s3_lifecycle module should allow setting the ChecksumAlgorithm argument to AWS SDK put_bucket_lifecycle_configuration() call

[mwhittington21]

Summary

When running on a base image that only allows FIPS cryptography algorithms the s3_lifecycle module fails to submit changes to the bucket lifecycle configuration. The call that fails is the AWS SDK call put_bucket_lifecycle_configuration.

The error returned by AWS when making this call is Missing required header for this request: Content-MD5.

This could be fixed by adding an argument to the task that allows specifying the checksum algorithm to use, from the valid list in the docs. This way, in environments that do not support certain algorithms, we can specify something like SHA256.

Example fix that worked locally:

            client.put_bucket_lifecycle_configuration(
                aws_retry=True,
                Bucket=name,
                LifecycleConfiguration=lifecycle_configuration
            )

becomes

            client.put_bucket_lifecycle_configuration(
                aws_retry=True,
                Bucket=name,
                LifecycleConfiguration=lifecycle_configuration,
                ChecksumAlgorithm="SHA256"
            )

Issue Type

Bug Report

Component Name

s3_lifecycle

Ansible Version

$ ansible --version
ansible [core 2.15.5]
  config file = None
  configured module search path = ['/opt/service/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/service/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /opt/service/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/service/.local/bin/ansible
  python version = 3.10.13 (main, Feb 16 2024, 10:51:42) [GCC 11.4.0] (/usr/local/bin/python)
  jinja version = 3.1.3
  libyaml = True

Collection Versions

$ ansible-galaxy collection list
# /opt/service/.local/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    6.5.0
ansible.netcommon             5.2.0
ansible.posix                 1.5.4
ansible.utils                 2.11.0
ansible.windows               1.14.0
arista.eos                    6.1.2
awx.awx                       22.7.0
azure.azcollection            1.18.1
check_point.mgmt              5.1.1
chocolatey.chocolatey         1.5.1
cisco.aci                     2.7.0
cisco.asa                     4.0.2
cisco.dnac                    6.7.5
cisco.intersight              1.0.27
cisco.ios                     4.6.1
cisco.iosxr                   5.0.3
cisco.ise                     2.5.16
cisco.meraki                  2.16.5
cisco.mso                     2.5.0
cisco.nso                     1.0.3
cisco.nxos                    4.4.0
cisco.ucs                     1.10.0
cloud.common                  2.1.4
cloudscale_ch.cloud           2.3.1
community.aws                 6.3.0
community.azure               2.0.0
community.ciscosmb            1.0.6
community.crypto              2.15.1
community.digitalocean        1.24.0
community.dns                 2.6.2
community.docker              3.4.9
community.fortios             1.0.0
community.general             7.5.0
community.google              1.0.0
community.grafana             1.5.4
community.hashi_vault         5.0.0
community.hrobot              1.8.1
community.libvirt             1.3.0
community.mongodb             1.6.3
community.mysql               3.7.2
community.network             5.0.0
community.okd                 2.3.0
community.postgresql          2.4.3
community.proxysql            1.5.1
community.rabbitmq            1.2.3
community.routeros            2.10.0
community.sap                 1.0.0
community.sap_libs            1.4.1
community.skydive             1.0.0
community.sops                1.6.6
community.vmware              3.10.0
community.windows             1.13.0
community.zabbix              2.1.0
containers.podman             1.10.3
cyberark.conjur               1.2.2
cyberark.pas                  1.0.23
dellemc.enterprise_sonic      2.2.0
dellemc.openmanage            7.6.1
dellemc.powerflex             1.9.0
dellemc.unity                 1.7.1
f5networks.f5_modules         1.26.0
fortinet.fortimanager         2.2.1
fortinet.fortios              2.3.2
frr.frr                       2.0.2
gluster.gluster               1.0.2
google.cloud                  1.2.0
grafana.grafana               2.2.3
hetzner.hcloud                1.16.0
hpe.nimble                    1.1.4
ibm.qradar                    2.1.0
ibm.spectrum_virtualize       1.12.0
infinidat.infinibox           1.3.12
infoblox.nios_modules         1.5.0
inspur.ispim                  1.3.0
inspur.sm                     2.3.0
junipernetworks.junos         5.3.0
kubernetes.core               2.4.0
lowlydba.sqlserver            2.2.1
microsoft.ad                  1.3.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.22.0
netapp.elementsw              21.7.0
netapp.ontap                  22.7.0
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0
netapp_eseries.santricity     1.4.0
netbox.netbox                 3.14.0
ngine_io.cloudstack           2.3.0
ngine_io.exoscale             1.1.0
ngine_io.vultr                1.1.3
openstack.cloud               2.1.0
openvswitch.openvswitch       2.1.1
ovirt.ovirt                   3.2.0
purestorage.flasharray        1.21.0
purestorage.flashblade        1.14.0
purestorage.fusion            1.6.0
sensu.sensu_go                1.14.0
servicenow.servicenow         1.0.6
splunk.es                     2.1.0
t_systems_mms.icinga_director 1.33.1
telekom_mms.icinga_director   1.34.1
theforeman.foreman            3.14.0
vmware.vmware_rest            2.3.1
vultr.cloud                   1.10.0
vyos.vyos                     4.1.0
wti.remote                    1.0.5

AWS SDK versions

$ pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.34.5
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /opt/service/.local/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.34.5
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /opt/service/.local/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce

# On a system with a FIPS compiled cryptography module
export AWS_USE_FIPS_ENDPOINT=true
...
  aws.community.s3_lifecycle:
    name: "bucketname"
    rule_id: "ExpireOldObjects"
    prefix: /
    state: present
    status: enabled
    region: "us-east-1"
    expiration_days: 90
    noncurrent_version_expiration_days: 1

<error prints here in very verbose form>: Missing required header for this request: Content-MD5

Expected Results

This is the expected result if we cannot set the ChecksumAlgorithm for the call. We should be able to set that via an argument to the task, so that we can avoid this problem.

Actual Results

Code of Conduct

• I agree to follow the Ansible Code of Conduct