-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s3_object - ignore_nonexistent_bucket is not used when listing a bucket #966
Labels
Comments
Files identified in the description: If these files are inaccurate, please update the |
ansibullbot
added
bug
This issue/PR relates to a bug
needs_triage
python3
traceback
labels
Aug 11, 2022
tremble
changed the title
ignore_nonexistent_bucket is not used when listing a bucket
s3_object - ignore_nonexistent_bucket is not used when listing a bucket
Aug 11, 2022
akiuni
pushed a commit
to akiuni/amazon.aws
that referenced
this issue
Aug 11, 2022
akiuni
pushed a commit
to akiuni/amazon.aws
that referenced
this issue
Aug 11, 2022
akiuni
pushed a commit
to akiuni/amazon.aws
that referenced
this issue
Aug 12, 2022
1 task
1 task
abikouo
pushed a commit
to abikouo/amazon.aws
that referenced
this issue
Sep 18, 2023
elb_target_group - support target_type alb SUMMARY Add support for target_type alb and integration tests Update documentation for clarity Fixes ansible-collections#891 ISSUE TYPE Feature Pull Request COMPONENT NAME elb_target_group Reviewed-by: Mark Woolley <[email protected]> Reviewed-by: Mandar Kulkarni <[email protected]> Reviewed-by: Alina Buzachis <None> Reviewed-by: Markus Bergholz <[email protected]>
abikouo
pushed a commit
to abikouo/amazon.aws
that referenced
this issue
Sep 18, 2023
elb_target_group - support target_type alb SUMMARY Add support for target_type alb and integration tests Update documentation for clarity Fixes ansible-collections#891 ISSUE TYPE Feature Pull Request COMPONENT NAME elb_target_group Reviewed-by: Mark Woolley <[email protected]> Reviewed-by: Mandar Kulkarni <[email protected]> Reviewed-by: Alina Buzachis <None> Reviewed-by: Markus Bergholz <[email protected]>
abikouo
pushed a commit
to abikouo/amazon.aws
that referenced
this issue
Oct 24, 2023
elb_target_group - support target_type alb SUMMARY Add support for target_type alb and integration tests Update documentation for clarity Fixes ansible-collections#891 ISSUE TYPE Feature Pull Request COMPONENT NAME elb_target_group Reviewed-by: Mark Woolley <[email protected]> Reviewed-by: Mandar Kulkarni <[email protected]> Reviewed-by: Alina Buzachis <None> Reviewed-by: Markus Bergholz <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When ansible has the permission to read a subpath of a bucket but not the root path, the list mode fails with a 403 error:
Example:
Error message:
An error occurred (403) when calling the HeadBucket operation: Forbidden",
My suggestion would be to use the
validate
argument in line 1155 like in line 1070 (got from the ignore_nonexistent_bucket )By the way,
ignore_nonexistent_bucket
could be renamed tobypass_permission_control
because it is what it really doesIssue Type
Bug Report
Component Name
amazon.aws.aws_s3
Ansible Version
Collection Versions
AWS SDK versions
Configuration
OS / Environment
alpine (docker container)
Steps to Reproduce
``
local_action:
module: amazon.aws.aws_s3
profile: ansible-profile
bucket: my-bucket
prefix: allowed/sub/path
ignore_nonexistent_bucket: yes
mode: list
register: my_var
run_once: true
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_amazon.aws.aws_s3_payload_zh3ohb_y/ansible_amazon.aws.aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/modules/s3_object.py", line 481, in bucket_check
File "/usr/lib/python3.8/site-packages/botocore/client.py", line 508, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python3.8/site-packages/botocore/client.py", line 915, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden
fatal: [valid-tst -> localhost]: FAILED! => {
"boto3_version": "1.24.48",
"botocore_version": "1.27.48",
"changed": false,
"error": {
"code": "403",
"message": "Forbidden"
},
"invocation": {
"module_args": {
"aws_access_key": null,
"aws_ca_bundle": null,
"aws_config": null,
"aws_secret_key": null,
"bucket": "my-bucket",
"content": null,
"content_base64": null,
"copy_src": null,
"debug_botocore_endpoint_logs": false,
"dest": null,
"dualstack": false,
"ec2_url": null,
"encrypt": true,
"encryption_kms_key_id": null,
"encryption_mode": "AES256",
"expiry": 600,
"headers": null,
"ignore_nonexistent_bucket": true,
"marker": "",
"max_keys": 1000,
"metadata": null,
"mode": "list",
"object": null,
"overwrite": "different",
"permission": [
"private"
],
"prefix": "allowed/sub/path",
"profile": "ansible-profile",
"purge_tags": true,
"region": null,
"retries": 0,
"rgw": false,
"s3_url": null,
"security_token": null,
"src": null,
"tags": null,
"validate_bucket_name": true,
"validate_certs": true,
"version": null
}
},
"msg": "Failed while looking up bucket (during bucket_check) my-bucket.: An error occurred (403) when calling the HeadBucket operation: Forbidden",
"response_metadata": {
"host_id": "EhSYJQlLXgTibLCo0ewG0ccAuZBht8uEvG1AisMPo3ar86hHK4YS4fIOqwarhWliFAHQDbeaggA=",
"http_headers": {
"content-type": "application/xml",
"date": "Thu, 11 Aug 2022 09:48:05 GMT",
"server": "AmazonS3",
"x-amz-bucket-region": "eu-west-1",
"x-amz-id-2": "EhSYJQlLXgTibLCo0ewG0ccAuZBht8uEvG1AisMPo3ar86hHK4YS4fIOqwarhWliFAHQDbeaggA=",
"x-amz-request-id": "018GCMEQPVVANEVP"
},
"http_status_code": 403,
"request_id": "018GCMEQPVVANEVP",
"retry_attempts": 0
}
}
The text was updated successfully, but these errors were encountered: