Merge pull request #155 from neuroforgede/wip/bump-packages/main

setup s3 plumbing to work with more s3 providers like Hetzner
neuroforgede · Jan 10, 2025 · 777bd66 · 777bd66
2 parents 6b26590 + 199155c
commit 777bd66
Show file tree

Hide file tree

Showing 9 changed files with 104 additions and 89 deletions.
diff --git a/deploy/local/compose/docker-compose.yml b/deploy/local/compose/docker-compose.yml
@@ -53,8 +53,8 @@ services:
     restart: unless-stopped
     environment:
         SKIPPER_DEBUG_LOCAL: "true"
-        SKIPPER_S3_INTERNAL_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
-        SKIPPER_S3_ENDPOINT_URL: "${SKIPPER_S3_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
+        SKIPPER_S3_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
+        SKIPPER_S3_EXTERNAL_ENDPOINT_URL: "${SKIPPER_S3_EXTERNAL_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
         SKIPPER_GUNICORN_LIMIT_REQUEST_LINE: "0"
         SKIPPER_DJANGO_EXTRA_ALLOWED_HOSTS: "skipper.${INTERNAL_DOMAIN_SUFFIX:-test.local}"
         SKIPPER_REDIS_URL: 'redis://redis.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6379'
@@ -75,8 +75,8 @@ services:
     restart: unless-stopped
     environment:
         SKIPPER_DEBUG_LOCAL: "true"
-        SKIPPER_S3_INTERNAL_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
-        SKIPPER_S3_ENDPOINT_URL: "${SKIPPER_S3_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
+        SKIPPER_S3_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
+        SKIPPER_S3_EXTERNAL_ENDPOINT_URL: "${SKIPPER_S3_EXTERNAL_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
         SKIPPER_GUNICORN_LIMIT_REQUEST_LINE: "0"
         SKIPPER_WORKER_TIMEOUT: "120"
         SKIPPER_DJANGO_EXTRA_ALLOWED_HOSTS: "skipper.internal.${INTERNAL_DOMAIN_SUFFIX:-test.local}"
@@ -93,8 +93,8 @@ services:
       - nfcompose_test
     environment:
         SKIPPER_DEBUG_LOCAL: "true"
-        SKIPPER_S3_INTERNAL_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
-        SKIPPER_S3_ENDPOINT_URL: "${SKIPPER_S3_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
+        SKIPPER_S3_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
+        SKIPPER_S3_EXTERNAL_ENDPOINT_URL: "${SKIPPER_S3_EXTERNAL_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
         SKIPPER_CELERY_WORKER_CONCURRENCY: "2"
         SKIPPER_CONTAINER_TYPE: "CELERY"
         SKIPPER_REDIS_URL: 'redis://redis.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6379'
@@ -110,8 +110,8 @@ services:
       - nfcompose
     environment:
         SKIPPER_DEBUG_LOCAL: "true"
-        SKIPPER_S3_INTERNAL_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
-        SKIPPER_S3_ENDPOINT_URL: "${SKIPPER_S3_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
+        SKIPPER_S3_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
+        SKIPPER_S3_EXTERNAL_ENDPOINT_URL: "${SKIPPER_S3_EXTERNAL_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
         SKIPPER_REDIS_URL: 'redis://redis.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6379'
         SKIPPER_CELERY_BROKER_URL: 'redis://redis.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6379'
         SKIPPER_DB_HOSTS: "postgres.${INTERNAL_DOMAIN_SUFFIX:-test.local}"
@@ -134,8 +134,8 @@ services:
           - skipper.task.dashboard.${INTERNAL_DOMAIN_SUFFIX:-test.local}
     environment:
         SKIPPER_DEBUG_LOCAL: "true"
-        SKIPPER_S3_INTERNAL_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
-        SKIPPER_S3_ENDPOINT_URL: "${SKIPPER_S3_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
+        SKIPPER_S3_ENDPOINT_URL: "http://nfcomposes3.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6044"
+        SKIPPER_S3_EXTERNAL_ENDPOINT_URL: "${SKIPPER_S3_EXTERNAL_ENDPOINT_URL:-http://nfcomposes3.test.local:6044}"
         SKIPPER_CONTAINER_TYPE: "TASK_DASHBOARD"
         SKIPPER_REDIS_URL: 'redis://redis.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6379'
         SKIPPER_CELERY_BROKER_URL: 'redis://redis.${INTERNAL_DOMAIN_SUFFIX:-test.local}:6379'

diff --git a/deploy/production/docker-compose/docker-compose.yml b/deploy/production/docker-compose/docker-compose.yml
@@ -36,8 +36,8 @@ x-skipper-env: &x-skipper-env
   SKIPPER_DB_SSL_ENABLE: "false"
   # SKIPPER_DB_SSL_MODE: "verify-ca"
 
-  SKIPPER_S3_ENDPOINT_URL: "http://minio.localhost:9000"
-  SKIPPER_S3_INTERNAL_ENDPOINT_URL: "http://nfcomposes3.local:6044"
+  SKIPPER_S3_EXTERNAL_ENDPOINT_URL: "http://minio.localhost:9000"
+  SKIPPER_S3_ENDPOINT_URL: "http://nfcomposes3.local:6044"
   SKIPPER_S3_MEDIA_BUCKET_NAME: "skipper-media"
   SKIPPER_S3_STATIC_BUCKET_NAME: "skipper-static"
 

diff --git a/skipper/skipper/core/storage/media.py b/skipper/skipper/core/storage/media.py
@@ -14,4 +14,9 @@
 @deconstructible
 class S3Boto3MediaStorage(PrivatePublicS3Boto3Storage):  # type: ignore
     bucket_name = setting('NF_AWS_STORAGE_BUCKET_NAME_MEDIA')
-
+    access_key = setting('SKIPPER_S3_MEDIA_ACCESS_KEY_ID')
+    secret_key = setting('SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY')
+    endpoint_url = setting('SKIPPER_S3_MEDIA_ENDPOINT_URL')
+    external_endpoint_url = setting('SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL')
+    region_name = setting('SKIPPER_S3_MEDIA_REGION_NAME')
+    addressing_style = setting('SKIPPER_S3_MEDIA_ADDRESSING_STYLE')
diff --git a/skipper/skipper/core/storage/private_public.py b/skipper/skipper/core/storage/private_public.py
@@ -36,35 +36,11 @@ def url(self, name: str, parameters: Optional[Any] = None, expire: Optional[Any]
         if not behind_proxy:
             return private_url
 
-        s3_url_translate_to_outside_url = setting('AWS_S3_URL_TRANSLATE_TO_OUTSIDE_URL')
-        if s3_url_translate_to_outside_url is None or len(s3_url_translate_to_outside_url) == 0:
-
-            # still support the simple replace logic if we did not define any outside host setting
-            s3_outside_url = setting('AWS_S3_OUTSIDE_URL')
-            s3_endpoint_url = setting('AWS_S3_ENDPOINT_URL')
-            if s3_outside_url is not None:
-                return private_url.replace(s3_endpoint_url, s3_outside_url, 1)
-
-            return private_url
-
-        for rule in s3_url_translate_to_outside_url:
-            match_rule = rule.get('match', {})
-            match_any = match_rule.get('any', False)
+        if self.external_endpoint_url is not None and self.external_endpoint_url != '':
+            scheme = parse.urlsplit(self.external_endpoint_url).scheme
+            host = parse.urlsplit(self.external_endpoint_url).netloc
             split_url = parse.urlsplit(private_url)
-
-            if 'X-Forwarded-Proto' in headers and 'Host' in headers:
-                match_scheme = 'scheme' in match_rule and match_rule['scheme'] == headers['X-Forwarded-Proto']
-                match_host = 'host' in match_rule and match_rule['host'] == headers['Host']
-            else:
-                # at this point only match any will work
-                match_scheme = False
-                match_host = False
-
-            if match_any or (match_scheme and match_host):
-                replace_rule = rule.get('replace', {})
-                scheme = replace_rule.get('scheme', None)
-                host = replace_rule.get('host', None)
-                return replace_in_split_url(split_url=split_url, scheme=scheme, host=host)
+            return replace_in_split_url(split_url=split_url, scheme=scheme, host=host)
         return private_url
 
 

diff --git a/skipper/skipper/core/storage/static.py b/skipper/skipper/core/storage/static.py
@@ -13,3 +13,9 @@
 class S3Boto3StaticStorage(PrivatePublicS3Boto3Storage):  # type: ignore
     bucket_name = setting('NF_AWS_STORAGE_BUCKET_NAME_STATIC')
     querystring_auth = setting('NF_AWS_QUERYSTRING_AUTH_STATIC')
+    access_key = setting('SKIPPER_S3_STATIC_ACCESS_KEY_ID')
+    secret_key = setting('SKIPPER_S3_STATIC_SECRET_ACCESS_KEY')
+    endpoint_url = setting('SKIPPER_S3_STATIC_ENDPOINT_URL')
+    external_endpoint_url = setting('SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL')
+    region_name = setting('SKIPPER_S3_STATIC_REGION_NAME')
+    addressing_style = setting('SKIPPER_S3_STATIC_ADDRESSING_STYLE')
diff --git a/skipper/skipper/environment.py b/skipper/skipper/environment.py
@@ -69,11 +69,5 @@ def split_list_str(input_str: str) -> List[str]:
 if SKIPPER_SQL_LINT not in ['strict']:
     SKIPPER_SQL_LINT = None
 
-
 # finally import all from environment_secret
-from skipper.environment_secret import *
-
-# and extract the computed configs from it
-SKIPPER_S3_ENDPOINT_SCHEME = urllib.parse.urlsplit(SKIPPER_S3_ENDPOINT_URL).scheme
-SKIPPER_S3_ENDPOINT_HOST = urllib.parse.urlsplit(SKIPPER_S3_ENDPOINT_URL).hostname
-SKIPPER_S3_ENDPOINT_NETLOC = urllib.parse.urlsplit(SKIPPER_S3_ENDPOINT_URL).netloc
+from skipper.environment_secret import *
diff --git a/skipper/skipper/environment_local.py b/skipper/skipper/environment_local.py
@@ -27,15 +27,18 @@
         "SKIPPER_DB_HOSTS": os.getenv('SKIPPER_TESTING_DB_HOST', 'postgres_container_cephalopod'),
         "SKIPPER_DB_PORTS": '5432',
         "SKIPPER_DB_SCHEMA": 'public',
-        "SKIPPER_S3_ACCESS_KEY_ID": 'skipper-test',
-        "SKIPPER_S3_SECRET_ACCESS_KEY": 'WMH37f3R8RZyN2CMycWGV3EwuMpxGKhG8NBKaswD6hfFPUrmhg9b6PjfyD8RW4AV3JuRLDTa8JRvTWRYASs5xbwB9qHyTW7BZ6V59FPTytb7jvZ4VsnmbrY4WRSVCS9C',
-        "SKIPPER_S3_INTERNAL_ENDPOINT_URL": 'http://nfcomposes3:6044',
-        "SKIPPER_S3_MEDIA_BUCKET_NAME": 'skipper-media',
-        "SKIPPER_S3_STATIC_BUCKET_NAME": 'skipper-static',
         "SKIPPER_SESSION_INSECURE": "true",
         "SKIPPER_FLOW_DEFAULT_SYSTEM_SECRET": 'QAeV8ESByNqyXNA4bUNMqEVvbhR7B4ftCEWTGM2ujbVtMfuHL7YnjhWUzEaUWDW9',
         "SKIPPER_FEATURE_FLAG_ALL": "true",
-        # keep anything that was overridden
+        # keep anything that was overridden,
+        "SKIPPER_S3_ACCESS_KEY_ID": "skipper-test",
+        "SKIPPER_S3_SECRET_ACCESS_KEY": "WMH37f3R8RZyN2CMycWGV3EwuMpxGKhG8NBKaswD6hfFPUrmhg9b6PjfyD8RW4AV3JuRLDTa8JRvTWRYASs5xbwB9qHyTW7BZ6V59FPTytb7jvZ4VsnmbrY4WRSVCS9C",
+        "SKIPPER_S3_ENDPOINT_URL": "http://nfcomposes3:6044",
+        "SKIPPER_S3_EXTERNAL_ENDPOINT_URL": 'http://localhost:' + os.getenv('SEAWEEDFS_DEV_OUTSIDE_PORT', '6044'),
+        "SKIPPER_S3_MEDIA_BUCKET_NAME": "skipper-media",
+        "SKIPPER_S3_MEDIA_ADDRESSING_STYLE": "virtual",
+        "SKIPPER_S3_STATIC_BUCKET_NAME": "skipper-static",
+        "SKIPPER_S3_STATIC_ADDRESSING_STYLE": "virtual",
         **os.environ
     })
     # for unit tests

diff --git a/skipper/skipper/environment_secret.py b/skipper/skipper/environment_secret.py
@@ -18,13 +18,9 @@
     "SKIPPER_DB_PASSWD",
     "SKIPPER_DB_HOSTS",
     "SKIPPER_DB_PORTS",
-    "SKIPPER_S3_ACCESS_KEY_ID",
-    "SKIPPER_S3_SECRET_ACCESS_KEY",
-    "SKIPPER_S3_ENDPOINT_URL",
-    "SKIPPER_S3_INTERNAL_ENDPOINT_URL",
-    "SKIPPER_S3_MEDIA_BUCKET_NAME",
+    "SKIPPER_FLOW_DEFAULT_SYSTEM_SECRET",
     "SKIPPER_S3_STATIC_BUCKET_NAME",
-    "SKIPPER_FLOW_DEFAULT_SYSTEM_SECRET"
+    "SKIPPER_S3_MEDIA_BUCKET_NAME",
 }
 
 env_var_keys = os.environ.keys()
@@ -52,12 +48,57 @@
 SKIPPER_DB_TCP_KEEPALIVE_INTERVAL = os.environ.get('SKIPPER_DB_TCP_KEEPALIVE_INTERVAL', '15')
 SKIPPER_DB_POOL_HEALTHCHECK_TIMEOUT = float(os.environ.get('SKIPPER_DB_POOL_HEALTHCHECK_TIMEOUT', '5'))
 
-SKIPPER_S3_ACCESS_KEY_ID = os.environ['SKIPPER_S3_ACCESS_KEY_ID']
-SKIPPER_S3_SECRET_ACCESS_KEY = os.environ['SKIPPER_S3_SECRET_ACCESS_KEY']
-SKIPPER_S3_ENDPOINT_URL = os.environ['SKIPPER_S3_ENDPOINT_URL']
-SKIPPER_S3_INTERNAL_ENDPOINT_URL = os.environ.get('SKIPPER_S3_INTERNAL_ENDPOINT_URL', SKIPPER_S3_ENDPOINT_URL)
+SKIPPER_S3_DISABLE_INTERNAL_TO_EXTERNAL_TRANSLATION = os.environ.get('SKIPPER_S3_DISABLE_INTERNAL_TO_EXTERNAL_TRANSLATION', 'false') == 'true'
+
+DEFAULT_S3_ACCESS_KEY_ID = os.environ.get('SKIPPER_S3_ACCESS_KEY_ID')
+DEFAULT_S3_SECRET_ACCESS_KEY = os.environ.get('SKIPPER_S3_SECRET_ACCESS_KEY')
+DEFAULT_S3_ENDPOINT_URL = os.environ.get('SKIPPER_S3_ENDPOINT_URL')
+DEFAULT_S3_EXTERNAL_ENDPOINT_URL = os.environ.get('SKIPPER_S3_EXTERNAL_ENDPOINT_URL')
+DEFAULT_S3_REGION_NAME = os.environ.get('SKIPPER_S3_REGION_NAME', 'eu-west-1')
+
+SKIPPER_S3_MEDIA_ACCESS_KEY_ID = os.environ.get('SKIPPER_S3_MEDIA_ACCESS_KEY_ID', DEFAULT_S3_ACCESS_KEY_ID)
+SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY = os.environ.get('SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY', DEFAULT_S3_SECRET_ACCESS_KEY)
+SKIPPER_S3_MEDIA_ENDPOINT_URL = os.environ.get('SKIPPER_S3_MEDIA_ENDPOINT_URL', DEFAULT_S3_ENDPOINT_URL)
+SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL = os.environ.get('SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL', DEFAULT_S3_EXTERNAL_ENDPOINT_URL)
 SKIPPER_S3_MEDIA_BUCKET_NAME = os.environ['SKIPPER_S3_MEDIA_BUCKET_NAME']
+SKIPPER_S3_MEDIA_REGION_NAME = os.environ.get('SKIPPER_S3_MEDIA_REGION_NAME', DEFAULT_S3_REGION_NAME)
+# defaulting to path style to work with minio by default
+SKIPPER_S3_MEDIA_ADDRESSING_STYLE = os.environ.get('SKIPPER_S3_MEDIA_ADDRESSING_STYLE', 'path')
+
+SKIPPER_S3_STATIC_ACCESS_KEY_ID = os.environ.get('SKIPPER_S3_STATIC_ACCESS_KEY_ID', DEFAULT_S3_ACCESS_KEY_ID)
+SKIPPER_S3_STATIC_SECRET_ACCESS_KEY = os.environ.get('SKIPPER_S3_STATIC_SECRET_ACCESS_KEY', DEFAULT_S3_SECRET_ACCESS_KEY)
+SKIPPER_S3_STATIC_ENDPOINT_URL = os.environ.get('SKIPPER_S3_STATIC_ENDPOINT_URL', DEFAULT_S3_ENDPOINT_URL)
+SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL = os.environ.get('SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL', DEFAULT_S3_EXTERNAL_ENDPOINT_URL)
 SKIPPER_S3_STATIC_BUCKET_NAME = os.environ['SKIPPER_S3_STATIC_BUCKET_NAME']
+SKIPPER_S3_STATIC_REGION_NAME = os.environ.get('SKIPPER_S3_STATIC_REGION_NAME', DEFAULT_S3_REGION_NAME)
+# defaulting to path style to work with minio by default
+SKIPPER_S3_STATIC_ADDRESSING_STYLE = os.environ.get('SKIPPER_S3_STATIC_ADDRESSING_STYLE', 'path')
+
+def check_s3_settings():
+    # Collect all variables we assigned earlier for MEDIA and STATIC
+    variables_to_check = {
+        'SKIPPER_S3_MEDIA_ACCESS_KEY_ID': SKIPPER_S3_MEDIA_ACCESS_KEY_ID,
+        'SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY': SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY,
+        'SKIPPER_S3_MEDIA_ENDPOINT_URL': SKIPPER_S3_MEDIA_ENDPOINT_URL,
+        'SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL': SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL,
+        'SKIPPER_S3_MEDIA_BUCKET_NAME': SKIPPER_S3_MEDIA_BUCKET_NAME,
+        'SKIPPER_S3_MEDIA_REGION_NAME': SKIPPER_S3_MEDIA_REGION_NAME,
+        'SKIPPER_S3_STATIC_ACCESS_KEY_ID': SKIPPER_S3_STATIC_ACCESS_KEY_ID,
+        'SKIPPER_S3_STATIC_SECRET_ACCESS_KEY': SKIPPER_S3_STATIC_SECRET_ACCESS_KEY,
+        'SKIPPER_S3_STATIC_ENDPOINT_URL': SKIPPER_S3_STATIC_ENDPOINT_URL,
+        'SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL': SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL,
+        'SKIPPER_S3_STATIC_BUCKET_NAME': SKIPPER_S3_STATIC_BUCKET_NAME,
+        'SKIPPER_S3_STATIC_REGION_NAME': SKIPPER_S3_STATIC_REGION_NAME,
+    }
+
+    # Find any variables that are not set or are empty
+    not_set_vars = [key for key, value in variables_to_check.items() if not value]
+
+    # Raise an assertion error if any required variables are not set
+    if not_set_vars:
+        raise AssertionError(f"Environment variables {str(not_set_vars)} are not set. Either set the default values or provide all variables for static and media specific s3 settings.")
+
+check_s3_settings()
 
 SKIPPER_FLOW_DEFAULT_SYSTEM_SECRET = os.environ["SKIPPER_FLOW_DEFAULT_SYSTEM_SECRET"]
 

diff --git a/skipper/skipper/settings_env.py b/skipper/skipper/settings_env.py
@@ -266,7 +266,11 @@ def task_upstream_dashboard(tenant: Tenant, user: Optional[Union[User, Anonymous
     *environment.SKIPPER_DJANGO_DSP_FRAME_ANCESTORS
 ]
 
-csp_static_url = f'{environment.SKIPPER_S3_ENDPOINT_URL}/{environment.SKIPPER_S3_STATIC_BUCKET_NAME}/'
+if environment.SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL != "":
+    csp_static_url = f'{environment.SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL}/{environment.SKIPPER_S3_STATIC_BUCKET_NAME}/'
+else:
+    csp_static_url = f'{environment.SKIPPER_S3_STATIC_ENDPOINT_URL}/{environment.SKIPPER_S3_STATIC_BUCKET_NAME}/'
+
 
 CSP_DEFAULT_SRC = ("'self'",)
 CSP_STYLE_SRC = ("'self'", "'unsafe-inline'", csp_static_url)
@@ -421,29 +425,17 @@ def task_upstream_dashboard(tenant: Tenant, user: Optional[Union[User, Anonymous
 AWS_DEFAULT_ACL = None
 AWS_BUCKET_ACL = None
 
+SKIPPER_S3_MEDIA_ACCESS_KEY_ID = environment.SKIPPER_S3_MEDIA_ACCESS_KEY_ID
+SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY = environment.SKIPPER_S3_MEDIA_SECRET_ACCESS_KEY
+SKIPPER_S3_MEDIA_ENDPOINT_URL = environment.SKIPPER_S3_MEDIA_ENDPOINT_URL
+SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL = environment.SKIPPER_S3_MEDIA_EXTERNAL_ENDPOINT_URL
+SKIPPER_S3_MEDIA_REGION_NAME = environment.SKIPPER_S3_MEDIA_REGION_NAME
 
-# use externally managed S3
-AWS_ACCESS_KEY_ID = environment.SKIPPER_S3_ACCESS_KEY_ID
-AWS_SECRET_ACCESS_KEY = environment.SKIPPER_S3_SECRET_ACCESS_KEY
-# TODO: remove this, its deprecated
-AWS_S3_OUTSIDE_URL = environment.SKIPPER_S3_ENDPOINT_URL
-
-# just always replace the domain with the outside domain
-AWS_S3_URL_TRANSLATE_TO_OUTSIDE_URL = [
-    {
-        'match': {
-            'any': True,
-            # 'scheme': 'http',
-            # 'host': '...'
-        },
-        'replace': {
-            'scheme': environment.SKIPPER_S3_ENDPOINT_SCHEME,
-            'host': environment.SKIPPER_S3_ENDPOINT_NETLOC
-        }
-    }
-]
-AWS_S3_ENDPOINT_URL = environment.SKIPPER_S3_INTERNAL_ENDPOINT_URL
-AWS_S3_REGION_NAME = 'eu-west-1'
+SKIPPER_S3_STATIC_ACCESS_KEY_ID = environment.SKIPPER_S3_STATIC_ACCESS_KEY_ID
+SKIPPER_S3_STATIC_SECRET_ACCESS_KEY = environment.SKIPPER_S3_STATIC_SECRET_ACCESS_KEY
+SKIPPER_S3_STATIC_ENDPOINT_URL = environment.SKIPPER_S3_STATIC_ENDPOINT_URL
+SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL = environment.SKIPPER_S3_STATIC_EXTERNAL_ENDPOINT_URL
+SKIPPER_S3_STATIC_REGION_NAME = environment.SKIPPER_S3_STATIC_REGION_NAME
 
 STORAGES = {
     'staticfiles': {
@@ -460,8 +452,6 @@ def task_upstream_dashboard(tenant: Tenant, user: Optional[Union[User, Anonymous
 
 NF_AWS_STORAGE_BUCKET_NAME_MEDIA = environment.SKIPPER_S3_MEDIA_BUCKET_NAME
 
-
-
 AWS_S3_OBJECT_PARAMETERS = {
     'CacheControl': 'max-age=86400',
 }