fix: GCS blobs signed URLS generation (#61)

Add a workaround for the inability to sign GCS blob URLs when running on Google Cloud Run. See [here](https://stackoverflow.com/questions/64234214/how-to-generate-a-blob-signed-url-in-google-cloud-run) for details. The workaround involves loading a service account JSON key file content's from an environment variable and using that to explicitly authenticate Google APIs/SDKs. Included also are other minor improvements and fixes.
savannahghi · Apr 4, 2023 · d3fcd88 · d3fcd88
1 parent 08a0c08
commit d3fcd88
Showing 1 changed file with 53 additions and 15 deletions.
diff --git a/config/settings/production.py b/config/settings/production.py
@@ -1,6 +1,8 @@
+import json
 import logging
 
 import sentry_sdk
+from google.oauth2 import service_account
 from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.logging import LoggingIntegration
 
@@ -10,9 +12,36 @@
 ###############################################################################
 # READ ENVIRONMENT
 ###############################################################################
-ENV_PATH = "/tmp/secrets/.env"
+
+ENV_PATH = env.str("ENV_PATH", default="/tmp/secrets/.env")
 env.read_env(path=ENV_PATH, override=True)
 
+
+###############################################################################
+# LOAD GOOGLE CREDENTIALS
+###############################################################################
+
+# Note that when this is not provided and the production environment is Google
+# Cloud Run, you will not be able to perform some actions such as signing GCS
+# blob URLs.
+# See the link below for an example of such an issue:
+# https://stackoverflow.com/questions/64234214/how-to-generate-a-blob-signed-url-in-google-cloud-run
+GOOGLE_APPLICATION_CREDENTIALS_KEY = env.str(
+    "GOOGLE_APPLICATION_CREDENTIALS_KEY", default=""
+)
+
+if GOOGLE_APPLICATION_CREDENTIALS_KEY:
+    GCS_CREDENTIALS = service_account.Credentials.from_service_account_info(
+        json.loads(GOOGLE_APPLICATION_CREDENTIALS_KEY)
+    )
+    # Set variables that define Google Services Credentials
+    GS_CREDENTIALS = GCS_CREDENTIALS
+
+
+###############################################################################
+# DJANGO DEV PANEL RECOMMENDATIONS AND OTHER SECURITY
+###############################################################################
+
 ALLOWED_HOSTS = env.list(
     "DJANGO_ALLOWED_HOSTS",
     default=[
@@ -22,16 +51,11 @@
         "icdr.fahariyajamii.org",
     ],
 )
-GOOGLE_ANALYTICS_ID = env.str("GOOGLE_ANALYTICS_ID")
-SECRET_KEY = env.str("DJANGO_SECRET_KEY")
-
-
-###############################################################################
-# DJANGO DEV PANEL RECOMMENDATIONS AND OTHER SECURITY
-###############################################################################
 
 DEBUG = False
 
+SECRET_KEY = env.str("DJANGO_SECRET_KEY")
+
 
 ###############################################################################
 # DATABASE CONFIG
@@ -64,6 +88,13 @@
 }
 
 
+###############################################################################
+# GOOGLE ANALYTICS
+###############################################################################
+
+GOOGLE_ANALYTICS_ID = env.str("GOOGLE_ANALYTICS_ID")
+
+
 ###############################################################################
 # SECURITY
 ###############################################################################
@@ -127,30 +158,37 @@
 
 LOGGING = {
     "version": 1,
-    "disable_existing_loggers": True,
+    "disable_existing_loggers": False,
     "formatters": {
         "verbose": {
-            "format": "%(levelname)s %(asctime)s %(module)s "
-            "%(process)d %(thread)d %(message)s"
+            "format": (
+                "{levelname}: {asctime} - <module={module} | "
+                "function={funcName} | line={lineno:d}> - {message}"
+            ),
+            "style": "{",
         }
     },
     "handlers": {
         "console": {
-            "level": "DEBUG",
             "class": "logging.StreamHandler",
             "formatter": "verbose",
+            "level": "DEBUG",
         }
     },
-    "root": {"level": "INFO", "handlers": ["console"]},
     "loggers": {
+        "django": {
+            "handlers": ["console"],
+            "level": "WARNING",
+            "propagate": True,
+        },
         "django.db.backends": {
-            "level": "ERROR",
+            "level": "WARNING",
             "handlers": ["console"],
             "propagate": False,
         },
         # Errors logged by the SDK itself
         "sentry_sdk": {
-            "level": "ERROR",
+            "level": "WARNING",
             "handlers": ["console"],
             "propagate": False,
         },