diff --git a/changelogs/fragments/1619-add-s3-bucket-endpoint-url-var-for-private-network-vpc-interface-endpoints.yml b/changelogs/fragments/1619-add-s3-bucket-endpoint-url-var-for-private-network-vpc-interface-endpoints.yml new file mode 100644 index 00000000000..845d0f5dc22 --- /dev/null +++ b/changelogs/fragments/1619-add-s3-bucket-endpoint-url-var-for-private-network-vpc-interface-endpoints.yml @@ -0,0 +1,2 @@ +minor_changes: +- aws_ssm - added support for specifying the endpoint to use when connecting to the S3 API (https://github.com/ansible-collections/community.aws/pull/1619). diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py index 0b1e12ff94a..487fb95c488 100644 --- a/plugins/connection/aws_ssm.py +++ b/plugins/connection/aws_ssm.py @@ -48,6 +48,11 @@ description: The name of the S3 bucket used for file transfers. vars: - name: ansible_aws_ssm_bucket_name + bucket_endpoint_url: + description: The S3 endpoint URL of the bucket used for file transfers. + vars: + - name: ansible_aws_ssm_bucket_endpoint_url + version_added: 5.3.0 plugin: description: This defines the location of the session-manager-plugin binary. vars: @@ -351,10 +356,12 @@ def _vvvv(self, message): self._display(display.vvvv, message) def _get_bucket_endpoint(self): - # Fetch the correct S3 endpoint for use with our bucket. - # If we don't explicitly set the endpoint then some commands will use the global - # endpoint and fail - # (new AWS regions and new buckets in a region other than the one we're running in) + """ + Fetches the correct S3 endpoint and region for use with our bucket. + If we don't explicitly set the endpoint then some commands will use the global + endpoint and fail + (new AWS regions and new buckets in a region other than the one we're running in) + """ region_name = self.get_option('region') or 'us-east-1' profile_name = self.get_option('profile') or '' @@ -368,6 +375,10 @@ def _get_bucket_endpoint(self): Bucket=(self.get_option('bucket_name')), ) bucket_region = bucket_location['LocationConstraint'] + + if self.get_option("bucket_endpoint_url"): + return self.get_option("bucket_endpoint_url"), bucket_region + # Create another client for the region the bucket lives in, so we can nab the endpoint URL self._vvvv(f"_get_bucket_endpoint: S3 (bucket region) - {bucket_region}") s3_bucket_client = self._get_boto_client( diff --git a/tests/integration/targets/connection_aws_ssm_endpoint/aliases b/tests/integration/targets/connection_aws_ssm_endpoint/aliases new file mode 100644 index 00000000000..eb8e0b8914b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_endpoint/aliases @@ -0,0 +1,4 @@ +time=10m + +cloud/aws +connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml b/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml new file mode 100644 index 00000000000..71c850e9d8f --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml @@ -0,0 +1,7 @@ +- hosts: localhost + roles: + - role: ../setup_connection_aws_ssm + vars: + target_os: fedora + test_suffix: endpoint + endpoint_url: 'https://s3.dualstack.{{ aws_region }}.amazonaws.com' diff --git a/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_teardown.yml b/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_teardown.yml new file mode 100644 index 00000000000..3ab6f74cf64 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_teardown.yml @@ -0,0 +1,5 @@ +- hosts: localhost + tasks: + - include_role: + name: ../setup_connection_aws_ssm + tasks_from: cleanup.yml diff --git a/tests/integration/targets/connection_aws_ssm_endpoint/meta/main.yml b/tests/integration/targets/connection_aws_ssm_endpoint/meta/main.yml new file mode 100644 index 00000000000..d055eb86e84 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_endpoint/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - connection + - setup_connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_endpoint/runme.sh b/tests/integration/targets/connection_aws_ssm_endpoint/runme.sh new file mode 100755 index 00000000000..c99b3b0663b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_endpoint/runme.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +PLAYBOOK_DIR=$(pwd) +set -eux + +CMD_ARGS=("$@") + +# Destroy Environment +cleanup() { + + cd "${PLAYBOOK_DIR}" + ansible-playbook -c local aws_ssm_integration_test_teardown.yml "${CMD_ARGS[@]}" + +} + +trap "cleanup" EXIT + +# Setup Environment +ansible-playbook -c local aws_ssm_integration_test_setup.yml "$@" + +# Export the AWS Keys +set +x +. ./aws-env-vars.sh +set -x + +cd ../connection + +# Execute Integration tests +INVENTORY="${PLAYBOOK_DIR}/ssm_inventory" ./test.sh \ + -e target_hosts=aws_ssm \ + "$@" diff --git a/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 index 54501856733..469fafc1334 100644 --- a/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 +++ b/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 @@ -44,6 +44,9 @@ ansible_aws_ssm_bucket_sse_kms_key_id=alias/{{ kms_key_name }} {% if use_ssm_document | default(False) %} ansible_aws_ssm_document={{ ssm_document_name }} {% endif %} +{% if endpoint_url | default(False) %} +ansible_aws_ssm_bucket_endpoint_url={{ endpoint_url }} +{% endif %} # support tests that target testhost [testhost:children]