Use HeadBucket instead of GetBucketLocation (#1979) #1987
Conversation
|
Build succeeded. ❌ ansible-galaxy-importer FAILURE in 5m 27s (non-voting) |
I'm facing the same error reported on #1979 in this exact scenario: |
|
Would like to see this merged as well. Facing the exact error too. |
|
What needs to be done in order to get this PR merged? I'd love to see this merged as well. |
|
I have the same problem with this plugin and GetBucketLocation and it is blocking me from doing production deployments in a multi-region environment using Ansible and SSM. When might this PR be reviewed/merged? |
|
recheck |
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
ba06771 to
c9a3758
Compare
|
Build succeeded. ❌ ansible-galaxy-importer FAILURE in 5m 30s (non-voting) |
|
Hi. I'm also affected in my job production environment. Is there any major problem? Thanks. |
Currently we need a 2nd review. |
|
this is also blocking us. looking foward to see it merged |
|
regate |
|
regate |
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/8c1a5f00231d4290b41f705a8eabc906 ❌ ansible-galaxy-importer FAILURE in 4m 38s (non-voting) |
|
regate |
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/71748f80e37541efb5c7238fe1edee4f ✔️ ansible-galaxy-importer SUCCESS in 8m 54s (non-voting) |
|
regate |
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/508bc8621a3d4e71ab5ec9576557cf99 ❌ ansible-galaxy-importer FAILURE in 4m 35s (non-voting) |
|
regate |
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/d8b93e8d11d041bca0f8a524e815001f ❌ ansible-galaxy-importer FAILURE in 4m 34s (non-voting) |
|
Build failed. ✔️ ansible-galaxy-importer SUCCESS in 3m 13s (non-voting) |
|
recheck |
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/79514486e3004b93b6e3c572f22beb67 ✔️ ansible-galaxy-importer SUCCESS in 14m 29s (non-voting) |
|
Build failed. ✔️ ansible-galaxy-importer SUCCESS in 3m 39s (non-voting) |
|
recheck |
|
Build failed. ❌ ansible-galaxy-importer FAILURE in 4m 26s (non-voting) |
|
recheck |
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/996058ab4ee94e2eb28e0ea74f67ed6d ❌ ansible-galaxy-importer FAILURE in 4m 38s (non-voting) |
|
Build failed. ✔️ ansible-galaxy-importer SUCCESS in 3m 15s (non-voting) |
|
recheck |
8dc063a to
462a840
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 21s (non-voting) |
|
Build succeeded (gate pipeline). ❌ ansible-galaxy-importer FAILURE in 4m 41s (non-voting) |
0ced1a5
into
ansible-collections:main
Backport to stable-8: 💚 backport PR created✅ Backport PR branch: Backported as #2215 🤖 @patchback |
SUMMARY Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint(). The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account. Fixes #1979. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm ADDITIONAL INFORMATION The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead. # Before change PLAY [Minimal playbook] ******************************************************** TASK [Gathering Facts] ********************************************************* An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""} PLAY RECAP ********************************************************************* i-00a8cb5930bd5f7dc : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 # After change PLAY [Minimal playbook] ******************************************************** TASK [Gathering Facts] ********************************************************* Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered Python interpreter at /usr/libexec/platform-python, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.15/reference_appendices/interpreter_discovery.html for more information. ok: [i-00a8cb5930bd5f7dc] TASK [Ping] ******************************************************************** ok: [i-00a8cb5930bd5f7dc] PLAY RECAP ********************************************************************* i-00a8cb5930bd5f7dc : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Alina Buzachis Reviewed-by: fabiolafm Reviewed-by: Bikouo Aubin (cherry picked from commit 0ced1a5)
Backport to stable-9: 💚 backport PR created✅ Backport PR branch: Backported as #2216 🤖 @patchback |
SUMMARY Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint(). The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account. Fixes #1979. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm ADDITIONAL INFORMATION The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead. # Before change PLAY [Minimal playbook] ******************************************************** TASK [Gathering Facts] ********************************************************* An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""} PLAY RECAP ********************************************************************* i-00a8cb5930bd5f7dc : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 # After change PLAY [Minimal playbook] ******************************************************** TASK [Gathering Facts] ********************************************************* Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered Python interpreter at /usr/libexec/platform-python, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.15/reference_appendices/interpreter_discovery.html for more information. ok: [i-00a8cb5930bd5f7dc] TASK [Ping] ******************************************************************** ok: [i-00a8cb5930bd5f7dc] PLAY RECAP ********************************************************************* i-00a8cb5930bd5f7dc : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Alina Buzachis Reviewed-by: fabiolafm Reviewed-by: Bikouo Aubin (cherry picked from commit 0ced1a5)
This is a backport of PR #1987 as merged into main (0ced1a5). SUMMARY Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint(). The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account. Fixes #1979. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm ADDITIONAL INFORMATION The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead. # Before change PLAY [Minimal playbook] ******************************************************** TASK [Gathering Facts] ********************************************************* An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""} PLAY RECAP ********************************************************************* i-00a8cb5930bd5f7dc : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 # After change PLAY [Minimal playbook] ******************************************************** TASK [Gathering Facts] ********************************************************* Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered Python interpreter at /usr/libexec/platform-python, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.15/reference_appendices/interpreter_discovery.html for more information. ok: [i-00a8cb5930bd5f7dc] TASK [Ping] ******************************************************************** ok: [i-00a8cb5930bd5f7dc] PLAY RECAP ********************************************************************* i-00a8cb5930bd5f7dc : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Reviewed-by: Mark Chappell
SUMMARY
Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint().
The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account.
Fixes #1979.
ISSUE TYPE
COMPONENT NAME
aws_ssm
ADDITIONAL INFORMATION
The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead.