AWS_SECRET_ACCESS_KEY'], + 'AWS_SESSION_TOKEN': os.environ['FRONTEND_CACHE_AWS_SESSION_TOKEN'] + }, +} +``` + ### Azure CDN With [Azure CDN](https://azure.microsoft.com/en-gb/products/cdn/) you will need a CDN profile with an endpoint configured. diff --git a/docs/releases/6.2.md b/docs/releases/6.2.md index a78f10e376..0363d955b0 100644 --- a/docs/releases/6.2.md +++ b/docs/releases/6.2.md @@ -31,6 +31,7 @@ This feature was implemented by Albina Starykova, with support from the Wagtail * Adopt more compact representation for StreamField definitions in migrations (Matt Westcott) * Implement a new design for locale labels in listings (Albina Starykova) * Add a `deactivate()` method to `ProgressController` (Alex Morega) + * Allow manually specifying credentials for CloudFront frontend cache backend (Jake Howard) ### Bug fixes diff --git a/wagtail/contrib/frontend_cache/backends/cloudfront.py b/wagtail/contrib/frontend_cache/backends/cloudfront.py index d8308da2e9..57c3ace53d 100644 --- a/wagtail/contrib/frontend_cache/backends/cloudfront.py +++ b/wagtail/contrib/frontend_cache/backends/cloudfront.py @@ -22,7 +22,13 @@ class CloudfrontBackend(BaseBackend): super().__init__(params) - self.client = boto3.client("cloudfront") + self.client = boto3.client( + "cloudfront", + aws_access_key_id=params.get("AWS_ACCESS_KEY_ID"), + aws_secret_access_key=params.get("AWS_SECRET_ACCESS_KEY"), + aws_session_token=params.get("AWS_SESSION_TOKEN"), + ) + try: self.cloudfront_distribution_id = params.pop("DISTRIBUTION_ID") except KeyError: diff --git a/wagtail/contrib/frontend_cache/tests.py b/wagtail/contrib/frontend_cache/tests.py index 4904de734c..541d4796d7 100644 --- a/wagtail/contrib/frontend_cache/tests.py +++ b/wagtail/contrib/frontend_cache/tests.py @@ -5,7 +5,7 @@ import requests from azure.mgmt.cdn import CdnManagementClient from azure.mgmt.frontdoor import FrontDoorManagementClient from django.core.exceptions import ImproperlyConfigured -from django.test import TestCase +from django.test import SimpleTestCase, TestCase from django.test.utils import override_settings from wagtail.contrib.frontend_cache.backends import ( @@ -30,7 +30,7 @@ from .utils import ( ) -class TestBackendConfiguration(TestCase): +class TestBackendConfiguration(SimpleTestCase): def test_default(self): backends = get_backends() @@ -82,6 +82,8 @@ class TestBackendConfiguration(TestCase): "cloudfront": { "BACKEND": "wagtail.contrib.frontend_cache.backends.CloudfrontBackend", "DISTRIBUTION_ID": "frontend", + "AWS_ACCESS_KEY_ID": "my-access-key-id", + "AWS_SECRET_ACCESS_KEY": "my-secret-access-key", }, } ) @@ -91,6 +93,12 @@ class TestBackendConfiguration(TestCase): self.assertEqual(backends["cloudfront"].cloudfront_distribution_id, "frontend") + credentials = backends["cloudfront"].client._request_signer._credentials + + self.assertEqual(credentials.method, "explicit") + self.assertEqual(credentials.access_key, "my-access-key-id") + self.assertEqual(credentials.secret_key, "my-secret-access-key") + def test_azure_cdn(self): backends = get_backends( backend_settings={