Refactor S3 client initialization to streamline configuration and add public read policy setup; improve error handling for bucket policy application
All checks were successful
CI - Build and Push / Build and Push Docker Image (push) Successful in 53s
All checks were successful
CI - Build and Push / Build and Push Docker Image (push) Successful in 53s
This commit is contained in:
@@ -49,12 +49,7 @@ func initDatabase(dbConfig config.DatabaseConfig) *sql.DB {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func initS3Client(s3Config config.S3Config) *s3.Client {
|
func initS3Client(s3Config config.S3Config) *s3.Client {
|
||||||
var cfg aws.Config
|
cfg, err := awsconfig.LoadDefaultConfig(context.Background(),
|
||||||
var err error
|
|
||||||
|
|
||||||
if s3Config.Endpoint != "" {
|
|
||||||
// Custom endpoint (e.g., MinIO)
|
|
||||||
cfg, err = awsconfig.LoadDefaultConfig(context.Background(),
|
|
||||||
awsconfig.WithRegion(s3Config.Region),
|
awsconfig.WithRegion(s3Config.Region),
|
||||||
awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
|
awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
|
||||||
s3Config.AccessKeyID,
|
s3Config.AccessKeyID,
|
||||||
@@ -65,24 +60,38 @@ func initS3Client(s3Config config.S3Config) *s3.Client {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
return s3.NewFromConfig(cfg, func(o *s3.Options) {
|
|
||||||
|
client := s3.NewFromConfig(cfg, func(o *s3.Options) {
|
||||||
o.BaseEndpoint = aws.String(s3Config.Endpoint)
|
o.BaseEndpoint = aws.String(s3Config.Endpoint)
|
||||||
o.UsePathStyle = true
|
o.UsePathStyle = true
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// Set bucket policy for public read access
|
||||||
|
setBucketPublicReadPolicy(client, s3Config.Bucket)
|
||||||
|
|
||||||
|
return client
|
||||||
}
|
}
|
||||||
|
|
||||||
// Standard AWS S3
|
func setBucketPublicReadPolicy(client *s3.Client, bucket string) {
|
||||||
cfg, err = awsconfig.LoadDefaultConfig(context.Background(),
|
policy := `{
|
||||||
awsconfig.WithRegion(s3Config.Region),
|
"Version": "2012-10-17",
|
||||||
awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
|
"Statement": [
|
||||||
s3Config.AccessKeyID,
|
{
|
||||||
s3Config.SecretAccessKey,
|
"Effect": "Allow",
|
||||||
"",
|
"Principal": "*",
|
||||||
)),
|
"Action": "s3:GetObject",
|
||||||
)
|
"Resource": "arn:aws:s3:::` + bucket + `/*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}`
|
||||||
|
|
||||||
|
_, err := client.PutBucketPolicy(context.Background(), &s3.PutBucketPolicyInput{
|
||||||
|
Bucket: aws.String(bucket),
|
||||||
|
Policy: aws.String(policy),
|
||||||
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
// Log error but don't panic - bucket might already have the policy
|
||||||
|
// or the user might not have permission to set policies
|
||||||
|
println("Warning: Failed to set bucket policy:", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
return s3.NewFromConfig(cfg)
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user