search

ansible-collections / amazon.aws

Ansible Collection for Amazon AWS
GNU General Public License v3.0
304 stars 334 forks source link

aws_s3 can't `put` when bucket has ACLs disabled with `object_ownership` = `BucketOwnerEnforced` #863

Closed Tyler-2 closed 2 years ago

Tyler-2 commented 2 years ago

Summary

When I try to use aws_s3 to upload a file to a bucket where ACLs are disabled, it fails with:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessControlListNotSupported) when calling the PutObjectAcl operation: The bucket does not allow ACLs

I suspect that the module is simply attempting to specify ACLs for uploaded files unconditionally, and would either need to check whether the bucket has ACLs disabled before hand, or accept object ACLs as configuration items.

Issue Type

Bug Report

Component Name

aws_s3

Ansible Version

$ ansible --version`

ansible [core 2.12.4]
  config file = /home/tyler/Repos/px-partners/ansible.cfg
  configured module search path = ['/home/tyler/Repos/px-partners/programmatic-roles/library']
  ansible python module location = /home/tyler/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/tyler/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/tyler/.local/bin/ansible
  python version = 3.10.4 (main, Mar 24 2022, 13:07:27) [GCC 11.2.0]
  jinja version = 3.1.1
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /home/tyler/.local/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    2.2.0  
ansible.netcommon             2.6.1  
ansible.posix                 1.3.0  
ansible.utils                 2.5.2  
ansible.windows               1.9.0  
arista.eos                    3.1.0  
awx.awx                       19.4.0 
azure.azcollection            1.12.0 
check_point.mgmt              2.3.0  
chocolatey.chocolatey         1.2.0  
cisco.aci                     2.2.0  
cisco.asa                     2.1.0  
cisco.intersight              1.0.18 
cisco.ios                     2.8.1  
cisco.iosxr                   2.9.0  
cisco.ise                     1.2.1  
cisco.meraki                  2.6.1  
cisco.mso                     1.4.0  
cisco.nso                     1.0.3  
cisco.nxos                    2.9.1  
cisco.ucs                     1.8.0  
cloud.common                  2.1.0  
cloudscale_ch.cloud           2.2.1  
community.aws                 2.4.0  
community.azure               1.1.0  
community.ciscosmb            1.0.4  
community.crypto              2.2.4  
community.digitalocean        1.16.0 
community.dns                 2.0.9  
community.docker              2.3.0  
community.fortios             1.0.0  
community.general             4.7.0  
community.google              1.0.0  
community.grafana             1.3.3  
community.hashi_vault         2.4.0  
community.hrobot              1.2.3  
community.kubernetes          2.0.1  
community.kubevirt            1.0.0  
community.libvirt             1.0.2  
community.mongodb             1.3.3  
community.mysql               2.3.5  
community.network             3.1.0  
community.okd                 2.1.0  
community.postgresql          1.7.1  
community.proxysql            1.3.1  
community.rabbitmq            1.1.0  
community.routeros            2.0.0  
community.sap                 1.0.0  
community.skydive             1.0.0  
community.sops                1.2.1  
community.vmware              1.18.0 
community.windows             1.9.0  
community.zabbix              1.5.1  
containers.podman             1.9.3  
cyberark.conjur               1.1.0  
cyberark.pas                  1.0.13 
dellemc.enterprise_sonic      1.1.0  
dellemc.openmanage            4.4.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
f5networks.f5_modules         1.15.0 
fortinet.fortimanager         2.1.4  
fortinet.fortios              2.1.4  
frr.frr                       1.0.3  
gluster.gluster               1.0.2  
google.cloud                  1.0.2  
hetzner.hcloud                1.6.0  
hpe.nimble                    1.1.4  
ibm.qradar                    1.0.3  
infinidat.infinibox           1.3.3  
infoblox.nios_modules         1.2.1  
inspur.sm                     1.3.0  
junipernetworks.junos         2.10.0 
kubernetes.core               2.3.0  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.15.0
netapp.elementsw              21.7.0 
netapp.ontap                  21.17.3
netapp.storagegrid            21.10.0
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.3.0  
netbox.netbox                 3.6.0  
ngine_io.cloudstack           2.2.3  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.1  
openstack.cloud               1.7.2  
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   1.6.6  
purestorage.flasharray        1.12.1 
purestorage.flashblade        1.9.0  
sensu.sensu_go                1.13.0 
servicenow.servicenow         1.0.6  
splunk.es                     1.0.2  
t_systems_mms.icinga_director 1.28.0 
theforeman.foreman            2.2.0  
vyos.vyos                     2.8.0  
wti.remote                    1.0.3  

# /home/tyler/.ansible/collections/ansible_collections
Collection            Version
--------------------- -------
amazon.aws            3.3.0

AWS SDK versions

$ pip show boto boto3 botocore

WARNING: Package(s) not found: boto
Name: boto3
Version: 1.21.45
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/tyler/.local/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.24.45
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/tyler/.local/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce

- name: Upload a file to the bucket
  aws_s3:
    bucket: "{{ s3_bucket_name }}"
    object: "/out/test.txt"
    src: "test.txt"
    mode: put
  changed_when: false

Expected Results

I expect the file to upload without issue.

Actual Results

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessControlListNotSupported) when calling the PutObjectAcl operation: The bucket does not allow ACLs
fatal: [localhost]: FAILED! => {"boto3_version": "1.21.45", "botocore_version": "1.24.45", "changed": false, "error": {"code": "AccessControlListNotSupported", "message": "The bucket does not allow ACLs"}, "msg": "Unable to set object ACL: An error occurred (AccessControlListNotSupported) when calling the PutObjectAcl operation: The bucket does not allow ACLs", "response_metadata": {"host_id": "u0/PfRLv4ecD7ZNQnx4VDI7OXbsLSNoeL6icRX1HxoAQ1kbha7eX9YyhmC50b/k/AORoReWhEQ4=", "http_headers": {"connection": "close", "content-type": "application/xml", "date": "Mon, 06 Jun 2022 17:19:35 GMT", "server": "AmazonS3", "transfer-encoding": "chunked", "x-amz-id-2": "u0/PfRLv4ecD7ZNQnx4VDI7OXbsLSNoeL6icRX1HxoAQ1kbha7eX9YyhmC50b/k/AORoReWhEQ4=", "x-amz-request-id": "8PWXR597C2TTN6CX"}, "http_status_code": 400, "request_id": "8PWXR597C2TTN6CX", "retry_attempts": 0}}

Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 2 years ago

cc @jillr @linabuzachis @lwade @s-hertel @tremble click here for bot help