From b29c6a6d68ffaf9c49b7d5d758d6cc7d65b22796 Mon Sep 17 00:00:00 2001 From: Abel Luck Date: Thu, 3 Sep 2020 19:54:29 +0200 Subject: [PATCH] aws_ssm connection plugin: fix s3 bucket handling (fixes #127) * always use signature version 4 * pass region to the bucket client * detect when curl fails and abort appropriately Some regions only support signature v4, and any bucket that is encrypted also requires v4 signatures. Likewise some regions require the region_name passed. --- plugins/connection/aws_ssm.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py index 777184fbeff..699ec3d0442 100644 --- a/plugins/connection/aws_ssm.py +++ b/plugins/connection/aws_ssm.py @@ -173,6 +173,7 @@ try: import boto3 + from botocore.client import Config HAS_BOTO_3 = True except ImportError as e: HAS_BOTO_3_ERROR = str(e) @@ -497,7 +498,9 @@ def _flush_stderr(self, subprocess): def _get_url(self, client_method, bucket_name, out_path, http_method): ''' Generate URL for get_object / put_object ''' - client = self._get_boto_client('s3') + config = Config(signature_version='s3v4', + region_name=self.get_option('region')) + client = boto3.client('s3', config=config) return client.generate_presigned_url(client_method, Params={'Bucket': bucket_name, 'Key': out_path}, ExpiresIn=3600, HttpMethod=http_method) def _get_boto_client(self, service, region_name=None): @@ -531,9 +534,9 @@ def _file_transport_command(self, in_path, out_path, ssm_action): get_command = "Invoke-WebRequest '%s' -OutFile '%s'" % ( self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET'), out_path) else: - put_command = "curl --request PUT --upload-file '%s' '%s'" % ( + put_command = "curl --show-error --silent --fail --request PUT --upload-file '%s' '%s'" % ( in_path, self._get_url('put_object', self.get_option('bucket_name'), s3_path, 'PUT')) - get_command = "curl '%s' -o '%s'" % ( + get_command = "curl --show-error --silent --fail '%s' -o '%s'" % ( self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET'), out_path) client = self._get_boto_client('s3')