From bf73c5d4dfbad34dfc6b5b325beb5c8022ef723e Mon Sep 17 00:00:00 2001
From: Rory McNicholl <rory.mcnicholl@london.ac.uk>
Date: Thu, 13 Jul 2023 21:16:15 +0100
Subject: [PATCH] config for be-s3

---
 config/browse_everything_providers.yml | 20 ++++++++++----------
 ops/staging-deploy.tmpl.yaml           |  8 ++++++++
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/config/browse_everything_providers.yml b/config/browse_everything_providers.yml
index 9fefd0a8c..c00f90677 100644
--- a/config/browse_everything_providers.yml
+++ b/config/browse_everything_providers.yml
@@ -2,8 +2,8 @@
 # To make browse-everything aware of a provider, uncomment the info for that provider and add your API key information.
 # The file_system provider can be a path to any directory on the server where your application is running.
 #
-file_system:
-  home: /app/samvera/hyrax-webapp/data
+#file_system:
+#  home: /app/samvera/hyrax-webapp/data
 # dropbox:
 #   client_id: YOUR_DROPBOX_APP_KEY
 #   client_secret: YOUR_DROPBOX_APP_SECRET
@@ -14,11 +14,11 @@ file_system:
 # google_drive:
 #   client_id: YOUR_GOOGLE_API_CLIENT_ID
 #   client_secret: YOUR_GOOGLE_API_CLIENT_SECRET
-# s3:
-#   bucket: YOUR_AWS_S3_BUCKET
-#   response_type: signed_url # set to :public_url for public urls or :s3_uri for an s3://BUCKET/KEY uri
-#   expires_in: 14400 # for signed_url response_type, number of seconds url will be valid for.
-#   app_key: YOUR_AWS_S3_KEY       # :app_key, :app_secret, and :region can be specified
-#   app_secret: YOUR_AWS_S3_SECRET # explicitly here, or left out to use system-configured
-#   region: YOUR_AWS_S3_REGION     # defaults.
-#   See https://aws.amazon.com/blogs/security/a-new-and-standardized-way-to-manage-credentials-in-the-aws-sdks/
+s3:
+  bucket: <%= ENV['AWS_S3_BUCKET'] %> # .s3.amazonaws.com #arn:aws:s3:::temp-bl-bucket-for-browse-everything
+  response_type: signed_url # set to :public_url for public urls or :s3_uri for an s3://BUCKET/KEY uri
+  expires_in: 14400 # for signed_url response_type, number of seconds url will be valid for.
+  app_key: <%= ENV['AWS_ACCESS_KEY_ID'] %>     # :app_key, :app_secret, and :region can be specified
+  app_secret: <%= ENV['AWS_SECRET_ACCESS_KEY'] %> # explicitly here, or left out to use system-configured
+  region: <%= ENV['AWS_S3_REGION'] %>     # defaults.
+  # See https://aws.amazon.com/blogs/security/a-new-and-standardized-way-to-manage-credentials-in-the-aws-sdks/
diff --git a/ops/staging-deploy.tmpl.yaml b/ops/staging-deploy.tmpl.yaml
index 588dcd992..73f1dd32e 100644
--- a/ops/staging-deploy.tmpl.yaml
+++ b/ops/staging-deploy.tmpl.yaml
@@ -167,6 +167,14 @@ extraEnvVars: &envVars
     value: "1"
   - name: EXTERNAL_IIIF_URL
     value: https://d2ltm8fy0v0agc.cloudfront.net/iiif/2
+  - name: AWS_S3_BUCKET
+    value: $AWS_S3_BUCKET
+  - name: AWS_ACCESS_KEY_ID
+    value: $AWS_ACCESS_KEY_ID
+  - name: AWS_SECRET_ACCESS_KEY
+    value: $AWS_SECRET_ACCESS_KEY
+  - name: AWS_S3_REGION
+    value: $AWS_S3_REGION
 
 worker:
   replicaCount: 1