Merge branch 'quay:master' into master

sivaramsingana · Jan 30, 2025 · 7b782ec · 7b782ec
2 parents cc81d3b + c852217
commit 7b782ec
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/storage/akamaistorage.py b/storage/akamaistorage.py
@@ -6,7 +6,7 @@
 
 logger = logging.getLogger(__name__)
 
-from storage.cloud import S3Storage
+from storage.cloud import S3Storage, is_in_network_request
 
 DEFAULT_SIGNED_URL_EXPIRY_SECONDS = 900  # 15 mins
 TOKEN_QUERY_STRING = "akamai_signature"
@@ -49,6 +49,19 @@ def get_direct_download_url(
         s3_presigned_url = super(AkamaiS3Storage, self).get_direct_download_url(
             path, request_ip, expires_in, requires_cors, head
         )
+        logger.debug(f"s3 presigned_url: {s3_presigned_url}")
+        if request_ip is None:
+            return s3_presigned_url
+
+        if is_in_network_request(self._context, request_ip, self.region):
+            if kwargs.get("cdn_specific", False):
+                logger.debug(
+                    "Request came from within network but namespace is protected: %s", path
+                )
+            else:
+                logger.debug("Request is from within the network, returning S3 URL")
+                return s3_presigned_url
+
         s3_url_parsed = urllib.parse.urlparse(s3_presigned_url)
 
         # replace s3 location with Akamai domain

diff --git a/storage/test/test_akamai.py b/storage/test/test_akamai.py
@@ -8,7 +8,11 @@
 from storage import AkamaiS3Storage, StorageContext
 from test.fixtures import *
 from util.ipresolver import IPResolver
-from util.ipresolver.test.test_ipresolver import aws_ip_range_data, test_ip_range_cache
+from util.ipresolver.test.test_ipresolver import (
+    aws_ip_range_data,
+    test_aws_ip,
+    test_ip_range_cache,
+)
 
 _TEST_CONTENT = os.urandom(1024)
 _TEST_BUCKET = "somebucket"
@@ -47,4 +51,21 @@ def test_direct_download_cdn_specific(ipranges_populated, test_ip_range_cache, a
 
         engine.put_content(_TEST_PATH, _TEST_CONTENT)
         assert engine.exists(_TEST_PATH)
-        assert "akamai-domain" in engine.get_direct_download_url(_TEST_PATH, request_ip="4.0.0.2")
+        # Request a direct download URL for a request from a known AWS IP and in the same region, returned S3 URL.
+        assert engine.get_direct_download_url(_TEST_PATH, request_ip="4.0.0.2").startswith(
+            "https://s3.us-east-1.amazonaws.com"
+        )
+        # Request a direct download URL for a request from a non-AWS IP, and ensure we are returned Akamai URL.
+        assert engine.get_direct_download_url(_TEST_PATH, "1.2.3.4").startswith(
+            "https://akamai-domain"
+        )
+
+        assert engine.get_direct_download_url(
+            _TEST_PATH, request_ip="4.0.0.2", cdn_specific=False
+        ).startswith("https://s3.us-east-1.amazonaws.com")
+        assert engine.get_direct_download_url(
+            _TEST_PATH, request_ip="4.0.0.2", cdn_specific=True
+        ).startswith("https://akamai-domain")
+        assert engine.get_direct_download_url(_TEST_PATH).startswith(
+            "https://s3.us-east-1.amazonaws.com"
+        )