Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

s3_bucket - be more forgiving when missing 'get' permissions for a parameter we're not trying to set #1406

Merged
merged 2 commits into from
Mar 6, 2023
Merged

s3_bucket - be more forgiving when missing 'get' permissions for a parameter we're not trying to set #1406

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bd4afbf
s3_bucket - be more forgiving when missing 'get' permissions for a pa…
tremble Mar 3, 2023
38a61e6
lint
tremble Mar 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/1352-s3-limited-permissions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- s3_bucket - handle missing read permissions more gracefully when possible (https://github.com/ansible-collections/amazon.aws/pull/1406).
30 changes: 29 additions & 1 deletion plugins/modules/s3_bucket.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -414,8 +414,12 @@ def create_or_update_bucket(s3_client, module):
try:
versioning_status = get_bucket_versioning(s3_client, name)
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if versioning is not None:
module.fail_json_aws(e, msg="Bucket versioning is not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if versioning is not None:
module.fail_json_aws(e, msg="Failed to get bucket versioning")
module.debug("AccessDenied fetching bucket versioning")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket versioning")
else:
Expand Down Expand Up @@ -445,8 +449,12 @@ def create_or_update_bucket(s3_client, module):
try:
requester_pays_status = get_bucket_request_payment(s3_client, name)
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if requester_pays is not None:
module.fail_json_aws(e, msg="Bucket request payment is not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if requester_pays is not None:
module.fail_json_aws(e, msg="Failed to get bucket request payment")
module.debug("AccessDenied fetching bucket request payment")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket request payment")
else:
Expand All @@ -468,8 +476,12 @@ def create_or_update_bucket(s3_client, module):
try:
current_policy = get_bucket_policy(s3_client, name)
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if policy is not None:
module.fail_json_aws(e, msg="Bucket policy is not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if policy is not None:
module.fail_json_aws(e, msg="Failed to get bucket policy")
module.debug("AccessDenied fetching bucket policy")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket policy")
else:
Expand Down Expand Up @@ -503,8 +515,12 @@ def create_or_update_bucket(s3_client, module):
try:
current_tags_dict = get_current_bucket_tags_dict(s3_client, name)
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if tags is not None:
module.fail_json_aws(e, msg="Bucket tagging is not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if tags is not None:
module.fail_json_aws(e, msg="Failed to get bucket tags")
module.debug("AccessDenied fetching bucket tags")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket tags")
else:
Expand Down Expand Up @@ -537,8 +553,12 @@ def create_or_update_bucket(s3_client, module):
try:
current_encryption = get_bucket_encryption(s3_client, name)
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if encryption is not None:
module.fail_json_aws(e, msg="Bucket encryption is not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if encryption is not None:
module.fail_json_aws(e, msg="Failed to get bucket encryption settings")
module.debug("AccessDenied fetching bucket encryption settings")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket encryption settings")
else:
Expand Down Expand Up @@ -578,8 +598,12 @@ def create_or_update_bucket(s3_client, module):
try:
current_public_access = get_bucket_public_access(s3_client, name)
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if public_access is not None:
module.fail_json_aws(e, msg="Bucket public access settings are not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if public_access is not None:
module.fail_json_aws(e, msg="Failed to get bucket public access configuration")
module.debug("AccessDenied fetching bucket public access settings")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket public access configuration")
else:
Expand Down Expand Up @@ -614,8 +638,12 @@ def create_or_update_bucket(s3_client, module):
if delete_object_ownership or object_ownership is not None:
module.fail_json_aws(e, msg="Failed to get bucket object ownership settings")
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
if delete_object_ownership or object_ownership is not None:
module.fail_json_aws(e, msg="Bucket object ownership is not supported by the current S3 Endpoint")
except is_boto3_error_code("AccessDenied") as e:
if delete_object_ownership or object_ownership is not None:
module.fail_json_aws(e, msg="Failed to get bucket object ownership settings")
module.debug("AccessDenied fetching bucket object ownership settings")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Failed to get bucket object ownership settings")
else:
Expand Down Expand Up @@ -644,7 +672,7 @@ def create_or_update_bucket(s3_client, module):
# other features.
module.fail_json_aws(e, msg="Failed to get bucket acl block")
except is_boto3_error_code(['NotImplemented', 'XNotImplemented']) as e:
module.fail_json_aws(e, msg="Failed to update bucket ACL")
module.fail_json_aws(e, msg="Bucket ACLs ar not supported by the current S3 Endpoint")
except is_boto3_error_code('AccessDenied') as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Access denied trying to update bucket ACL")
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: # pylint: disable=duplicate-except
Expand Down