Create s3 buckets that aren't shared with api

2026-02-05 19:03:30 -05:00 · 2022-09-19 12:33:05 -04:00
parent 271cf7643d
commit b823c2d04f
5 changed files with 57 additions and 8 deletions
--- a/app/cloudfoundry_config.py
+++ b/app/cloudfoundry_config.py
@@ -16,13 +16,25 @@ def extract_cloudfoundry_config():
    os.environ['REDIS_URL'] = vcap_services['aws-elasticache-redis'][0]['credentials']['uri'].replace('redis', 'rediss')

    # CSV Upload Bucket Name
-    csv_bucket_service = find_by_service_name(
+    bucket_service = find_by_service_name(
        vcap_services['s3'], f"notifications-api-csv-upload-bucket-{os.environ['DEPLOY_ENV']}")
-    if csv_bucket_service:
-        os.environ['CSV_UPLOAD_BUCKET_NAME'] = csv_bucket_service['credentials']['bucket']
+    if bucket_service:
+        os.environ['CSV_UPLOAD_BUCKET_NAME'] = bucket_service['credentials']['bucket']

    # Contact List Bucket Name
-    contact_bucket_service = find_by_service_name(
+    bucket_service = find_by_service_name(
        vcap_services['s3'], f"notifications-api-contact-list-bucket-{os.environ['DEPLOY_ENV']}")
-    if contact_bucket_service:
-        os.environ['CONTACT_LIST_BUCKET_NAME'] = contact_bucket_service['credentials']['bucket']
+    if bucket_service:
+        os.environ['CONTACT_LIST_BUCKET_NAME'] = bucket_service['credentials']['bucket']
+
+    # Logo Upload Bucket Name
+    bucket_service = find_by_service_name(
+        vcap_services['s3'], f"notifications-admin-logo-upload-bucket-{os.environ['DEPLOY_ENV']}")
+    if bucket_service:
+        os.environ['LOGO_UPLOAD_BUCKET_NAME'] = bucket_service['credentials']['bucket']
+
+    # MOU Upload Bucket Name
+    bucket_service = find_by_service_name(
+        vcap_services['s3'], f"notifications-admin-mou-upload-bucket-{os.environ['DEPLOY_ENV']}")
+    if bucket_service:
+        os.environ['MOU_UPLOAD_BUCKET_NAME'] = bucket_service['credentials']['bucket']
--- a/app/config.py
+++ b/app/config.py
@@ -204,8 +204,9 @@ class Live(Config):
        'CSV_UPLOAD_BUCKET_NAME', 'notifications-prototype-csv-upload')  # created in gsa sandbox
    CONTACT_LIST_UPLOAD_BUCKET_NAME = os.environ.get(
        'CONTACT_LIST_BUCKET_NAME', 'notifications-prototype-contact-list-upload')  # created in gsa sandbox
-    LOGO_UPLOAD_BUCKET_NAME = 'notifications-prototype-logo-upload'  # created in gsa sandbox
-    MOU_BUCKET_NAME = 'notifications-prototype-mou'  # created in gsa sandbox
+    LOGO_UPLOAD_BUCKET_NAME = os.environ.get(
+        'LOGO_UPLOAD_BUCKET_NAME', 'notifications-prototype-logo-upload')  # created in gsa sandbox
+    MOU_BUCKET_NAME = os.environ.get('MOU_UPLOAD_BUCKET_NAME', 'notifications-prototype-mou')  # created in gsa sandbox
    # TRANSIENT_UPLOADED_LETTERS = 'prototype-transient-uploaded-letters'  # not created in gsa sandbox
    # PRECOMPILED_ORIGINALS_BACKUP_LETTERS = 'prototype-letters-precompiled-originals-backup'  # not in sandbox

--- a/manifest.yml
+++ b/manifest.yml
@@ -16,6 +16,8 @@ applications:
      - notifications-admin-redis-((env))
      - notifications-api-csv-upload-bucket-((env))
      - notifications-api-contact-list-bucket-((env))
+      - notifications-admin-logo-upload-bucket-((env))
+      - notifications-admin-mou-upload-bucket-((env))

    env:
      NOTIFY_APP_NAME: admin
@@ -23,6 +25,7 @@ applications:
      NOTIFY_LOG_LEVEL: INFO
      FLASK_APP: application.py
      FLASK_ENV: production
+      DEPLOY_ENV: ((env))
      REDIS_ENABLED: ((REDIS_ENABLED))

      NOTIFY_ENVIRONMENT: live
--- a/terraform/production/main.tf
+++ b/terraform/production/main.tf
@@ -19,6 +19,17 @@ module "redis" {
  redis_plan_name  = "TKTK-production-redis-plan"
 }

+module "logo_upload_bucket" {
+  source = "github.com/18f/terraform-cloudgov//s3"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  s3_service_name  = "${local.app_name}-logo-upload-bucket-${local.env}"
+}
+
 ###########################################################################
 # The following lines need to be commented out for the initial `terraform apply`
 # It can be re-enabled after:
--- a/terraform/staging/main.tf
+++ b/terraform/staging/main.tf
@@ -18,3 +18,25 @@ module "redis" {
  recursive_delete = local.recursive_delete
  redis_plan_name  = "redis-dev"
 }
+
+module "logo_upload_bucket" {
+  source = "github.com/18f/terraform-cloudgov//s3"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  s3_service_name  = "${local.app_name}-logo-upload-bucket-${local.env}"
+}
+
+module "mou_upload_bucket" {
+  source = "github.com/18f/terraform-cloudgov//s3"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  s3_service_name  = "${local.app_name}-mou-upload-bucket-${local.env}"
+}