Skip to content

Commit

Permalink
aws_ssm connection plugin: fix s3 bucket handling (fixes ansible-coll…
Browse files Browse the repository at this point in the history
…ections#127)

* always use signature version 4
* pass region to the bucket client
* detect when curl fails and abort appropriately

Some regions only support signature v4, and any bucket that is encrypted
also requires v4 signatures. Likewise some regions require the
region_name passed.
  • Loading branch information
abeluck committed Sep 3, 2020
1 parent a147040 commit b29c6a6
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions plugins/connection/aws_ssm.py
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,7 @@

try:
import boto3
from botocore.client import Config
HAS_BOTO_3 = True
except ImportError as e:
HAS_BOTO_3_ERROR = str(e)
Expand Down Expand Up @@ -497,7 +498,9 @@ def _flush_stderr(self, subprocess):

def _get_url(self, client_method, bucket_name, out_path, http_method):
''' Generate URL for get_object / put_object '''
client = self._get_boto_client('s3')
config = Config(signature_version='s3v4',
region_name=self.get_option('region'))
client = boto3.client('s3', config=config)
return client.generate_presigned_url(client_method, Params={'Bucket': bucket_name, 'Key': out_path}, ExpiresIn=3600, HttpMethod=http_method)

def _get_boto_client(self, service, region_name=None):
Expand Down Expand Up @@ -531,9 +534,9 @@ def _file_transport_command(self, in_path, out_path, ssm_action):
get_command = "Invoke-WebRequest '%s' -OutFile '%s'" % (
self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET'), out_path)
else:
put_command = "curl --request PUT --upload-file '%s' '%s'" % (
put_command = "curl --show-error --silent --fail --request PUT --upload-file '%s' '%s'" % (
in_path, self._get_url('put_object', self.get_option('bucket_name'), s3_path, 'PUT'))
get_command = "curl '%s' -o '%s'" % (
get_command = "curl --show-error --silent --fail '%s' -o '%s'" % (
self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET'), out_path)

client = self._get_boto_client('s3')
Expand Down

0 comments on commit b29c6a6

Please sign in to comment.