Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use HeadBucket instead of GetBucketLocation (#1979) #1987

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Use HeadBucket instead of GetBucketLocation (#1979) #1987

wants to merge 3 commits into from
+5 −4

Conversation

raulpedroche
Copy link

SUMMARY

Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint().

The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account.

Fixes #1979.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

aws_ssm

ADDITIONAL INFORMATION

The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead.

# Before change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied
fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""}

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0 

# After change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered
Python interpreter at /usr/libexec/platform-python, but future installation of
another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [i-00a8cb5930bd5f7dc]

TASK [Ping] ********************************************************************
ok: [i-00a8cb5930bd5f7dc]

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/6eda50db34d649d29d271dd5432c5cd0

ansible-galaxy-importer FAILURE in 5m 27s (non-voting)
✔️ build-ansible-collection SUCCESS in 13m 02s
✔️ ansible-test-splitter SUCCESS in 5m 13s
✔️ integration-community.aws-1 SUCCESS in 9m 50s
✔️ integration-community.aws-2 SUCCESS in 12m 37s
✔️ integration-community.aws-3 SUCCESS in 6m 37s
Skipped 19 jobs

@fivetran-joliveira
Copy link

When trying to use a single organization bucket for cross-account connection

I'm facing the same error reported on #1979 in this exact scenario: single bucket for cross account connection
I'd love to see this PR merged. 🤞

@mdaffernaderant
Copy link

mdaffernaderant commented Feb 19, 2024
edited

Would like to see this merged as well. Facing the exact error too.

@jacksod1
Copy link

What needs to be done in order to get this PR merged? I'd love to see this merged as well.

@dicknetherlands
Copy link

I have the same problem with this plugin and GetBucketLocation and it is blocking me from doing production deployments in a multi-region environment using Ansible and SSM.

When might this PR be reviewed/merged?

@markuman
Copy link
Member

markuman commented Jun 7, 2024

recheck

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link
Contributor

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/ansible-collections/community.aws for 1987,ddb05fe12eb3cd25e8cc6c84014b8e6f5791ad29

@markuman markuman added backport-7 PR should be backported to the stable-7 branch backport-8 labels Jun 7, 2024
@markuman markuman requested a review from hakbailey June 7, 2024 10:15
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/b2758ed4612b4500a110197e8e1791b4

ansible-galaxy-importer FAILURE in 5m 30s (non-voting)
✔️ build-ansible-collection SUCCESS in 18m 08s
✔️ ansible-test-splitter SUCCESS in 6m 49s
✔️ integration-community.aws-1 SUCCESS in 10m 45s
✔️ integration-community.aws-2 SUCCESS in 9m 49s
✔️ integration-community.aws-3 SUCCESS in 9m 49s
✔️ integration-community.aws-4 SUCCESS in 10m 59s
✔️ integration-community.aws-5 SUCCESS in 10m 13s
✔️ integration-community.aws-6 SUCCESS in 10m 30s
✔️ integration-community.aws-7 SUCCESS in 8m 45s
✔️ integration-community.aws-8 SUCCESS in 10m 56s
✔️ integration-community.aws-9 SUCCESS in 8m 27s
✔️ integration-community.aws-10 SUCCESS in 9m 48s
✔️ integration-community.aws-11 SUCCESS in 9m 36s
Skipped 11 jobs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markuman markuman markuman approved these changes

@alinabuzachis alinabuzachis Awaiting requested review from alinabuzachis

@hakbailey hakbailey Awaiting requested review from hakbailey

Assignees
No one assigned
Labels
backport-7 PR should be backported to the stable-7 branch backport-8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unable to use aws_ssm connection with cross-account shared bucket
6 participants
@raulpedroche @fivetran-joliveira @mdaffernaderant @jacksod1 @dicknetherlands @markuman