From 063dc7b7d777803be153551d0f835057c175d54e Mon Sep 17 00:00:00 2001 From: Tyler Schwend Date: Wed, 2 Mar 2022 14:46:18 -0500 Subject: [PATCH] feat: support enforced bucket owner object ownership --- plugins/modules/s3_bucket.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/modules/s3_bucket.py b/plugins/modules/s3_bucket.py index 700306a97e0..a948868f3ec 100644 --- a/plugins/modules/s3_bucket.py +++ b/plugins/modules/s3_bucket.py @@ -124,12 +124,16 @@ object_ownership: description: - Allow bucket's ownership controls. + - C(BucketOwnerEnforced) - ACLs are disabled and no longer affect access permissions to your + bucket. Requests to set or update ACLs fail. However, requests to read ACLs are supported. + Bucket owner has full ownership and control. +Object writer no longer has full ownership and control. - C(BucketOwnerPreferred) - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. - C(ObjectWriter) - The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. - This option cannot be used together with a I(delete_object_ownership) definition. - choices: [ 'BucketOwnerPreferred', 'ObjectWriter' ] + choices: [ 'BucketOwnerEnforced', 'BucketOwnerPreferred', 'ObjectWriter' ] type: str version_added: 2.0.0 delete_object_ownership: @@ -1016,7 +1020,7 @@ def main(): block_public_policy=dict(type='bool', default=False), restrict_public_buckets=dict(type='bool', default=False))), delete_public_access=dict(type='bool', default=False), - object_ownership=dict(type='str', choices=['BucketOwnerPreferred', 'ObjectWriter']), + object_ownership=dict(type='str', choices=['BucketOwnerEnforced', 'BucketOwnerPreferred', 'ObjectWriter']), delete_object_ownership=dict(type='bool', default=False), acl=dict(type='str', choices=['private', 'public-read', 'public-read-write', 'authenticated-read']), validate_bucket_name=dict(type='bool', default=True),