mirror of
https://github.com/zulip/zulip.git
synced 2025-11-16 03:41:58 +00:00
uploads: Skip the outgoing proxy if S3_KEY is unset.
When the credentials are provided by dint of being run on an EC2 instance with an assigned Role, we must be able to fetch the instance metadata from IMDS -- which is precisely the type of internal-IP request that Smokescreen denies. While botocore supports a `proxies` argument to the `Config` object, this is not actually respected when making the IMDS queries; only the environment variables are read from. See https://github.com/boto/botocore/issues/2644 As such, implement S3_SKIP_PROXY by monkey-patching the `botocore.utils.should_bypass_proxies` function, to allow requests to IMDS to be made without Smokescreen impeding them. Fixes #20715.
This commit is contained in:
Alex Vandiver
committed by
Tim Abbott
Tim Abbott
parent
0d90bb2569
commit
4f93b4b6e4
@@ -85,6 +85,14 @@ INLINE_MIME_TYPES = [
|
||||
# through a sanitization function.
|
||||
|
||||
|
||||
# https://github.com/boto/botocore/issues/2644 means that the IMDS
|
||||
# request _always_ pulls from the environment. Monkey-patch the
|
||||
# `should_bypass_proxies` function if we need to skip them, based
|
||||
# on S3_SKIP_PROXY.
|
||||
if settings.S3_SKIP_PROXY is True: # nocoverage
|
||||
botocore.utils.should_bypass_proxies = lambda url: True
|
||||
|
||||
|
||||
class RealmUploadQuotaError(JsonableError):
|
||||
code = ErrorCode.REALM_UPLOAD_QUOTA
|
||||
|
||||
|
||||
Reference in New Issue
Block a user