You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running on a base image that only allows FIPS cryptography algorithms the s3_lifecycle module fails to submit changes to the bucket lifecycle configuration. The call that fails is the AWS SDK call put_bucket_lifecycle_configuration.
The error returned by AWS when making this call is Missing required header for this request: Content-MD5.
This could be fixed by adding an argument to the task that allows specifying the checksum algorithm to use, from the valid list in the docs. This way, in environments that do not support certain algorithms, we can specify something like SHA256.
$ pip show boto boto3 botocoreWARNING: Package(s) not found: botoName: boto3Version: 1.34.5Summary: The AWS SDK for PythonHome-page: https://github.com/boto/boto3Author: Amazon Web ServicesAuthor-email:License: Apache License 2.0Location: /opt/service/.local/lib/python3.10/site-packagesRequires: botocore, jmespath, s3transferRequired-by:---Name: botocoreVersion: 1.34.5Summary: Low-level, data-driven core of boto 3.Home-page: https://github.com/boto/botocoreAuthor: Amazon Web ServicesAuthor-email:License: Apache License 2.0Location: /opt/service/.local/lib/python3.10/site-packagesRequires: jmespath, python-dateutil, urllib3Required-by: boto3, s3transfer
Configuration
$ ansible-config dump --only-changed
OS / Environment
No response
Steps to Reproduce
# On a system with a FIPS compiled cryptography moduleexport AWS_USE_FIPS_ENDPOINT=true
...
aws.community.s3_lifecycle:
name: "bucketname"rule_id: "ExpireOldObjects"prefix: /state: presentstatus: enabledregion: "us-east-1"expiration_days: 90noncurrent_version_expiration_days: 1<error prints here in very verbose form>: Missing required header for this request: Content-MD5
Expected Results
This is the expected result if we cannot set the ChecksumAlgorithm for the call. We should be able to set that via an argument to the task, so that we can avoid this problem.
Actual Results
Code of Conduct
I agree to follow the Ansible Code of Conduct
The text was updated successfully, but these errors were encountered:
Summary
When running on a base image that only allows FIPS cryptography algorithms the
s3_lifecycle
module fails to submit changes to the bucket lifecycle configuration. The call that fails is the AWS SDK callput_bucket_lifecycle_configuration
.The error returned by AWS when making this call is
Missing required header for this request: Content-MD5
.This could be fixed by adding an argument to the task that allows specifying the checksum algorithm to use, from the valid list in the docs. This way, in environments that do not support certain algorithms, we can specify something like
SHA256
.Example fix that worked locally:
becomes
Issue Type
Bug Report
Component Name
s3_lifecycle
Ansible Version
Collection Versions
AWS SDK versions
Configuration
$ ansible-config dump --only-changed
OS / Environment
No response
Steps to Reproduce
Expected Results
This is the expected result if we cannot set the ChecksumAlgorithm for the call. We should be able to set that via an argument to the task, so that we can avoid this problem.
Actual Results
Code of Conduct
The text was updated successfully, but these errors were encountered: