Update our django-storages dependency and fix storage usage.

Review Request #13764 — Created April 22, 2024 and submitted

Information

Review Board
release-7.x

Reviewers

Django 4.2 no longer supports the DEFAULT_FILE_STORAGE setting, and we
hadn't updated our code to move fully over to STORAGES. This prevented
us from properly storing or accessing files via S3 (in the case of
reviews.reviewboard.org), and would have affected users using this or
other storage backends.

We now set STORAGES['default'] instead, which is the modern
equivalent.

The django-storages dependency has been bumped as part of this, as older
releases don't work with Django 4.2. There have been some changes in
modern django-storages, which impacted some of our loading code. That
code has been updated accordingly.

As django-storages is now light-weight, with all the requirements for
services like S3 being available via "extra" dependencies, we can now
depend on it unconditionally. Our S3 support in ReviewBoard[s3] now
just wraps django-storages[s3]. Of note, they now use boto3, as
opposed to the old boto we used before.

One notable change is that it appears django-storages before may have
given us signed URLs unconditionally. It's not entirely clear, but it
does seem that we aren't getting signed URLs anymore due to the
aws_querystring_auth setting we pass in. We had this set to False,
which is a bad default. We now set it to True and set a standard
expiration for signed URLs.

One last semi-related thing is that we had a bad field name set in the
configuration form that prevented the configured storage backend from
being selected by default. This has been corrected.

Semi-related, the support for CouchDB is now explicitly turned off. It
turns out we haven't actually worked with it in ages, and we never
offered native configuration. It's doubtful anyone's used it since its
introduction, and isn't worth putting in the release notes.

Unit tests pass.

Re-deployed and verified that file storage and access worked again.

Summary ID
Update our django-storages dependency and fix storage usage.
Django 4.2 no longer supports the `DEFAULT_FILE_STORAGE` setting, and we hadn't updated our code to move fully over to `STORAGES`. This prevented us from properly storing or accessing files via S3 (in the case of reviews.reviewboard.org), and would have affected users using this or other storage backends. We now set `STORAGES['default']` instead, which is the modern equivalent. The django-storages dependency has been bumped as part of this, as older releases don't work with Django 4.2. There have been some changes in modern django-storages, which impacted some of our loading code. That code has been updated accordingly. As django-storages is now light-weight, with all the requirements for services like S3 being available via "extra" dependencies, we can now depend on it unconditionally. Our S3 support in `ReviewBoard[s3]` now just wraps `django-storages[s3]`. Of note, they now use `boto3`, as opposed to the old `boto` we used before. One notable change is that it appears django-storages before may have given us signed URLs unconditionally. It's not entirely clear, but it does seem that we aren't getting signed URLs anymore due to the `aws_querystring_auth` setting we pass in. We had this set to `False`, which is a bad default. We now set it to `True` and set a standard expiration for signed URLs. One last semi-related thing is that we had a bad field name set in the configuration form that prevented the configured storage backend from being selected by default. This has been corrected. Semi-related, the support for CouchDB is now explicitly turned off. It turns out we haven't actually worked with it in ages, and we never offered native configuration. It's doubtful anyone's used it since its introduction, and isn't worth putting in the release notes.
01f3b4ca02a89db8caa7b46d03ff52bca2f772d4
david
  1. Ship It!
  2. 
      
maubin
  1. Ship It!
  2. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-7.x (319f0bd)