Azure blob storage additional config

- Add additional options to use Azure blob storage (Not used right now)
- Use django new storages configuration structure https://docs.djangoproject.com/en/5.1/ref/settings/#std-setting-STORAGES

Author: thenav56

main/settings.py

@@ -7,6 +7,7 @@
 
 import environ
 import pytz
+from azure.identity import DefaultAzureCredential
 from corsheaders.defaults import default_headers
 from django.utils.translation import gettext_lazy as _
 from urllib3.util.retry import Retry
@@ -24,9 +25,7 @@
     DOCKER_HOST_IP=(str, None),
     DJANGO_SECRET_KEY=str,
     DJANGO_MEDIA_URL=(str, "/media/"),
-    DJANGO_MEDIA_ROOT=(str, os.path.join(BASE_DIR, "media")),
     DJANGO_STATIC_URL=(str, "/static/"),
-    DJANGO_STATIC_ROOT=(str, os.path.join(BASE_DIR, "static")),
     DJANGO_ADDITIONAL_ALLOWED_HOSTS=(list, []),  # Eg: api.go.ifrc.org, goadmin.ifrc.org, dsgocdnapi.azureedge.net
     GO_ENVIRONMENT=(str, "development"),  # staging, production
     #
@@ -39,9 +38,17 @@
     DJANGO_DB_PASS=str,
     DJANGO_DB_HOST=str,
     DJANGO_DB_PORT=(int, 5432),
-    # Azure storage
+    # Storage
+    # -- Azure storage
+    AZURE_STORAGE_ENABLED=(bool, False),
+    AZURE_STORAGE_CONNECTION_STRING=(str, None),
     AZURE_STORAGE_ACCOUNT=(str, None),
     AZURE_STORAGE_KEY=(str, None),
+    AZURE_STORAGE_TOKEN_CREDENTIAL=(str, None),
+    AZURE_STORAGE_MANAGED_IDENTITY=(bool, False),
+    # -- Filesystem (default) XXX: Don't use for production
+    DJANGO_MEDIA_ROOT=(str, os.path.join(BASE_DIR, "media")),
+    DJANGO_STATIC_ROOT=(str, os.path.join(BASE_DIR, "static")),
     # Email
     EMAIL_USE_TLS=(bool, True),
     FORCE_USE_SMTP=(bool, False),
@@ -132,6 +139,7 @@
 
 # Requires uppercase variable https://docs.djangoproject.com/en/2.1/topics/settings/#creating-your-own-settings
 
+
 def find_env_with_value(*keys: str) -> None | str:
     for key in keys:
         if env(key):
@@ -437,39 +445,65 @@ def parse_domain(*env_keys: str) -> str:
 IFRC_TRANSLATION_DOMAIN = env("IFRC_TRANSLATION_DOMAIN")
 IFRC_TRANSLATION_HEADER_API_KEY = env("IFRC_TRANSLATION_HEADER_API_KEY")
 
-MEDIA_URL = env("DJANGO_MEDIA_URL")
-MEDIA_ROOT = env("DJANGO_MEDIA_ROOT")
+# Needed to generate correct https links when running behind a reverse proxy
+# when SSL is terminated at the proxy
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_SCHEME", "https")
 
+# Storage
+MEDIA_URL = env("DJANGO_MEDIA_URL")
 STATIC_URL = env("DJANGO_STATIC_URL")
-STATIC_ROOT = env("DJANGO_STATIC_ROOT")
 
 STATICFILES_DIRS = [
     os.path.join(BASE_DIR, "go-static"),
 ]
 
-# Needed to generate correct https links when running behind a reverse proxy
-# when SSL is terminated at the proxy
-USE_X_FORWARDED_HOST = True
-SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_SCHEME", "https")
-
+# NOTE: This is used by api/logger.py which sends logs to azure storage
+# FIXME: Do we need this? We are also using loki for log collections
 AZURE_STORAGE_ACCOUNT = env("AZURE_STORAGE_ACCOUNT")
 AZURE_STORAGE_KEY = env("AZURE_STORAGE_KEY")
 
-AZURE_STORAGE = {
-    "CONTAINER": "api",
-    "ACCOUNT_NAME": AZURE_STORAGE_ACCOUNT,
-    "ACCOUNT_KEY": AZURE_STORAGE_KEY,
-    "CDN_HOST": None,
-    "USE_SSL": False,
-}
-# instead of: if AZURE_STORAGE_ACCOUNT: DEFAULT_FILE_STORAGE = "api.storage.AzureStorage"
-# > https://django-storages.readthedocs.io/en/latest/backends/azure.html
-
-AZURE_ACCOUNT_NAME = env("AZURE_STORAGE_ACCOUNT")
-AZURE_ACCOUNT_KEY = env("AZURE_STORAGE_KEY")
-AZURE_CONTAINER = "api"
-if AZURE_STORAGE_ACCOUNT:
-    DEFAULT_FILE_STORAGE = "storages.backends.azure_storage.AzureStorage"
+if env("AZURE_STORAGE_ENABLED"):
+
+    AZURE_STORAGE_CONFIG_OPTIONS = {
+        "connection_string": env("AZURE_STORAGE_CONNECTION_STRING"),
+        "overwrite_files": False,
+    }
+
+    if not env("AZURE_STORAGE_CONNECTION_STRING"):
+        AZURE_STORAGE_CONFIG_OPTIONS.update(
+            {
+                "account_name": env("AZURE_STORAGE_ACCOUNT"),
+                "account_key": env("AZURE_STORAGE_KEY"),
+                "token_credential": env("AZURE_STORAGE_TOKEN_CREDENTIAL"),
+            }
+        )
+
+        if env("AZURE_STORAGE_MANAGED_IDENTITY"):
+            AZURE_STORAGE_CONFIG_OPTIONS["token_credential"] = DefaultAzureCredential()
+
+    STORAGES = {
+        "default": {
+            "BACKEND": "storages.backends.azure_storage.AzureStorage",
+            "OPTIONS": {
+                **AZURE_STORAGE_CONFIG_OPTIONS,
+                "azure_container": "api",
+            },
+        },
+        # TODO: Use this instead of nginx for staticfiles
+        # "staticfiles": {
+        #     "BACKEND": "storages.backends.azure_storage.AzureStorage",
+        #     "OPTIONS": {
+        #         **AZURE_STORAGE_CONFIG_OPTIONS,
+        #         "azure_container": env("AZURE_STORAGE_STATIC_CONTAINER"),
+        #         "overwrite_files": True,
+        #     },
+        # },
+    }
+else:
+    # Filesystem
+    MEDIA_ROOT = env("DJANGO_MEDIA_ROOT")
+    STATIC_ROOT = env("DJANGO_STATIC_ROOT")
 
 # Email config
 FORCE_USE_SMTP = env("FORCE_USE_SMTP")

poetry.lock

@@ -41,7 +41,7 @@ django-modeltranslation = "==0.17.5"
 django-read-only = "==1.12.0"
 django-reversion-compare = "==0.16.2"
 django-reversion = "==5.0.12"
-django-storages = "==1.11.1"
+django-storages = { version = "==1.11.1", extras = ["azure"] }
 django-tinymce = "==4.1.0"
 django-oauth-toolkit = "3.0.1"
 djangorestframework-csv = "==2.1.1"
@@ -88,7 +88,7 @@ drf-spectacular = "*"
 pyjwt = "*"
 shapely = "*"
 colorlog = "*"
-
+azure-identity = "*"  # Required by django-storages[azure] if used
 mapbox-tilesets = "*"
 ipython = "*"
 tiktoken = "*"