From f026c7cee1dff3fe577a0d37bd153ecf5c1f8295 Mon Sep 17 00:00:00 2001 From: Zac Date: Tue, 13 Jun 2023 14:48:44 -0500 Subject: [PATCH] Apply suggestions from code review Co-authored-by: Slavi Pantaleev --- roles/custom/matrix-synapse/defaults/main.yml | 3 ++- .../tasks/ext/s3-storage-provider/validate_config.yml | 4 ++-- .../templates/synapse/ext/s3-storage-provider/env.j2 | 2 +- .../ext/s3-storage-provider/media_storage_provider.yaml.j2 | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index fa09d83f7..88ef768e9 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -885,7 +885,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: '' matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: '' matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: '' matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: '' -# Enable this to use EC2 instance profile metadata to grab IAM credentials instead of passing credentials directly. +# Enable this to use EC2 instance profile metadata to grab IAM credentials instead of passing credentials directly +# via matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id and matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile: false matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: false matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: '' diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml index 78b02f387..406f186dc 100644 --- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml @@ -9,11 +9,11 @@ - "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name" - "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url" -- name: Fail if required s3-storage-provider auth settings not defined +- name: Fail if required s3-storage-provider auth settings not defined when not using an EC2 profile ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) for using s3-storage-provider. - when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile|default(false)|bool and vars[item] == ''" + when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile | bool and vars[item] == ''" with_items: - "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id" - "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key" diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 index c5e896032..227fd89e4 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 @@ -1,4 +1,4 @@ -{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile|default(false)|bool %} +{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile | bool %} AWS_ACCESS_KEY_ID={{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id }} AWS_SECRET_ACCESS_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key }} {% endif %} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 index 32c8a0d17..97387e55c 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -6,7 +6,7 @@ config: bucket: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket | to_json }} region_name: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name | to_json }} endpoint_url: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url | to_json }} -{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile|default(false)|bool %} +{% if not matrix_synapse_ext_synapse_s3_storage_provider_config_ec2_instance_profile | bool %} access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }} secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} {% endif %}