-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No default value for acl attribute in s3 object #27197
Conversation
Community NoteVoting for Prioritization
For Submitters
|
002f6d8
to
fac7d6e
Compare
fac7d6e
to
ec51e68
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🎉
$ make testacc PKG=s3 TESTS=TestAccS3Object_
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/s3/... -v -count 1 -parallel 20 -run='TestAccS3Object_' -timeout 180m
--- SKIP: TestAccS3Object_nonVersioned (0.52s)
=== CONT TestAccS3Object_storageClass
--- PASS: TestAccS3Object_noNameNoKey (5.40s)
=== CONT TestAccS3Object_tags
--- PASS: TestAccS3Object_objectBucketKeyEnabled (32.97s)
=== CONT TestAccS3Object_metadata
--- PASS: TestAccS3Object_bucketBucketKeyEnabled (33.26s)
=== CONT TestAccS3Object_etagEncryption
--- PASS: TestAccS3Object_defaultBucketSSE (33.88s)
=== CONT TestAccS3Object_withContentCharacteristics
--- PASS: TestAccS3Object_sse (38.46s)
=== CONT TestAccS3Object_sourceHashTrigger
--- PASS: TestAccS3Object_kms (38.81s)
=== CONT TestAccS3Object_contentBase64
--- PASS: TestAccS3Object_withContentCharacteristics (28.12s)
=== CONT TestAccS3Object_source
--- PASS: TestAccS3Object_objectLockLegalHoldStartWithOn (63.94s)
=== CONT TestAccS3Object_content
--- PASS: TestAccS3Object_etagEncryption (34.24s)
=== CONT TestAccS3Object_empty
--- PASS: TestAccS3Object_contentBase64 (31.23s)
--- PASS: TestAccS3Object_updateSameFile (72.38s)
--- PASS: TestAccS3Object_ignoreTags (72.95s)
--- PASS: TestAccS3Object_updatesWithVersioningViaAccessPoint (73.60s)
--- PASS: TestAccS3Object_updatesWithVersioning (74.08s)
--- PASS: TestAccS3Object_updates (76.11s)
--- PASS: TestAccS3Object_objectLockLegalHoldStartWithNone (87.17s)
--- PASS: TestAccS3Object_source (29.24s)
--- PASS: TestAccS3Object_content (28.78s)
--- PASS: TestAccS3Object_objectLockRetentionStartWithNone (94.23s)
--- PASS: TestAccS3Object_sourceHashTrigger (55.99s)
--- PASS: TestAccS3Object_empty (28.31s)
--- PASS: TestAccS3Object_acl (97.91s)
--- PASS: TestAccS3Object_metadata (69.96s)
--- PASS: TestAccS3Object_objectLockRetentionStartWithSet (107.36s)
--- PASS: TestAccS3Object_tagsLeadingSingleSlash (110.76s)
--- PASS: TestAccS3Object_tagsMultipleSlashes (111.38s)
--- PASS: TestAccS3Object_tags (106.37s)
--- PASS: TestAccS3Object_tagsLeadingMultipleSlashes (111.90s)
--- PASS: TestAccS3Object_storageClass (111.67s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/s3 115.383s
$ make testacc PKG=s3 TESTS=TestAccS3ObjectCopy_
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/s3/... -v -count 1 -parallel 20 -run='TestAccS3ObjectCopy_' -timeout 180m
--- PASS: TestAccS3ObjectCopy_BucketKeyEnabled_object (18.03s)
--- PASS: TestAccS3ObjectCopy_BucketKeyEnabled_bucket (18.07s)
--- PASS: TestAccS3ObjectCopy_basic (18.88s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/s3 22.281s
Thanks for your contribution, @lomluca! 👏 |
This functionality has been released in v5.0.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Description
Currently, the
acl
argument is optional foraws_s3_object
but defaults toprivate
. This default value could led to issue when using bucket with disabled ACL (BucketOwnerEnforced
as object ownership configuration), that is an AWS best practice [1].Indeed, if you try to upload an object with no specified ACL, a
400
error with the error codeAccessControlListNotSupported
is returned, because the provider actually tries to set ACL toprivate
.The workaround, as [1] suggests, is setting the
acl
attribute tobucket-owner-full-control
. I think it's quite confusing to have to specify an ACL to use no ACL; if I don't want to use ACLs, I simply don't specifyacl
attribute at all.Relations
References
[1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
Output from Acceptance Testing