Skip to content

Commit

Permalink
aws_ssm signed url using v2 and thus aws_ssm generates incompatible c…
Browse files Browse the repository at this point in the history
…url request to download s3 object for ansible python (ansible-collections#352)

- AWS SDKs that were released before May 2016, request Signature Version 4
- fix generated url for aws s3 object for ansible python that executes ansible playbook usingh aws_ssm
  • Loading branch information
ramvalleru authored Jan 13, 2021
1 parent 013e886 commit 7ba8d35
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- aws_ssm - fix the generation of CURL URL used to download Ansible Python file from S3 bucket by ```_get_url()``` due to due to non-assignment of aws region in the URL and not using V4 signature as specified for AWS S3 signature URL by ```_get_boto_client()``` in (https://github.com/ansible-collections/community.aws/pull/352).
9 changes: 6 additions & 3 deletions plugins/connection/aws_ssm.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,6 @@
import os
import getpass
import json
import os
import pty
import random
import re
Expand All @@ -177,6 +176,7 @@
except ImportError as e:
HAS_BOTO_3_ERROR = str(e)
HAS_BOTO_3 = False
from botocore.client import Config

from functools import wraps
from ansible import constants as C
Expand Down Expand Up @@ -497,7 +497,8 @@ def _flush_stderr(self, subprocess):

def _get_url(self, client_method, bucket_name, out_path, http_method):
''' Generate URL for get_object / put_object '''
client = self._get_boto_client('s3')
region_name = self.get_option('region') or 'us-east-1'
client = self._get_boto_client('s3', region_name)
return client.generate_presigned_url(client_method, Params={'Bucket': bucket_name, 'Key': out_path}, ExpiresIn=3600, HttpMethod=http_method)

def _get_boto_client(self, service, region_name=None):
Expand All @@ -515,7 +516,9 @@ def _get_boto_client(self, service, region_name=None):
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=region_name)
region_name=region_name,
config=Config(signature_version="s3v4")
)
return client

@_ssm_retry
Expand Down

0 comments on commit 7ba8d35

Please sign in to comment.