Merge pull request #8400 from adullact/feature/s3-storage

S3 storage support

config/env.example.optional

@@ -146,6 +146,11 @@ DATAGOUV_DESCRIPTIF_DEMARCHES_RESOURCE="resourceid"
 # Zonage
 ZONAGE_ENABLED='enabled' # zonage disabled by default if `ZONAGE_ENABLED` not set
 
+# Configuration for the S3 storage service (if enabled)
+S3_ACCESS_KEY_ID=""
+S3_SECRET_ACCESS_KEY=""
+S3_REGION=""
+S3_BUCKET=""
 
 # SAML
 SAML_IDP_CERTIFICATE="idpcertificate"

config/initializers/content_security_policy.rb

@@ -22,6 +22,7 @@ Rails.application.config.content_security_policy do |policy|
 
   connect_whitelist = ["wss://*.crisp.chat", "*.crisp.chat", "app.franceconnect.gouv.fr", "openmaptiles.geo.data.gouv.fr", "openmaptiles.github.io", "tiles.geo.api.gouv.fr", "wxs.ign.fr"]
   connect_whitelist << ENV.fetch('APP_HOST')
+  connect_whitelist << "*.amazonaws.com" if Rails.configuration.active_storage.service == :amazon
   connect_whitelist += [URI(ENV["SENTRY_DSN_JS"]).host, URI(ENV["SENTRY_DSN_RAILS"]).host].compact.uniq
   connect_whitelist << URI(DS_PROXY_URL).host if DS_PROXY_URL.present?
   connect_whitelist << URI(API_ADRESSE_URL).host if API_ADRESSE_URL.present?

config/storage.yml

@@ -13,3 +13,9 @@ openstack:
     openstack_username: "<%= ENV['FOG_OPENSTACK_USERNAME'] %>"
     openstack_region: "<%= ENV['FOG_OPENSTACK_REGION'] %>"
     openstack_temp_url_key: "<%= ENV['FOG_OPENSTACK_TEMP_URL_KEY'] %>"
+amazon:
+  service: S3
+  access_key_id: <%= ENV.fetch("S3_ACCESS_KEY_ID", "") %>
+  secret_access_key: <%= ENV.fetch("S3_SECRET_ACCESS_KEY", "") %>
+  region: <%= ENV.fetch("S3_REGION", "") %>
+  bucket: <%= ENV.fetch("S3_BUCKET", "") %>