Project specific S3 storages #260
Comments
@boal What about passing the presigned URLs to the integration services instead of a s3 path? |
Yes, this is a third valid solution and maybe in terms of simplicity and security the best one. One drawback ist the possible expiration of the presigned URL. In case of an expiration, an response sould be send to the caller to signal the expiration of the presigned url. |
1.Project-specific S3 service requires asynchronous interfaces analogous to the synchronous interface (own project-specific S3 topic) -> basic modules, element templates https://github.com/it-at-m/digiwf-s3-integration/issues/73
https://github.com/it-at-m/digiwf-s3-integration/issues/72
https://github.com/it-at-m/digiwf-cosys-integration/issues/5 it-at-m/digiwf-email-integration#20
|
Which services are still affected? |
Topics claimed: https://git.muenchen.de/openshift/kafka/-/issues/83 Todo: We need Topics for prod before we can relase the new feature |
What's working
What's still missing
DigiWF Engine
Pull Request: https://git.muenchen.de/digitalisierung/digiwf-engine/-/merge_requests/77 S3 Service
Pull Request: https://github.com/it-at-m/digiwf-s3-integration/pull/77 Email Integration
Pull Request: it-at-m/digiwf-email-integration#25 |
Handling
Handling of files over S3 storages is currently restricted to the DigiWF specific storage. Its not possible to handle files in project specific storages.
Within a project specific process, it should be possible to handle files with project specific S3 storages.
Authentication/authorization
All project specific S3 storages expose REST endpoints which will be secured with project specific ROLEs/RIGHTs using Oauth2.
I.e. the call to project specific S3 storages in the Cosys/Mail integration will be handled by Oauth2 client credentials flow. For each call to a project-specific S3 storage, the corresponding ClientID and the corresponding ClientSecret are then required in the Cosys/Mail integration.
Currently, this cannot be handled in the Cosys and Mail services. As a result the current images cannot be used for this purpose.
Concept
Todos
DigiWF Engine
S3 Service
Mail Service
Cosys Service
The text was updated successfully, but these errors were encountered: