Fix detection of ssm connection bucket region #1428
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
phene
force-pushed
the
fix-bucket-region-detection
branch
from
929e956 to
509611a
Compare
ansibullbot
added
bug
This was referenced Aug 30, 2022
Closed
phene
force-pushed
the
fix-bucket-region-detection
branch
from
8221576 to
ee2e080
Compare
added 2 commits
September 15, 2022 09:22
…to client is created normally and able to use supported credential sources
phene
force-pushed
the
fix-bucket-region-detection
branch
from
ee2e080 to
782752f
Compare
|
Bump |
markuman
reviewed
Oct 18, 2022
markuman
added
backport-4
alinabuzachis
approved these changes
Oct 18, 2022
Co-authored-by: Markus Bergholz <[email protected]>
tremble
reviewed
Oct 18, 2022
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
tremble
approved these changes
Oct 18, 2022
Backport to stable-4: 💚 backport PR created✅ Backport PR branch: Backported as #1563 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Oct 18, 2022
Fix detection of ssm connection bucket region Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources SUMMARY PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than aws. (e.g. aws-us-gov). This change fixes this by building the bucket location client using _get_boto_client and the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region. Fixes bug introduced from #1176 Fixes #1413 ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm connection plugin Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Alina Buzachis <None> Reviewed-by: Mark Chappell <None> (cherry picked from commit fa58965)
Backport to stable-5: 💚 backport PR created✅ Backport PR branch: Backported as #1564 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Oct 18, 2022
Fix detection of ssm connection bucket region Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources SUMMARY PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than aws. (e.g. aws-us-gov). This change fixes this by building the bucket location client using _get_boto_client and the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region. Fixes bug introduced from #1176 Fixes #1413 ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm connection plugin Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Alina Buzachis <None> Reviewed-by: Mark Chappell <None> (cherry picked from commit fa58965)
softwarefactory-project-zuul bot
pushed a commit
that referenced
this pull request
Nov 20, 2022
[PR #1428/fa58965f backport][stable-5] Fix detection of ssm connection bucket region This is a backport of PR #1428 as merged into main (fa58965). Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources SUMMARY PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than aws. (e.g. aws-us-gov). This change fixes this by building the bucket location client using _get_boto_client and the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region. Fixes bug introduced from #1176 Fixes #1413 ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm connection plugin Reviewed-by: Mark Chappell <None>
softwarefactory-project-zuul bot
pushed a commit
that referenced
this pull request
Dec 2, 2022
[PR #1428/fa58965f backport][stable-4] Fix detection of ssm connection bucket region This is a backport of PR #1428 as merged into main (fa58965). Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources SUMMARY PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than aws. (e.g. aws-us-gov). This change fixes this by building the bucket location client using _get_boto_client and the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region. Fixes bug introduced from #1176 Fixes #1413 ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm connection plugin Reviewed-by: Mark Chappell <None>
1 task
1 task
Closed
abikouo
added a commit
to abikouo/community.aws
that referenced
this pull request
Oct 24, 2023
fix github action
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources
SUMMARY
PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than
aws. (e.g.aws-us-gov).This change fixes this by building the bucket location client using
_get_boto_clientand the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region.Fixes bug introduced from #1176
Fixes #1413
ISSUE TYPE
COMPONENT NAME
aws_ssm connection plugin