Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backend/s3: Ignore default workspace prefix errors #34511

Merged
merged 7 commits into from
Jan 9, 2024
Merged

backend/s3: Ignore default workspace prefix errors #34511

merged 7 commits into from
Jan 9, 2024

Conversation

gdavison
Copy link
Contributor

@gdavison gdavison commented Jan 9, 2024

In versions prior to v1.6, the S3 backend ignored all errors other than NoSuchBucket when listing workspaces. This allowed cases where the user did not have access to the default workspace prefix env: to succeed.

In order to preserve this behaviour, now ignore AccessDenied errors when the user does not have access to the default workspace prefix. If workspace_key_prefix is specified, AccessDenied errors will cause a failure.

Updates documentation to list permissions needed when using workspaces.

Fixes #34223

Target Release

1.7.0

Draft CHANGELOG entry

BUG FIXES

  • backend/s3: No longer returns error when IAM user or role does not have access to the default workspace prefix env:

@gdavison gdavison requested a review from a team as a code owner January 9, 2024 21:41
jar-b
jar-b approved these changes Jan 9, 2024
View reviewed changes
Copy link
Member

@jar-b jar-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉

% TF_ACC=1 go test ./internal/backend/remote-state/s3/...
ok      github.com/hashicorp/terraform/internal/backend/remote-state/s3 150.979s

website/docs/language/settings/backends/s3.mdx Outdated Show resolved Hide resolved
@gdavison gdavison added the 1.7-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Jan 9, 2024
@gdavison gdavison merged commit 2dba400 into main Jan 9, 2024
7 checks passed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 9, 2024

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

@teamterraform teamterraform mentioned this pull request Jan 9, 2024
Merged
@ewbankkit ewbankkit deleted the s3/ignore-default-workspace-prefix-errors branch January 10, 2024 14:30
@github-actions GitHub Actions
Copy link
Contributor

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jar-b jar-b jar-b approved these changes

Assignees
No one assigned
Labels
1.7-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Terraform error operation error S3: ListObjectsV2, https response error StatusCode: 403
2 participants
@gdavison @jar-b