From 4cad9ee5f676d0ab4d5499caf3fcf5977d96f603 Mon Sep 17 00:00:00 2001
From: Mark Chappell <mchappel@redhat.com>
Date: Thu, 4 May 2023 21:10:00 +0200
Subject: [PATCH] Fix s3_sync and s3_logging integration tests (#1801)

Fix s3_sync and s3_logging integration tests

SUMMARY
See also: ansible-collections/amazon.aws#1511
At the end of April Amazon updated various S3 bucket defaults. Buckets now have public_access blocked by default, and object_owner set to "BucketOwnerEnforced".
https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/
This change to the defaults resulted in some of our tests failing.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
s3_sync
s3_logging
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis
---
 changelogs/fragments/1797-s3-acls.yml               | 3 +++
 tests/integration/targets/s3_logging/aliases        | 3 ---
 tests/integration/targets/s3_logging/tasks/main.yml | 2 ++
 tests/integration/targets/s3_sync/aliases           | 3 ---
 tests/integration/targets/s3_sync/tasks/main.yml    | 3 +++
 5 files changed, 8 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/fragments/1797-s3-acls.yml

diff --git a/changelogs/fragments/1797-s3-acls.yml b/changelogs/fragments/1797-s3-acls.yml
new file mode 100644
index 00000000000..15d0cd14ec0
--- /dev/null
+++ b/changelogs/fragments/1797-s3-acls.yml
@@ -0,0 +1,3 @@
+trivial:
+- s3_sync - fix tests broken by AWS changing default permissions
+- s3_logging - fix tests broken by AWS changing default permissions
diff --git a/tests/integration/targets/s3_logging/aliases b/tests/integration/targets/s3_logging/aliases
index c3b9e5a23bc..4ef4b2067d0 100644
--- a/tests/integration/targets/s3_logging/aliases
+++ b/tests/integration/targets/s3_logging/aliases
@@ -1,4 +1 @@
 cloud/aws
-
-# https://github.com/ansible-collections/community.aws/issues/1797
-disabled
diff --git a/tests/integration/targets/s3_logging/tasks/main.yml b/tests/integration/targets/s3_logging/tasks/main.yml
index 269923237c6..f6c9a1710f1 100644
--- a/tests/integration/targets/s3_logging/tasks/main.yml
+++ b/tests/integration/targets/s3_logging/tasks/main.yml
@@ -46,6 +46,7 @@
     s3_bucket:
       state: present
       name: '{{ log_bucket_1 }}'
+      object_ownership: BucketOwnerPreferred
     register: output
   - assert:
       that:
@@ -56,6 +57,7 @@
     s3_bucket:
       state: present
       name: '{{ log_bucket_2 }}'
+      object_ownership: BucketOwnerPreferred
     register: output
   - assert:
       that:
diff --git a/tests/integration/targets/s3_sync/aliases b/tests/integration/targets/s3_sync/aliases
index c3b9e5a23bc..4ef4b2067d0 100644
--- a/tests/integration/targets/s3_sync/aliases
+++ b/tests/integration/targets/s3_sync/aliases
@@ -1,4 +1 @@
 cloud/aws
-
-# https://github.com/ansible-collections/community.aws/issues/1797
-disabled
diff --git a/tests/integration/targets/s3_sync/tasks/main.yml b/tests/integration/targets/s3_sync/tasks/main.yml
index 02411841805..08496cd74a6 100644
--- a/tests/integration/targets/s3_sync/tasks/main.yml
+++ b/tests/integration/targets/s3_sync/tasks/main.yml
@@ -15,6 +15,9 @@
       s3_bucket:
         name: "{{ test_bucket }}"
         state: present
+        public_access:
+          block_public_acls: false
+        object_ownership: BucketOwnerPreferred
       register: output
 
     - assert: