Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use HeadBucket instead of GetBucketLocation (#1979) #1987

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

raulpedroche
Copy link

SUMMARY

Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint().

The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account.

Fixes #1979.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

aws_ssm

ADDITIONAL INFORMATION

The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead.

# Before change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied
fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""}

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0 

# After change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered
Python interpreter at /usr/libexec/platform-python, but future installation of
another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [i-00a8cb5930bd5f7dc]

TASK [Ping] ********************************************************************
ok: [i-00a8cb5930bd5f7dc]

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/6eda50db34d649d29d271dd5432c5cd0

ansible-galaxy-importer FAILURE in 5m 27s (non-voting)
✔️ build-ansible-collection SUCCESS in 13m 02s
✔️ ansible-test-splitter SUCCESS in 5m 13s
✔️ integration-community.aws-1 SUCCESS in 9m 50s
✔️ integration-community.aws-2 SUCCESS in 12m 37s
✔️ integration-community.aws-3 SUCCESS in 6m 37s
Skipped 19 jobs

@fivetran-joliveira
Copy link

When trying to use a single organization bucket for cross-account connection

I'm facing the same error reported on #1979 in this exact scenario: single bucket for cross account connection
I'd love to see this PR merged. 🤞

@mdaffernaderant
Copy link

mdaffernaderant commented Feb 19, 2024

Would like to see this merged as well. Facing the exact error too.

@jacksod1
Copy link

What needs to be done in order to get this PR merged? I'd love to see this merged as well.

@dicknetherlands
Copy link

I have the same problem with this plugin and GetBucketLocation and it is blocking me from doing production deployments in a multi-region environment using Ansible and SSM.

When might this PR be reviewed/merged?

@markuman
Copy link
Member

markuman commented Jun 7, 2024

recheck

Copy link
Contributor

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/ansible-collections/community.aws for 1987,ddb05fe12eb3cd25e8cc6c84014b8e6f5791ad29

@markuman markuman added backport-7 PR should be backported to the stable-7 branch backport-8 labels Jun 7, 2024
@markuman markuman requested a review from hakbailey June 7, 2024 10:15
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/b2758ed4612b4500a110197e8e1791b4

ansible-galaxy-importer FAILURE in 5m 30s (non-voting)
✔️ build-ansible-collection SUCCESS in 18m 08s
✔️ ansible-test-splitter SUCCESS in 6m 49s
✔️ integration-community.aws-1 SUCCESS in 10m 45s
✔️ integration-community.aws-2 SUCCESS in 9m 49s
✔️ integration-community.aws-3 SUCCESS in 9m 49s
✔️ integration-community.aws-4 SUCCESS in 10m 59s
✔️ integration-community.aws-5 SUCCESS in 10m 13s
✔️ integration-community.aws-6 SUCCESS in 10m 30s
✔️ integration-community.aws-7 SUCCESS in 8m 45s
✔️ integration-community.aws-8 SUCCESS in 10m 56s
✔️ integration-community.aws-9 SUCCESS in 8m 27s
✔️ integration-community.aws-10 SUCCESS in 9m 48s
✔️ integration-community.aws-11 SUCCESS in 9m 36s
Skipped 11 jobs

@n0ct1s-k8sh
Copy link

Hi. I'm also affected in my job production environment.

Is there any major problem?

Thanks.

@markuman
Copy link
Member

Hi. I'm also affected in my job production environment.

Is there any major problem?

Thanks.

Currently we need a 2nd review.

cc @tremble @jillr @alinabuzachis @hakbailey

@iomarcovalente
Copy link

this is also blocking us. looking foward to see it merged

@alinabuzachis alinabuzachis added the mergeit Merge the PR (SoftwareFactory) label Jun 21, 2024
@markuman
Copy link
Member

regate

@markuman markuman added mergeit Merge the PR (SoftwareFactory) and removed mergeit Merge the PR (SoftwareFactory) labels Jun 24, 2024
@alinabuzachis
Copy link
Contributor

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/8c1a5f00231d4290b41f705a8eabc906

ansible-galaxy-importer FAILURE in 4m 38s (non-voting)
✔️ build-ansible-collection SUCCESS in 13m 00s
✔️ ansible-test-splitter SUCCESS in 5m 07s
integration-community.aws-1 FAILURE in 12m 55s
integration-community.aws-2 FAILURE in 13m 48s
integration-community.aws-3 FAILURE in 12m 59s
integration-community.aws-4 FAILURE in 12m 42s
integration-community.aws-5 FAILURE in 12m 22s
integration-community.aws-6 FAILURE in 12m 49s
integration-community.aws-7 FAILURE in 12m 54s
integration-community.aws-8 FAILURE in 12m 28s
integration-community.aws-9 FAILURE in 11m 45s
integration-community.aws-10 FAILURE in 12m 32s
✔️ integration-community.aws-11 SUCCESS in 5m 44s
Skipped 11 jobs

@markuman
Copy link
Member

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/71748f80e37541efb5c7238fe1edee4f

✔️ ansible-galaxy-importer SUCCESS in 8m 54s (non-voting)
✔️ build-ansible-collection SUCCESS in 12m 53s
✔️ ansible-test-splitter SUCCESS in 5m 00s
integration-community.aws-1 FAILURE in 13m 34s
integration-community.aws-2 FAILURE in 11m 54s
integration-community.aws-3 FAILURE in 12m 58s
integration-community.aws-4 FAILURE in 13m 50s
integration-community.aws-5 FAILURE in 14m 41s
integration-community.aws-6 FAILURE in 12m 39s
integration-community.aws-7 FAILURE in 11m 31s
integration-community.aws-8 FAILURE in 12m 48s
integration-community.aws-9 FAILURE in 12m 45s
integration-community.aws-10 FAILURE in 11m 11s
✔️ integration-community.aws-11 SUCCESS in 5m 23s
Skipped 11 jobs

@markuman
Copy link
Member

markuman commented Jul 2, 2024

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/508bc8621a3d4e71ab5ec9576557cf99

ansible-galaxy-importer FAILURE in 4m 35s (non-voting)
✔️ build-ansible-collection SUCCESS in 12m 30s
✔️ ansible-test-splitter SUCCESS in 5m 13s
integration-community.aws-1 FAILURE in 13m 21s
integration-community.aws-2 FAILURE in 13m 49s
integration-community.aws-3 FAILURE in 12m 09s
integration-community.aws-4 FAILURE in 12m 51s
integration-community.aws-5 FAILURE in 13m 01s
integration-community.aws-6 FAILURE in 11m 38s
integration-community.aws-7 FAILURE in 15m 40s
integration-community.aws-8 FAILURE in 12m 47s
integration-community.aws-9 FAILURE in 11m 31s
integration-community.aws-10 FAILURE in 11m 57s
✔️ integration-community.aws-11 SUCCESS in 5m 32s
Skipped 11 jobs

@markuman
Copy link
Member

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/d8b93e8d11d041bca0f8a524e815001f

ansible-galaxy-importer FAILURE in 4m 34s (non-voting)
✔️ build-ansible-collection SUCCESS in 12m 10s
✔️ ansible-test-splitter SUCCESS in 4m 58s
integration-community.aws-1 FAILURE in 13m 34s
integration-community.aws-2 FAILURE in 11m 23s
integration-community.aws-3 FAILURE in 15m 23s
integration-community.aws-4 FAILURE in 12m 21s
integration-community.aws-5 FAILURE in 14m 21s
integration-community.aws-6 FAILURE in 13m 11s
integration-community.aws-7 FAILURE in 14m 38s
integration-community.aws-8 FAILURE in 13m 31s
integration-community.aws-9 FAILURE in 14m 39s
integration-community.aws-10 FAILURE in 12m 42s
✔️ integration-community.aws-11 SUCCESS in 5m 22s
Skipped 11 jobs

@n0ct1s-k8sh
Copy link

Hi.

Is there any problem or something that we could do to move forward and merge this?

We are in a bit of a hurry because of our business deployments and deadlines. We don't wanna sound rude or disrespectful.

Thank you for your time and effort.

@markuman
Copy link
Member

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/fb892042c55446cb8fa551df19bd72ae

✔️ ansible-galaxy-importer SUCCESS in 3m 06s (non-voting)
✔️ build-ansible-collection SUCCESS in 10m 35s
✔️ ansible-test-splitter SUCCESS in 4m 09s
integration-community.aws-1 FAILURE in 14m 05s
integration-community.aws-2 FAILURE in 12m 33s
integration-community.aws-3 FAILURE in 13m 43s
integration-community.aws-4 FAILURE in 13m 55s
integration-community.aws-5 FAILURE in 12m 20s
integration-community.aws-6 FAILURE in 13m 48s
integration-community.aws-7 FAILURE in 11m 54s
integration-community.aws-8 FAILURE in 13m 59s
integration-community.aws-9 FAILURE in 13m 03s
integration-community.aws-10 FAILURE in 12m 21s
✔️ integration-community.aws-11 SUCCESS in 8m 00s
Skipped 11 jobs

@markuman
Copy link
Member

markuman commented Aug 1, 2024

I've no idea.
It's still this tasks that is failing?

grafik

Someone from the RedHat Team must take a look @alinabuzachis @hakbailey @tremble

@alinabuzachis
Copy link
Contributor

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/e6860e3fff514e788a3e8471d0bce934

ansible-galaxy-importer FAILURE in 4m 45s (non-voting)
✔️ build-ansible-collection SUCCESS in 10m 30s
✔️ ansible-test-splitter SUCCESS in 4m 15s
integration-community.aws-1 FAILURE in 13m 09s
integration-community.aws-2 FAILURE in 12m 36s
integration-community.aws-3 FAILURE in 14m 15s
integration-community.aws-4 FAILURE in 14m 00s
integration-community.aws-5 FAILURE in 13m 47s
integration-community.aws-6 FAILURE in 15m 31s
integration-community.aws-7 FAILURE in 11m 56s
integration-community.aws-8 FAILURE in 13m 56s
integration-community.aws-9 FAILURE in 12m 34s
integration-community.aws-10 FAILURE in 12m 31s
✔️ integration-community.aws-11 SUCCESS in 8m 31s
Skipped 11 jobs

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/be534b03afb54007aa4302fcf1d35fd9

✔️ ansible-galaxy-importer SUCCESS in 3m 23s (non-voting)
✔️ build-ansible-collection SUCCESS in 11m 02s
✔️ ansible-test-splitter SUCCESS in 4m 33s
integration-community.aws-1 FAILURE in 12m 17s
integration-community.aws-2 FAILURE in 14m 43s
integration-community.aws-3 FAILURE in 10m 22s
integration-community.aws-4 FAILURE in 13m 16s
integration-community.aws-5 FAILURE in 13m 56s
integration-community.aws-6 FAILURE in 12m 00s
integration-community.aws-7 FAILURE in 12m 13s
integration-community.aws-8 FAILURE in 15m 10s
integration-community.aws-9 FAILURE in 13m 21s
integration-community.aws-10 FAILURE in 13m 55s
✔️ integration-community.aws-11 SUCCESS in 5m 51s
Skipped 11 jobs

@markuman
Copy link
Member

regate

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/7decb0a13e6642d3bf002b9d4aa5a9ef

ansible-galaxy-importer FAILURE in 5m 40s (non-voting)
✔️ build-ansible-collection SUCCESS in 10m 26s
✔️ ansible-test-splitter SUCCESS in 4m 16s
integration-community.aws-1 FAILURE in 14m 24s
integration-community.aws-2 FAILURE in 14m 32s
integration-community.aws-3 FAILURE in 13m 11s
integration-community.aws-4 FAILURE in 14m 06s
integration-community.aws-5 FAILURE in 14m 03s
integration-community.aws-6 FAILURE in 13m 01s
integration-community.aws-7 FAILURE in 12m 41s
integration-community.aws-8 FAILURE in 12m 27s
integration-community.aws-9 FAILURE in 13m 20s
integration-community.aws-10 FAILURE in 12m 53s
✔️ integration-community.aws-11 SUCCESS in 5m 57s
Skipped 11 jobs

@n0ct1s-k8sh
Copy link

Greetings,

Is there any update for this? We have several production ops blocked because of this.

Thanks.

@alinabuzachis
Copy link
Contributor

recheck

Copy link
Contributor

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/df46c0b6c8ca40c3b50fbfbaeed9cd05

✔️ ansible-galaxy-importer SUCCESS in 3m 13s (non-voting)
✔️ build-ansible-collection SUCCESS in 10m 58s
✔️ ansible-test-splitter SUCCESS in 5m 31s
integration-community.aws-1 FAILURE in 13m 38s
integration-community.aws-2 FAILURE in 13m 13s
integration-community.aws-3 FAILURE in 14m 16s
integration-community.aws-4 FAILURE in 13m 34s
integration-community.aws-5 FAILURE in 14m 16s
integration-community.aws-6 FAILURE in 14m 15s
integration-community.aws-7 FAILURE in 13m 09s
integration-community.aws-8 FAILURE in 15m 52s
integration-community.aws-9 FAILURE in 13m 42s
integration-community.aws-10 FAILURE in 12m 22s
✔️ integration-community.aws-11 SUCCESS in 7m 03s
Skipped 11 jobs

@markuman
Copy link
Member

recheck

Copy link
Contributor

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/79514486e3004b93b6e3c572f22beb67

✔️ ansible-galaxy-importer SUCCESS in 14m 29s (non-voting)
✔️ build-ansible-collection SUCCESS in 10m 39s
✔️ ansible-test-splitter SUCCESS in 4m 06s
integration-community.aws-1 FAILURE in 13m 50s
integration-community.aws-2 FAILURE in 12m 04s
integration-community.aws-3 FAILURE in 13m 15s
integration-community.aws-4 FAILURE in 11m 14s
integration-community.aws-5 FAILURE in 12m 45s
integration-community.aws-6 FAILURE in 10m 31s
integration-community.aws-7 FAILURE in 14m 00s
integration-community.aws-8 FAILURE in 14m 25s
integration-community.aws-9 FAILURE in 14m 45s
integration-community.aws-10 FAILURE in 11m 31s
✔️ integration-community.aws-11 SUCCESS in 8m 55s
Skipped 11 jobs

Copy link
Contributor

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/b7f74342298740cf94e709d3a88543c0

✔️ ansible-galaxy-importer SUCCESS in 3m 39s (non-voting)
✔️ build-ansible-collection SUCCESS in 10m 35s
✔️ ansible-test-splitter SUCCESS in 3m 59s
integration-community.aws-1 FAILURE in 16m 15s
integration-community.aws-2 FAILURE in 13m 06s
integration-community.aws-3 FAILURE in 11m 31s
integration-community.aws-4 FAILURE in 16m 22s
integration-community.aws-5 FAILURE in 11m 40s
integration-community.aws-6 FAILURE in 11m 40s
integration-community.aws-7 FAILURE in 13m 08s
integration-community.aws-8 FAILURE in 15m 23s
integration-community.aws-9 FAILURE in 14m 08s
integration-community.aws-10 FAILURE in 10m 28s
✔️ integration-community.aws-11 SUCCESS in 5m 38s
Skipped 11 jobs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-7 PR should be backported to the stable-7 branch backport-8 mergeit Merge the PR (SoftwareFactory)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Unable to use aws_ssm connection with cross-account shared bucket
10 participants