Skip to content

Commit

Permalink
feat: object lock enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
lmilbaum committed Feb 18, 2023
1 parent 6948eb5 commit 54c3045
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/1347-s3-object-lock-enabled.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- s3_bucket - The option to create a bucket with object lock enabled (https://github.com/ansible-collections/amazon.aws/pull/1372).
16 changes: 12 additions & 4 deletions plugins/modules/s3_bucket.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,12 @@
type: bool
default: false
version_added: 6.0.0
object_lock_enabled:
description:
- Whether S3 Object Lock to be enabled
type: bool
default: false
version_added: 6.0.0
extends_documentation_fragment:
- amazon.aws.common.modules
Expand Down Expand Up @@ -384,6 +390,7 @@ def create_or_update_bucket(s3_client, module):
delete_public_access = module.params.get("delete_public_access")
delete_object_ownership = module.params.get("delete_object_ownership")
object_ownership = module.params.get("object_ownership")
object_lock_enabled = module.params.get("object_lock_enabled")
acl = module.params.get("acl")
# default to US Standard region,
# note: module.region will also try to pull a default out of the boto3 configs.
Expand All @@ -401,7 +408,7 @@ def create_or_update_bucket(s3_client, module):

if not bucket_is_present:
try:
bucket_changed = create_bucket(s3_client, name, location)
bucket_changed = create_bucket(s3_client, name, location, object_lock_enabled)
s3_client.get_waiter('bucket_exists').wait(Bucket=name)
changed = changed or bucket_changed
except botocore.exceptions.WaiterError as e:
Expand Down Expand Up @@ -663,15 +670,15 @@ def bucket_exists(s3_client, bucket_name):


@AWSRetry.exponential_backoff(max_delay=120)
def create_bucket(s3_client, bucket_name, location):
def create_bucket(s3_client, bucket_name, location, object_lock_enabled=False):
try:
configuration = {}
if location not in ('us-east-1', None):
configuration['LocationConstraint'] = location
if len(configuration) > 0:
s3_client.create_bucket(Bucket=bucket_name, CreateBucketConfiguration=configuration)
s3_client.create_bucket(Bucket=bucket_name, CreateBucketConfiguration=configuration, ObjectLockEnabledForBucket=object_lock_enabled)
else:
s3_client.create_bucket(Bucket=bucket_name)
s3_client.create_bucket(Bucket=bucket_name, ObjectLockEnabledForBucket=object_lock_enabled)
return True
except is_boto3_error_code('BucketAlreadyOwnedByYou'):
# We should never get here since we check the bucket presence before calling the create_or_update_bucket
Expand Down Expand Up @@ -1085,6 +1092,7 @@ def main():
acl=dict(type='str', choices=['private', 'public-read', 'public-read-write', 'authenticated-read']),
validate_bucket_name=dict(type='bool', default=True),
dualstack=dict(default=False, type="bool"),
object_lock_enabled=dict(type='bool', default=False),
)

required_by = dict(
Expand Down

0 comments on commit 54c3045

Please sign in to comment.