-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updating module S3 Bucket Keys for SSE-KMS #882
updating module S3 Bucket Keys for SSE-KMS #882
Conversation
@chirag1603 this PR contains the following merge commits: Please rebase your branch to remove these commits. |
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking the time to submit this PR. I've added some initial comments.
Please take a look at the failing tests (sanity and integration). I suspect the failed integration tests are because the default value was set to False, rather than setting no default.
Additionally, please rebase your PR, it looks like there's a lot of temporary debugging and merge commits: https://www.atlassian.com/git/tutorials/rewriting-history/git-rebase
@chirag1603 this PR contains the following merge commits: Please rebase your branch to remove these commits. |
@chirag1603 this PR contains the following merge commits: Please rebase your branch to remove these commits. |
@chirag1603 this PR contains the following merge commits: Please rebase your branch to remove these commits. |
@chirag1603 this PR contains the following merge commits: Please rebase your branch to remove these commits. |
Done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we're heading in the right direction...
There's a couple of minor docs issues, however it also looks like what's being returned in encryption
isn't compatible with what's returned as for simple SSE
- output.changed | ||
- output.encryption |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the output:
2022-06-30 12:33:30.543586 | controller | TASK [s3_bucket : Enable bucket key for bucket with aws:kms encryption] ********
2022-06-30 12:33:30.548091 | controller | task path: /home/zuul/.ansible/collections/ansible_collections/amazon/aws/tests/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_bucket_key.yml:27
2022-06-30 12:33:30.548947 | controller | changed: [encryption_bucket_key] => {
2022-06-30 12:33:30.548970 | controller | "changed": true,
2022-06-30 12:33:30.548979 | controller | "encryption": {
2022-06-30 12:33:30.548986 | controller | "ResponseMetadata": {
2022-06-30 12:33:30.548993 | controller | "HTTPHeaders": {
2022-06-30 12:33:30.549000 | controller | "date": "Thu, 30 Jun 2022 12:33:30 GMT",
2022-06-30 12:33:30.549014 | controller | "server": "AmazonS3",
2022-06-30 12:33:30.549022 | controller | "transfer-encoding": "chunked",
2022-06-30 12:33:30.549029 | controller | "x-amz-id-2": "MrzpYivR6wKskVGQkANi9QR2P8r/VbcwDo6tTG7SHyrn6WVIQKwBwmFM/si5KXLmPrG1f+jV3sg=",
2022-06-30 12:33:30.549038 | controller | "x-amz-request-id": "DDXSP72CXZ3PW81Y"
2022-06-30 12:33:30.549045 | controller | },
2022-06-30 12:33:30.549052 | controller | "HTTPStatusCode": 200,
2022-06-30 12:33:30.549067 | controller | "HostId": "MrzpYivR6wKskVGQkANi9QR2P8r/VbcwDo6tTG7SHyrn6WVIQKwBwmFM/si5KXLmPrG1f+jV3sg=",
2022-06-30 12:33:30.549075 | controller | "RequestId": "DDXSP72CXZ3PW81Y",
2022-06-30 12:33:30.549082 | controller | "RetryAttempts": 0
2022-06-30 12:33:30.549089 | controller | },
2022-06-30 12:33:30.549097 | controller | "ServerSideEncryptionConfiguration": {
2022-06-30 12:33:30.549104 | controller | "Rules": [
2022-06-30 12:33:30.549111 | controller | {
2022-06-30 12:33:30.549119 | controller | "ApplyServerSideEncryptionByDefault": {
2022-06-30 12:33:30.549126 | controller | "SSEAlgorithm": "aws:kms"
2022-06-30 12:33:30.549133 | controller | },
2022-06-30 12:33:30.549140 | controller | "BucketKeyEnabled": true
2022-06-30 12:33:30.549148 | controller | }
2022-06-30 12:33:30.549155 | controller | ]
2022-06-30 12:33:30.549162 | controller | }
2022-06-30 12:33:30.549169 | controller | },
2022-06-30 12:33:30.549177 | controller | "invocation": {
2022-06-30 12:33:30.549184 | controller | "module_args": {
2022-06-30 12:33:30.549190 | controller | "acl": null,
2022-06-30 12:33:30.549197 | controller | "aws_access_key": "ASIA6CCDWXDOLAKDTBC7",
2022-06-30 12:33:30.549204 | controller | "aws_ca_bundle": null,
2022-06-30 12:33:30.549210 | controller | "aws_config": null,
2022-06-30 12:33:30.549217 | controller | "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
2022-06-30 12:33:30.549223 | controller | "bucket_key_enabled": true,
2022-06-30 12:33:30.549230 | controller | "ceph": false,
2022-06-30 12:33:30.549237 | controller | "debug_botocore_endpoint_logs": true,
2022-06-30 12:33:30.549243 | controller | "delete_object_ownership": false,
2022-06-30 12:33:30.549250 | controller | "delete_public_access": false,
2022-06-30 12:33:30.549256 | controller | "ec2_url": null,
2022-06-30 12:33:30.549263 | controller | "encryption": "aws:kms",
2022-06-30 12:33:30.549270 | controller | "encryption_key_id": null,
2022-06-30 12:33:30.549277 | controller | "force": false,
2022-06-30 12:33:30.549284 | controller | "name": "103bcc7ff588ca72c92b997bf1fcf869-bucket-key",
2022-06-30 12:33:30.549291 | controller | "object_ownership": null,
2022-06-30 12:33:30.549298 | controller | "policy": null,
2022-06-30 12:33:30.549305 | controller | "profile": null,
2022-06-30 12:33:30.549312 | controller | "public_access": null,
2022-06-30 12:33:30.549319 | controller | "purge_tags": true,
2022-06-30 12:33:30.549326 | controller | "region": "us-east-1",
2022-06-30 12:33:30.549333 | controller | "requester_pays": null,
2022-06-30 12:33:30.549340 | controller | "s3_url": null,
2022-06-30 12:33:30.549347 | controller | "security_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
2022-06-30 12:33:30.549353 | controller | "state": "present",
2022-06-30 12:33:30.549360 | controller | "tags": null,
2022-06-30 12:33:30.549367 | controller | "validate_bucket_name": true,
2022-06-30 12:33:30.549374 | controller | "validate_certs": true,
2022-06-30 12:33:30.549381 | controller | "versioning": null
2022-06-30 12:33:30.549387 | controller | }
2022-06-30 12:33:30.549395 | controller | },
2022-06-30 12:33:30.549402 | controller | "name": "103bcc7ff588ca72c92b997bf1fcf869-bucket-key",
2022-06-30 12:33:30.549409 | controller | "object_ownership": null,
2022-06-30 12:33:30.549416 | controller | "policy": null,
2022-06-30 12:33:30.549423 | controller | "requester_pays": null,
2022-06-30 12:33:30.549430 | controller | "resource_actions": [
2022-06-30 12:33:30.549438 | controller | "s3:PutBucketEncryption",
2022-06-30 12:33:30.549445 | controller | "s3:GetBucketOwnershipControls",
2022-06-30 12:33:30.549452 | controller | "s3:GetPublicAccessBlock",
2022-06-30 12:33:30.549463 | controller | "s3:GetBucketVersioning",
2022-06-30 12:33:30.549471 | controller | "s3:HeadBucket",
2022-06-30 12:33:30.549478 | controller | "s3:GetBucketTagging",
2022-06-30 12:33:30.549485 | controller | "s3:GetBucketEncryption",
2022-06-30 12:33:30.549492 | controller | "s3:GetBucketRequestPayment",
2022-06-30 12:33:30.549500 | controller | "s3:GetBucketPolicy"
2022-06-30 12:33:30.549507 | controller | ],
2022-06-30 12:33:30.549514 | controller | "tags": {},
2022-06-30 12:33:30.549521 | controller | "versioning": {
2022-06-30 12:33:30.549529 | controller | "MfaDelete": "Disabled",
2022-06-30 12:33:30.549536 | controller | "Versioning": "Disabled"
2022-06-30 12:33:30.549543 | controller | }
2022-06-30 12:33:30.549550 | controller | }
This is returning something incompatible with the "encryption" output from simply enabling SSE with KMS:
2022-06-30 12:33:29.348311 | controller | "encryption": {
2022-06-30 12:33:29.348319 | controller | "SSEAlgorithm": "aws:kms"
2022-06-30 12:33:29.348327 | controller | },
Co-authored-by: Mark Chappell <[email protected]>
Co-authored-by: Mark Chappell <[email protected]>
Co-authored-by: Mark Chappell <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@chirag1603 Thank you for taking time to work on this. Could you please add a changelog fragment https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to?
Backport to stable-4: 💚 backport PR created✅ Backport PR branch: Backported as #910 🤖 @patchback |
updating module S3 Bucket Keys for SSE-KMS SUMMARY refrence: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html Adding Parameter to enable to s3 bucket keys only when the encryption is aws:kms ISSUE TYPE New Module Pull Request COMPONENT NAME s3 bucket keys ADDITIONAL INFORMATION Reviewed-by: Mark Chappell <None> Reviewed-by: Alina Buzachis <None> Reviewed-by: Milan Zink <[email protected]> (cherry picked from commit ca9ed18)
[PR #882/ca9ed180 backport][stable-4] updating module S3 Bucket Keys for SSE-KMS This is a backport of PR #882 as merged into main (ca9ed18). SUMMARY refrence: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html Adding Parameter to enable to s3 bucket keys only when the encryption is aws:kms ISSUE TYPE New Module Pull Request COMPONENT NAME s3 bucket keys ADDITIONAL INFORMATION Reviewed-by: Mark Chappell <None>
) migrate from ansible.netcommon to ansible.utils SUMMARY This is a maintenance task to migrate from ansible.netcommon to ansible.utils. I was trying to fix an issue in that module, but I was told the functions have moved to ansible.utils. See ansible-collections/ansible.netcommon#362 (comment) ISSUE TYPE Bugfix Pull Request COMPONENT NAME Existing integration tests that use the ansible.netcommon module. No module uses netcommon, only integration tests. ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None> Reviewed-by: Markus Bergholz <[email protected]> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5e5f754
) migrate from ansible.netcommon to ansible.utils SUMMARY This is a maintenance task to migrate from ansible.netcommon to ansible.utils. I was trying to fix an issue in that module, but I was told the functions have moved to ansible.utils. See ansible-collections/ansible.netcommon#362 (comment) ISSUE TYPE Bugfix Pull Request COMPONENT NAME Existing integration tests that use the ansible.netcommon module. No module uses netcommon, only integration tests. ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None> Reviewed-by: Markus Bergholz <[email protected]> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5e5f754
) migrate from ansible.netcommon to ansible.utils SUMMARY This is a maintenance task to migrate from ansible.netcommon to ansible.utils. I was trying to fix an issue in that module, but I was told the functions have moved to ansible.utils. See ansible-collections/ansible.netcommon#362 (comment) ISSUE TYPE Bugfix Pull Request COMPONENT NAME Existing integration tests that use the ansible.netcommon module. No module uses netcommon, only integration tests. ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None> Reviewed-by: Markus Bergholz <[email protected]>
SUMMARY
refrence: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html
Adding Parameter to enable to s3 bucket keys only when the encryption is aws:kms
ISSUE TYPE
COMPONENT NAME
s3 bucket keys
ADDITIONAL INFORMATION