search

mattermost / mattermost-plugin-legal-hold

Plugin to create and manage legal holds in Mattermost
Other
5 stars 2 forks source link

Support using a different s3 bucket through plugin setting #46

Closed mickmister closed 1 month ago

mickmister commented 2 months ago

Summary

This PR makes it so the admin can configure the plugin to store the Legal Hold artifacts in a different S3 Bucket than the one that's currently being used by the Mattermost server. The following fields are filled out by the UI, which is a subset of model.FileSettings. The backend of the plugin uses unmarshals this as a model.FileSettings struct and uses it as such.

type FileSettings = {
    DriverName: string;
    AmazonS3RequestTimeoutMilliseconds: number;
    AmazonS3Bucket: string;
    AmazonS3PathPrefix: string;
    AmazonS3Region: string;
    AmazonS3Endpoint: string;
    AmazonS3AccessKeyId: string;
    AmazonS3SecretAccessKey: string;
    AmazonS3SSL: boolean;
    AmazonS3SSE: boolean;
};

Ticket Link

Fixex https://github.com/mattermost/mattermost-plugin-legal-hold/issues/12

wiggin77 commented 2 months ago

@mickmister A couple of questions:

  1. Is it enough to just have a different bucket name, versus duplicate all the S3 settings? For example, I could see a use case where the credentials are different.

  2. He this been tested to ensure the custom bucket gets created and stuff actually gets written there?

mickmister commented 2 months ago

Is it enough to just have a different bucket name, versus duplicate all the S3 settings? For example, I could see a use case where the credentials are different.

@wiggin77 I was thinking it may best to keep it simple now, though now I'm thinking we should lean on the side of data access/isolation, which would involve setting different credentials etc. as you mentioned. I'm planning to add the following plugin settings to uniquely identify the bucket, along with unit tests to cover usage:

Here are the values that the plugin currently pulls from the MM config:

https://github.com/mattermost/mattermost-plugin-legal-hold/blob/568f22b441009477164654a70589b6cc4f214db8/server/plugin.go#L212-L225

Has this been tested to ensure the custom bucket gets created and stuff actually gets written there?

Yes the legal holds are correctly written to the provided S3 bucket. I've tested with MINIO and will test with an S3 bucket as well

image

I've also added a "connection test" on plugin start up and config change that will error out if the connection fails

image image
wiggin77 commented 2 months ago

Here are the values that the plugin currently pulls from the MM config

I think it should be a complete copy of the code the handles the MMserver S3 config. Re-use the structs, copy the system console UI.

mickmister commented 2 months ago

@wiggin77 Sure sounds good to me :+1:

mickmister commented 2 months ago

The "plugin settings" page now functions like the "file storage" page with the s3 bucket configuration

https://github.com/mattermost/mattermost-plugin-legal-hold/assets/6913320/e91afbb6-941c-44d6-94c2-70b61c59d441

wiggin77 commented 2 months ago

@cwarnermm This PR will require an addition to the Legal Hold plugin docs.

mickmister commented 2 months ago

How difficult could it be to visually group the S3 settings and only show the configuration ones if the custom S3 bucket is enabled?

@fmartingr I actually did it that way first but changed it to match the way the primary s3 bucket is configured in the system console. Maybe we could have a more intentional way to do this, like a "show/hide settings" button. So the admin could have them hidden even though a custom bucket is configured