Merge pull request #25519 from edx/dsheraz/PROD-2198

update devstack video upload authentication mechanism

Merge pull request #25519 from edx/dsheraz/PROD-2198
update devstack video upload authentication mechanism
1723da95 · Syed Muhammad Dawoud Sheraz Ali · GitHub · e3bc66fb · 84d2a690 · 1723da95
Unverified Commit 1723da95 authored 4 years ago by Syed Muhammad Dawoud Sheraz Ali Committed by GitHub 4 years ago
--- a/cms/djangoapps/contentstore/views/tests/test_videos.py
+++ b/cms/djangoapps/contentstore/views/tests/test_videos.py
@@ -48,7 +48,6 @@ from ..videos import (
    KEY_EXPIRATION_IN_SECONDS,
    VIDEO_IMAGE_UPLOAD_ENABLED,
    WAFFLE_SWITCHES,
-    AssumeRole,
    StatusDisplayStrings,
    TranscriptProvider,
    _get_default_video_image_url,
@@ -447,16 +446,12 @@ class VideosHandlerTestCase(VideoUploadTestMixin, CourseTestCase):
        response = json.loads(response.content.decode('utf-8'))
        self.assertEqual(response['error'], u'The file name for %s must contain only ASCII characters.' % file_name)

+    @override_settings(AWS_ACCESS_KEY_ID='test_key_id', AWS_SECRET_ACCESS_KEY='test_secret', AWS_SECURITY_TOKEN='token')
    @patch('boto.s3.key.Key')
    @patch('boto.s3.connection.S3Connection')
    @override_flag(waffle_flags()[ENABLE_DEVSTACK_VIDEO_UPLOADS].namespaced_flag_name, active=True)
-    def test_assume_role_connection(self, mock_conn, mock_key):
+    def test_devstack_upload_connection(self, mock_conn, mock_key):
        files = [{'file_name': 'first.mp4', 'content_type': 'video/mp4'}]
-        credentials = {
-            'access_key': 'test_key',
-            'secret_key': 'test_secret',
-            'session_token': 'test_session_token'
-        }
        mock_key_instances = [
            Mock(
                generate_url=Mock(
@@ -466,22 +461,18 @@ class VideosHandlerTestCase(VideoUploadTestMixin, CourseTestCase):
            for file_info in files
        ]
        mock_key.side_effect = mock_key_instances
+        response = self.client.post(
+            self.url,
+            json.dumps({'files': files}),
+            content_type='application/json'
+        )

-        with patch.object(AssumeRole, 'get_instance') as assume_role:
-            assume_role.return_value.credentials = credentials
-
-            response = self.client.post(
-                self.url,
-                json.dumps({'files': files}),
-                content_type='application/json'
-            )
-
-            self.assertEqual(response.status_code, 200)
-            mock_conn.assert_called_once_with(
-                aws_access_key_id=credentials['access_key'],
-                aws_secret_access_key=credentials['secret_key'],
-                security_token=credentials['session_token']
-            )
+        self.assertEqual(response.status_code, 200)
+        mock_conn.assert_called_once_with(
+            aws_access_key_id=settings.AWS_ACCESS_KEY_ID,
+            aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY,
+            security_token=settings.AWS_SECURITY_TOKEN
+        )

    @patch('boto.s3.key.Key')
    @patch('boto.s3.connection.S3Connection')

--- a/cms/djangoapps/contentstore/views/videos.py
+++ b/cms/djangoapps/contentstore/views/videos.py
@@ -98,38 +98,6 @@ MAX_UPLOAD_HOURS = 24
 VIDEOS_PER_PAGE = 100


-class AssumeRole(object):
-    """ Singleton class to establish connection to aws using mfa and assume role """
-    __instance = None
-
-    @staticmethod
-    def get_instance():
-        """ Static access method. """
-        if not AssumeRole.__instance:
-            AssumeRole()
-
-        return AssumeRole.__instance
-
-    def __init__(self):
-        """ Virtually private constructor. """
-        if AssumeRole.__instance:
-            raise Exception("This is a singleton class!")
-
-        sts = STSConnection(
-            settings.AWS_ACCESS_KEY_ID,
-            settings.AWS_SECRET_ACCESS_KEY
-        )
-        self.credentials = sts.assume_role(
-            role_arn=settings.ROLE_ARN,
-            role_session_name='vem',
-            duration_seconds=3600,
-            mfa_serial_number=settings.MFA_SERIAL_NUMBER,
-            mfa_token=settings.MFA_TOKEN
-        ).credentials.to_dict()
-
-        AssumeRole.__instance = self
-
-
 class TranscriptProvider(object):
    """
    Transcription Provider Enumeration
@@ -808,15 +776,14 @@ def videos_post(course, request):

 def storage_service_bucket(course_key=None):
    """
-    Returns an S3 bucket for video upload. The S3 bucket returned depends on
-    which pipeline, VEDA or VEM, is enabled.
+    Returns an S3 bucket for video upload.
    """
    if waffle_flags()[ENABLE_DEVSTACK_VIDEO_UPLOADS].is_enabled():
-        credentials = AssumeRole.get_instance().credentials
        params = {
-            'aws_access_key_id': credentials['access_key'],
-            'aws_secret_access_key': credentials['secret_key'],
-            'security_token': credentials['session_token']
+            'aws_access_key_id': settings.AWS_ACCESS_KEY_ID,
+            'aws_secret_access_key': settings.AWS_SECRET_ACCESS_KEY,
+            'security_token': settings.AWS_SECURITY_TOKEN
+
        }
    else:
        params = {

--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -554,6 +554,7 @@ AWS_SES_REGION_NAME = 'us-east-1'
 AWS_SES_REGION_ENDPOINT = 'email.us-east-1.amazonaws.com'
 AWS_ACCESS_KEY_ID = None
 AWS_SECRET_ACCESS_KEY = None
+AWS_SECURITY_TOKEN = None
 AWS_QUERYSTRING_AUTH = False
 AWS_STORAGE_BUCKET_NAME = 'SET-ME-PLEASE (ex. bucket-name)'
 AWS_S3_CUSTOM_DOMAIN = 'SET-ME-PLEASE (ex. bucket-name.s3.amazonaws.com)'