Use HeadBucket instead of GetBucketLocation (#1979)

[raulpedroche]

SUMMARY

Replacing the call to get_bucket_location with a call to head_bucket in Connection._get_bucket_endpoint().

The GetBucketLocation API call only works from the bucket owner account. This enables using a bucket owned by another accout, e.g. a shared organization bucket when running cross-account.

Fixes #1979.

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

aws_ssm

ADDITIONAL INFORMATION

The official documentation for the GetBucketLocation API call states it is only supported for backwards compatibility and recomends using HeadBucket instead.

# Before change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied
fatal: [i-00a8cb5930bd5f7dc]: FAILED! => {"msg": "Unexpected failure during module execution: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied", "stdout": ""}

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0 

# After change
PLAY [Minimal playbook] ********************************************************

TASK [Gathering Facts] *********************************************************
Warning: : Platform linux on host i-00a8cb5930bd5f7dc is using the discovered
Python interpreter at /usr/libexec/platform-python, but future installation of
another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [i-00a8cb5930bd5f7dc]

TASK [Ping] ********************************************************************
ok: [i-00a8cb5930bd5f7dc]

PLAY RECAP *********************************************************************
i-00a8cb5930bd5f7dc        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[softwarefactory-project-zuul]

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/6eda50db34d649d29d271dd5432c5cd0

❌ ansible-galaxy-importer FAILURE in 5m 27s (non-voting)
✔️ build-ansible-collection SUCCESS in 13m 02s
✔️ ansible-test-splitter SUCCESS in 5m 13s
✔️ integration-community.aws-1 SUCCESS in 9m 50s
✔️ integration-community.aws-2 SUCCESS in 12m 37s
✔️ integration-community.aws-3 SUCCESS in 6m 37s
Skipped 19 jobs

[fivetran-joliveira]

When trying to use a single organization bucket for cross-account connection

I'm facing the same error reported on #1979 in this exact scenario: single bucket for cross account connection
I'd love to see this PR merged. 🤞

[mdaffernaderant]

Would like to see this merged as well. Facing the exact error too.

[jacksod1]

What needs to be done in order to get this PR merged? I'd love to see this merged as well.

[dicknetherlands]

I have the same problem with this plugin and GetBucketLocation and it is blocking me from doing production deployments in a multi-region environment using Ansible and SSM.

When might this PR be reviewed/merged?

[markuman]

recheck

[softwarefactory-project-zuul]

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/ansible-collections/community.aws for 1987,ddb05fe12eb3cd25e8cc6c84014b8e6f5791ad29

[softwarefactory-project-zuul]

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/b2758ed4612b4500a110197e8e1791b4

❌ ansible-galaxy-importer FAILURE in 5m 30s (non-voting)
✔️ build-ansible-collection SUCCESS in 18m 08s
✔️ ansible-test-splitter SUCCESS in 6m 49s
✔️ integration-community.aws-1 SUCCESS in 10m 45s
✔️ integration-community.aws-2 SUCCESS in 9m 49s
✔️ integration-community.aws-3 SUCCESS in 9m 49s
✔️ integration-community.aws-4 SUCCESS in 10m 59s
✔️ integration-community.aws-5 SUCCESS in 10m 13s
✔️ integration-community.aws-6 SUCCESS in 10m 30s
✔️ integration-community.aws-7 SUCCESS in 8m 45s
✔️ integration-community.aws-8 SUCCESS in 10m 56s
✔️ integration-community.aws-9 SUCCESS in 8m 27s
✔️ integration-community.aws-10 SUCCESS in 9m 48s
✔️ integration-community.aws-11 SUCCESS in 9m 36s
Skipped 11 jobs

[n0ct1s-k8sh]

Hi. I'm also affected in my job production environment.

Is there any major problem?

Thanks.

[markuman]

Hi. I'm also affected in my job production environment.

Is there any major problem?

Thanks.

Currently we need a 2nd review.

cc @tremble @jillr @alinabuzachis @hakbailey

[iomarcovalente]

this is also blocking us. looking foward to see it merged

[markuman]

regate

[alinabuzachis]

regate

[softwarefactory-project-zuul]

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/8c1a5f00231d4290b41f705a8eabc906

❌ ansible-galaxy-importer FAILURE in 4m 38s (non-voting)
✔️ build-ansible-collection SUCCESS in 13m 00s
✔️ ansible-test-splitter SUCCESS in 5m 07s
❌ integration-community.aws-1 FAILURE in 12m 55s
❌ integration-community.aws-2 FAILURE in 13m 48s
❌ integration-community.aws-3 FAILURE in 12m 59s
❌ integration-community.aws-4 FAILURE in 12m 42s
❌ integration-community.aws-5 FAILURE in 12m 22s
❌ integration-community.aws-6 FAILURE in 12m 49s
❌ integration-community.aws-7 FAILURE in 12m 54s
❌ integration-community.aws-8 FAILURE in 12m 28s
❌ integration-community.aws-9 FAILURE in 11m 45s
❌ integration-community.aws-10 FAILURE in 12m 32s
✔️ integration-community.aws-11 SUCCESS in 5m 44s
Skipped 11 jobs

[markuman]

regate

[softwarefactory-project-zuul]

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/71748f80e37541efb5c7238fe1edee4f

✔️ ansible-galaxy-importer SUCCESS in 8m 54s (non-voting)
✔️ build-ansible-collection SUCCESS in 12m 53s
✔️ ansible-test-splitter SUCCESS in 5m 00s
❌ integration-community.aws-1 FAILURE in 13m 34s
❌ integration-community.aws-2 FAILURE in 11m 54s
❌ integration-community.aws-3 FAILURE in 12m 58s
❌ integration-community.aws-4 FAILURE in 13m 50s
❌ integration-community.aws-5 FAILURE in 14m 41s
❌ integration-community.aws-6 FAILURE in 12m 39s
❌ integration-community.aws-7 FAILURE in 11m 31s
❌ integration-community.aws-8 FAILURE in 12m 48s
❌ integration-community.aws-9 FAILURE in 12m 45s
❌ integration-community.aws-10 FAILURE in 11m 11s
✔️ integration-community.aws-11 SUCCESS in 5m 23s
Skipped 11 jobs

[markuman]

regate

[softwarefactory-project-zuul]

Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

https://ansible.softwarefactory-project.io/zuul/buildset/508bc8621a3d4e71ab5ec9576557cf99

❌ ansible-galaxy-importer FAILURE in 4m 35s (non-voting)
✔️ build-ansible-collection SUCCESS in 12m 30s
✔️ ansible-test-splitter SUCCESS in 5m 13s
❌ integration-community.aws-1 FAILURE in 13m 21s
❌ integration-community.aws-2 FAILURE in 13m 49s
❌ integration-community.aws-3 FAILURE in 12m 09s
❌ integration-community.aws-4 FAILURE in 12m 51s
❌ integration-community.aws-5 FAILURE in 13m 01s
❌ integration-community.aws-6 FAILURE in 11m 38s
❌ integration-community.aws-7 FAILURE in 15m 40s
❌ integration-community.aws-8 FAILURE in 12m 47s
❌ integration-community.aws-9 FAILURE in 11m 31s
❌ integration-community.aws-10 FAILURE in 11m 57s
✔️ integration-community.aws-11 SUCCESS in 5m 32s
Skipped 11 jobs