Uploading zip file fails with "MalformedXML"

[Akasurde]

Summary

I have a playbook that uploads a file to a S3 bucket .

It works fine when using ansible-galaxy collection install amazon.aws:1.4.x

But from collection 2.3.0 and higher the playbook fails with:

        "code": "MalformedXML",
        "message": "The XML you provided was not well-formed or was not valid."

Issue Type

Bug Report

Component Name

pip3

Ansible Version

ansible-core: 2.13.122.13.12
boto: 2.49.0
boto3: 1.28.50
botocore: 1.31.50

Collection            Version
--------------------- -------
amazon.aws            2.3.0
ansible.netcommon     5.1.2
ansible.posix         1.5.4
ansible.utils         2.10.3
community.general     7.4.0

Configuration

# if using a version older than ansible-core 2.12 you should omit the '-t all'
$ ansible-config dump --only-changed -t all

CALLBACKS_ENABLED(/home/vagrant/xxxxxxxx/ansible.cfg) = ['profile_tasks']
COLLECTIONS_PATHS(/home/vagrant/xxxxxxxx/ansible.cfg) = ['/home/vagrant/xxxxxxxx/collections']
DEFAULT_HOST_LIST(/home/vagrant/xxxxxxxx/ansible.cfg) = ['/home/vagrant/xxxxxxxx/inventory_prd']
DEFAULT_MANAGED_STR(/home/vagrant/xxxxxxxx/ansible.cfg) = Managed By Ansible
DEFAULT_PRIVATE_KEY_FILE(/home/vagrant/xxxxxxxx/ansible.cfg) = /ansible/ansible.cfg.d/id_rsa_ansible
DEFAULT_REMOTE_PORT(/home/vagrant/xxxxxxxx/ansible.cfg) = 22
DEFAULT_REMOTE_USER(/home/vagrant/xxxxxxxx/ansible.cfg) = {{ my_ansible_user }}
DEFAULT_ROLES_PATH(/home/vagrant/xxxxxxxx/ansible.cfg) = ['/home/vagrant/xxxxxxxx/roles']
DEPRECATION_WARNINGS(/home/vagrant/xxxxxxxx/ansible.cfg) = False
HOST_KEY_CHECKING(/home/vagrant/xxxxxxxx/ansible.cfg) = False
INTERPRETER_PYTHON(/home/vagrant/xxxxxxxx/ansible.cfg) = /usr/bin/python3
SHOW_CUSTOM_STATS(/home/vagrant/xxxxxxxx/ansible.cfg) = True

CALLBACK:
========

default:
_______
show_custom_stats(/home/vagrant/xxxxxxxx/ansible.cfg) = True

CONNECTION:
==========

paramiko_ssh:
____________
host_key_checking(/home/vagrant/xxxxxxxx/ansible.cfg) = False
remote_user(/home/vagrant/xxxxxxxx/ansible.cfg) = {{ my_ansible_user }}

ssh:
___
host_key_checking(/home/vagrant/xxxxxxxx/ansible.cfg) = False
port(/home/vagrant/xxxxxxxx/ansible.cfg) = 22
private_key_file(/home/vagrant/xxxxxxxx/ansible.cfg) = /ansible/ansible.cfg.d/id_rsa_ansible
remote_user(/home/vagrant/xxxxxxxx/ansible.cfg) = {{ my_ansible_user }}

OS / Environment

Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal

Steps to Reproduce

ansible-playbook playbooks/s3_backup.yml -vvvv

Expected Results

PLAY [Playbook S3 backup]
****************************************************************************************************************************************
TASK [Gathering Facts]
****************************************************************************************************************************************
Tuesday 19 September 2023 14:29:27 +0000 (0:00:00.053) 0:00:00.053 *****
ok: [127.0.0.1]

TASK [s3-backup : S3 Backup]
***************************************************************************************************************************************
Tuesday 19 September 2023 14:29:32 +0000 (0:00:05.133) 0:00:05.186 *****
included: /home/vagrant/xxxxxxxx/roles/s3-backup/tasks/backup-job.yml for 127.0.0.1

TASK [s3-backup : Copy over to S3 bucket]
***************************************************************************************************************************************
Tuesday 19 September 2023 14:29:33 +0000 (0:00:00.238) 0:00:06.592 *****
changed: [127.0.0.1]

PLAY RECAP
***************************************************************************************************************************************
127.0.0.1 : ok=7 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Tuesday 19 September 2023 14:29:35 +0000 (0:00:00.267) 0:00:08.453 *****
===============================================================================
Gathering Facts --------------------------------------------------------------------------------------------------------------------- 5.13s
s3-backup : Copy over to S3 bucket ----------------------------------------------------------------------------------------------- 0.86s
s3-backup : S3 Backup ------------------------------------------------------------------------------------------------------------- 0.21s

Actual Results

The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_amazon.aws.aws_s3_payload_daxzfk7c/ansible_amazon.aws.aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/modules/aws_s3.py", line 846, in ensure_tags
  File "/tmp/ansible_amazon.aws.aws_s3_payload_daxzfk7c/ansible_amazon.aws.aws_s3_payload.zip/ansible_collections/amazon/aws/plugins/modules/aws_s3.py", line 806, in get_current_object_tags_dict
  File "/usr/local/lib/python3.8/dist-packages/botocore/client.py", line 535, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.8/dist-packages/botocore/client.py", line 980, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (MalformedXML) when calling the GetObjectTagging operation: The XML you provided was not well-formed or was not valid.
fatal: [127.0.0.1]: FAILED! => {
    "boto3_version": "1.28.50",
    "botocore_version": "1.31.50",
    "changed": false,
    "error": {
        "code": "MalformedXML",
        "message": "The XML you provided was not well-formed or was not valid."
    },
    "invocation": {
        "module_args": {
            "access_key": "xxxxxxxxxxx",
            "aws_access_key": "xxxxxxxxxxx",
            "aws_ca_bundle": null,
            "aws_config": null,
            "aws_secret_key": "xxxxxxxxxxx",
            "bucket": "backups",
            "content": null,
            "content_base64": null,
            "copy_src": null,
            "debug_botocore_endpoint_logs": false,
            "dest": null,
            "dualstack": false,
            "ec2_url": null,
            "encrypt": true,
            "encryption_kms_key_id": null,
            "encryption_mode": "AES256",
            "expiry": 600,
            "headers": null,
            "ignore_nonexistent_bucket": false,
            "marker": "",
            "max_keys": 1000,
            "mode": "put",
            "object": "path/file.tgz",
            "overwrite": "always",
            "permission": [
                "private"
            ],
            "prefix": "",
            "profile": null,
            "purge_tags": true,
            "region": null,
            "retries": 0,
            "rgw": false,
            "s3_url": "https://xxxxxxxxxxx",
            "secret_key": "xxxxxxxxxxx",
            "security_token": null,
            "src": "/src/path/file.tgz",
            "tags": null,
            "validate_certs": true,
            "version": null
        }
    },
    "msg": "Failed to get object tags.: An error occurred (MalformedXML) when calling the GetObjectTagging operation: The XML you provided was not well-formed or was not valid.",
    "response_metadata": {
        "http_headers": {
            "cache-control": "no-cache,no-store,must-revalidate",
            "content-security-policy": "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-ancestors 'self';",
            "content-type": "application/xml;charset=utf-8",
            "date": "Tue, 19 Sep 2023 14:03:27 GMT",
            "expires": "Thu, 01 Jan 1970 00:00:00 GMT",
            "pragma": "no-cache",
            "strict-transport-security": "max-age=31536000; includeSubDomains",
            "transfer-encoding": "chunked",
            "vary": "Origin, Access-Control-Request-Headers, Access-Control-Request-Method",
            "x-content-type-options": "nosniff",
            "x-dns-prefetch-control": "off",
            "x-download-options": "noopen",
            "x-frame-options": "SAMEORIGIN",
            "x-xss-protection": "1; mode=block"
        },
        "http_status_code": 400,
        "retry_attempts": 0
    }
}

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[Akasurde]

cc @hiahab

[tremble]

@hiahab thanks for taking the time to report this issue

A couple of things,

1. it looks like you're using an out dated version of this collection (amazon.aws 2.3.0) that we no longer support. Could you test with 6.4.0 please.
2. it would be helpful if you could upload the playbook you're using.
3. from the logs you've uploaded I see "s3_url": "https://xxxxxxxxxxx", are you explicitly setting s3_url ? Are you talking to AWS S3 or is this another "S3 compatible" API?

[ghost]

Hi @tremble

This is my playbook, testet in collection amazon.aws: 1.4.1, 2.3.0, 3.5.0 and 6.4.0
When using collection amazon.aws 6.4.0 I replace amazon.aws.aws_s3 with amazon.aws.s3_object and replace s3_url with endpoint_url, as by the documentation.

- name: 'Copy over to S3 bucket'
  amazon.aws.aws_s3:
    access_key: "xxxxxxxxxxxxxx"
    secret_key: "xxxxxxxxxxxxxx"
    s3_url: "https://s3.example.com"
    bucket: "backups"
    src: "/src/path/backup-me.tgz"
    object: "my-bucket/backup-me.tgz"
    mode: put

I have no problem listing the content of my bucket with the following playbook:

- name: 'List  S3 bucket'
  # amazon.aws.s3_object:
  amazon.aws.aws_s3:
    access_key: "xxxxxxxxxxxxxx"
    secret_key: "xxxxxxxxxxxxxx"
    s3_url: "https://s3.example.com"
    bucket: "backups"
    prefix: "my-bucket/"
    mode: list

I wonder if there is package "missmatch"???

[Update]
Running Ubuntu 20.04 LTS I install some parts via apt:
apt-get --yes --no-install-recommends install python3 python3-pip python3-firewall python3-dbus

While to be able to have a not so old ansible version I install the rest with pip:
sudo pip3 install botocore boto3