From 37eb2bda30ed1f8c18748c1f4e7cc5988b9d2daf Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Thu, 4 May 2023 21:39:41 +0200
Subject: [PATCH] Fix s3_sync and s3_logging integration tests (#1801) (#1802)

Fix s3_sync and s3_logging integration tests

SUMMARY
See also: ansible-collections/amazon.aws#1511
At the end of April Amazon updated various S3 bucket defaults. Buckets now have public_access blocked by default, and object_owner set to "BucketOwnerEnforced".
https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/
This change to the defaults resulted in some of our tests failing.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
s3_sync
s3_logging
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis
(cherry picked from commit 4cad9ee5f676d0ab4d5499caf3fcf5977d96f603)

Co-authored-by: Mark Chappell <mchappel@redhat.com>
---
 changelogs/fragments/1797-s3-acls.yml               | 3 +++
 tests/integration/targets/s3_logging/tasks/main.yml | 2 ++
 tests/integration/targets/s3_sync/tasks/main.yml    | 3 +++
 3 files changed, 8 insertions(+)
 create mode 100644 changelogs/fragments/1797-s3-acls.yml

diff --git a/changelogs/fragments/1797-s3-acls.yml b/changelogs/fragments/1797-s3-acls.yml
new file mode 100644
index 00000000000..15d0cd14ec0
--- /dev/null
+++ b/changelogs/fragments/1797-s3-acls.yml
@@ -0,0 +1,3 @@
+trivial:
+- s3_sync - fix tests broken by AWS changing default permissions
+- s3_logging - fix tests broken by AWS changing default permissions
diff --git a/tests/integration/targets/s3_logging/tasks/main.yml b/tests/integration/targets/s3_logging/tasks/main.yml
index 269923237c6..f6c9a1710f1 100644
--- a/tests/integration/targets/s3_logging/tasks/main.yml
+++ b/tests/integration/targets/s3_logging/tasks/main.yml
@@ -46,6 +46,7 @@
     s3_bucket:
       state: present
       name: '{{ log_bucket_1 }}'
+      object_ownership: BucketOwnerPreferred
     register: output
   - assert:
       that:
@@ -56,6 +57,7 @@
     s3_bucket:
       state: present
       name: '{{ log_bucket_2 }}'
+      object_ownership: BucketOwnerPreferred
     register: output
   - assert:
       that:
diff --git a/tests/integration/targets/s3_sync/tasks/main.yml b/tests/integration/targets/s3_sync/tasks/main.yml
index 02411841805..08496cd74a6 100644
--- a/tests/integration/targets/s3_sync/tasks/main.yml
+++ b/tests/integration/targets/s3_sync/tasks/main.yml
@@ -15,6 +15,9 @@
       s3_bucket:
         name: "{{ test_bucket }}"
         state: present
+        public_access:
+          block_public_acls: false
+        object_ownership: BucketOwnerPreferred
       register: output
 
     - assert: