From 8fb0e6d97132fe8173b8a4ec7538df301b7a2d2c Mon Sep 17 00:00:00 2001
From: Joe Zollo <joe@zollo.net>
Date: Fri, 9 Sep 2022 14:27:56 -0400
Subject: [PATCH 1/4] implement changes to s3_object, update integration test
 and changelog

---
 ...-version-4-to-the-s3_object-geturl-mode.yml |  2 ++
 plugins/modules/s3_object.py                   | 12 ++++++++++--
 .../targets/s3_object/tasks/main.yml           | 18 +++++++++++++++++-
 3 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml

diff --git a/changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml b/changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
new file mode 100644
index 00000000000..6316598310c
--- /dev/null
+++ b/changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- s3_object - added the ``sig_v4`` paramater, enbling the user to opt in to signature version 4 for download/get operations. (https://github.com/ansible-collections/amazon.aws/issues/1013)
\ No newline at end of file
diff --git a/plugins/modules/s3_object.py b/plugins/modules/s3_object.py
index f18220f23b8..b9d1c124303 100644
--- a/plugins/modules/s3_object.py
+++ b/plugins/modules/s3_object.py
@@ -97,6 +97,12 @@
       - Keyname of the object inside the bucket.
       - Can be used to create "virtual directories", see examples.
     type: str
+  sig_v4:
+    description:
+      - Forces the Boto SDK to use Signature Version 4
+      - Only applies to get modes, I(mode=get), I(mode=getstr), I(mode=geturl)
+    default: false
+    type: bool
   permission:
     description:
       - This option lets the user set the canned permissions on the object/bucket that are created.
@@ -858,7 +864,7 @@ def get_s3_connection(module, aws_connect_kwargs, location, ceph, endpoint_url,
         params = dict(module=module, conn_type='client', resource='s3', region=location, endpoint=endpoint_url, **aws_connect_kwargs)
         if module.params['mode'] == 'put' and module.params['encryption_mode'] == 'aws:kms':
             params['config'] = botocore.client.Config(signature_version='s3v4')
-        elif module.params['mode'] in ('get', 'getstr') and sig_4:
+        elif module.params['mode'] in ('get', 'getstr', 'geturl') and sig_4:
             params['config'] = botocore.client.Config(signature_version='s3v4')
         if module.params['dualstack']:
             dualconf = botocore.client.Config(s3={'use_dualstack_endpoint': True})
@@ -959,6 +965,7 @@ def main():
         max_keys=dict(default=1000, type='int', no_log=False),
         metadata=dict(type='dict'),
         mode=dict(choices=['get', 'put', 'delete', 'create', 'geturl', 'getstr', 'delobj', 'list', 'copy'], required=True),
+        sig_v4=dict(default=False, type='bool')
         object=dict(),
         permission=dict(type='list', elements='str', default=['private']),
         version=dict(default=None),
@@ -1006,6 +1013,7 @@ def main():
     obj = module.params.get('object')
     version = module.params.get('version')
     overwrite = module.params.get('overwrite')
+    sig_v4 = module.params.get('sig_v4')
     prefix = module.params.get('prefix')
     retries = module.params.get('retries')
     endpoint_url = module.params.get('endpoint_url')
@@ -1064,7 +1072,7 @@ def main():
     if endpoint_url:
         for key in ['validate_certs', 'security_token', 'profile_name']:
             aws_connect_kwargs.pop(key, None)
-    s3 = get_s3_connection(module, aws_connect_kwargs, location, ceph, endpoint_url)
+    s3 = get_s3_connection(module, aws_connect_kwargs, location, ceph, endpoint_url, sig_v4)
 
     validate = not ignore_nonexistent_bucket
 
diff --git a/tests/integration/targets/s3_object/tasks/main.yml b/tests/integration/targets/s3_object/tasks/main.yml
index 9770a555eb6..7e3d6b4b6d3 100644
--- a/tests/integration/targets/s3_object/tasks/main.yml
+++ b/tests/integration/targets/s3_object/tasks/main.yml
@@ -23,7 +23,7 @@
 
     - name: Create content
       set_fact:
-          content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation') }}"
+        content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation') }}"
 
     - name: test create bucket without permissions
       module_defaults: { group/aws: {} }
@@ -337,6 +337,22 @@
           - "'Download url:' in result.msg"
           - result is changed
 
+    - name: test geturl of the object with sigv4
+      s3_object:
+        bucket: "{{ bucket_name }}"
+        mode: geturl
+        sig_v4: true
+        object: delete.txt
+      retries: 3
+      delay: 3
+      register: result
+      until: result is changed
+
+    - assert:
+        that:
+          - "'Download url:' in result.msg"
+          - result is changed
+
     - name: test getstr of the object
       s3_object:
         bucket: "{{ bucket_name }}"

From 1e5ac838ebed39741c3c88779b0ef45d3c2d9af6 Mon Sep 17 00:00:00 2001
From: Joe Zollo <joe@zollo.net>
Date: Fri, 9 Sep 2022 14:30:15 -0400
Subject: [PATCH 2/4] add missing comma

---
 plugins/modules/s3_object.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/modules/s3_object.py b/plugins/modules/s3_object.py
index b9d1c124303..5b9afad8cdb 100644
--- a/plugins/modules/s3_object.py
+++ b/plugins/modules/s3_object.py
@@ -965,7 +965,7 @@ def main():
         max_keys=dict(default=1000, type='int', no_log=False),
         metadata=dict(type='dict'),
         mode=dict(choices=['get', 'put', 'delete', 'create', 'geturl', 'getstr', 'delobj', 'list', 'copy'], required=True),
-        sig_v4=dict(default=False, type='bool')
+        sig_v4=dict(default=False, type='bool'),
         object=dict(),
         permission=dict(type='list', elements='str', default=['private']),
         version=dict(default=None),

From 32a122ecaa2f921e4f439461ac0ac846b8fb1c59 Mon Sep 17 00:00:00 2001
From: Joe Zollo <joe@zollo.net>
Date: Thu, 22 Sep 2022 15:03:10 -0400
Subject: [PATCH 3/4] apply suggested cosmetic fixes

---
 ...for-signature-version-4-to-the-s3_object-geturl-mode.yml} | 2 +-
 plugins/modules/s3_object.py                                 | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)
 rename changelogs/fragments/{1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml => 1014-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml} (70%)

diff --git a/changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml b/changelogs/fragments/1014-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
similarity index 70%
rename from changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
rename to changelogs/fragments/1014-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
index 6316598310c..733d1efb22e 100644
--- a/changelogs/fragments/1013-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
+++ b/changelogs/fragments/1014-add-support-for-signature-version-4-to-the-s3_object-geturl-mode.yml
@@ -1,2 +1,2 @@
 minor_changes:
-- s3_object - added the ``sig_v4`` paramater, enbling the user to opt in to signature version 4 for download/get operations. (https://github.com/ansible-collections/amazon.aws/issues/1013)
\ No newline at end of file
+- s3_object - added the ``sig_v4`` paramater, enbling the user to opt in to signature version 4 for download/get operations. (https://github.com/ansible-collections/amazon.aws/pull/1014)
diff --git a/plugins/modules/s3_object.py b/plugins/modules/s3_object.py
index 5b9afad8cdb..2bba378337f 100644
--- a/plugins/modules/s3_object.py
+++ b/plugins/modules/s3_object.py
@@ -99,10 +99,11 @@
     type: str
   sig_v4:
     description:
-      - Forces the Boto SDK to use Signature Version 4
-      - Only applies to get modes, I(mode=get), I(mode=getstr), I(mode=geturl)
+      - Forces the Boto SDK to use Signature Version 4.
+      - Only applies to get modes, I(mode=get), I(mode=getstr), I(mode=geturl).
     default: false
     type: bool
+    version_added: 5.0.0
   permission:
     description:
       - This option lets the user set the canned permissions on the object/bucket that are created.

From 6d5e18d8b8b0fbf8eb4e35bf77839b0336979765 Mon Sep 17 00:00:00 2001
From: Joe Zollo <joe@zollo.net>
Date: Thu, 22 Sep 2022 17:01:03 -0400
Subject: [PATCH 4/4] change sig_v4 param to true by default

---
 plugins/modules/s3_object.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/modules/s3_object.py b/plugins/modules/s3_object.py
index 2bba378337f..cfde5143f78 100644
--- a/plugins/modules/s3_object.py
+++ b/plugins/modules/s3_object.py
@@ -101,7 +101,7 @@
     description:
       - Forces the Boto SDK to use Signature Version 4.
       - Only applies to get modes, I(mode=get), I(mode=getstr), I(mode=geturl).
-    default: false
+    default: true
     type: bool
     version_added: 5.0.0
   permission:
@@ -966,7 +966,7 @@ def main():
         max_keys=dict(default=1000, type='int', no_log=False),
         metadata=dict(type='dict'),
         mode=dict(choices=['get', 'put', 'delete', 'create', 'geturl', 'getstr', 'delobj', 'list', 'copy'], required=True),
-        sig_v4=dict(default=False, type='bool'),
+        sig_v4=dict(default=True, type='bool'),
         object=dict(),
         permission=dict(type='list', elements='str', default=['private']),
         version=dict(default=None),