[PR #1428/fa58965f backport][stable-5] Fix detection of ssm connection bucket region #1564
+7
−3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![patchback[bot]](https://avatars.githubusercontent.com/in/21488?s=60&v=4){kind=small}
Fix detection of ssm connection bucket region Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources SUMMARY PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than aws. (e.g. aws-us-gov). This change fixes this by building the bucket location client using _get_boto_client and the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region. Fixes bug introduced from #1176 Fixes #1413 ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_ssm connection plugin Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Alina Buzachis <None> Reviewed-by: Mark Chappell <None> (cherry picked from commit fa58965)
tremble
approved these changes
Oct 18, 2022
ansibullbot
added
bug
markuman
added
mergeit
softwarefactory-project-zuul
bot
deleted the
patchback/backports/stable-5/fa58965fceb8613d734242e552313199892c96d1/pr-1428
branch
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
abikouo
pushed a commit
to abikouo/community.aws
that referenced
this pull request
Oct 24, 2023
…sible-collections#1564) Switch to Ansible Galaxy compatible requirements files for tests SUMMARY See ansible-community/community-topics#230. ISSUE TYPE Test Pull Request COMPONENT NAME test requirements files Reviewed-by: Mark Chappell
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a backport of PR #1428 as merged into main (fa58965).
Fix detection of ssm connection bucket region by ensuring that the boto client is created normally and able to use supported credential sources
SUMMARY
PR #1176 introduced detection of an S3 bucket's region to handle cases where the bucket is in a different region than the SSM connection itself. This change did not use the preferred mechanism for creating client objects, which caused it to not have access to credentials from all supported sources. It also broke the ability to use this plugin in partitions other than
aws. (e.g.aws-us-gov).This change fixes this by building the bucket location client using
_get_boto_clientand the region for the connection to ensure it is both getting the proper credentials and starting in a region from the same partition as the client itself. From the default global region (or a hard-coded region), it will detect the bucket's region and continue S3 API calls using the bucket's own region.Fixes bug introduced from #1176
Fixes #1413
ISSUE TYPE
COMPONENT NAME
aws_ssm connection plugin