Skip to content

Commit bf46b25

Browse files
committed
fix(e2e): revert credential refresh in _runCDKTestsLinux to fix AssumeRole failure
1 parent 32fa53d commit bf46b25

1 file changed

Lines changed: 2 additions & 28 deletions

File tree

shared-scripts.sh

Lines changed: 2 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -324,34 +324,12 @@ function _installCLIFromLocalRegistry {
324324
}
325325
function _loadTestAccountCredentials {
326326
echo ASSUMING PARENT TEST ACCOUNT credentials
327-
328-
# Save original CodeBuild credentials on first call (before any assume-role)
329-
if [ -z "${_ORIGINAL_AWS_ACCESS_KEY_ID:-}" ]; then
330-
export _ORIGINAL_AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-}"
331-
export _ORIGINAL_AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-}"
332-
export _ORIGINAL_AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN:-}"
333-
fi
334-
335-
# Temporarily restore original credentials for the assume-role call
336-
# so re-assumes use the CodeBuild identity, not the already-assumed role
337-
local saved_key="${AWS_ACCESS_KEY_ID:-}"
338-
local saved_secret="${AWS_SECRET_ACCESS_KEY:-}"
339-
local saved_token="${AWS_SESSION_TOKEN:-}"
340-
341-
export AWS_ACCESS_KEY_ID="${_ORIGINAL_AWS_ACCESS_KEY_ID}"
342-
export AWS_SECRET_ACCESS_KEY="${_ORIGINAL_AWS_SECRET_ACCESS_KEY}"
343-
export AWS_SESSION_TOKEN="${_ORIGINAL_AWS_SESSION_TOKEN}"
344-
345327
session_id=$((1 + $RANDOM % 10000))
346328
# Use longer time for parent account role
347329
creds=$(aws sts assume-role --role-arn $TEST_ACCOUNT_ROLE --role-session-name testSession${session_id} --duration-seconds 3600)
348330
if [ -z $(echo $creds | jq -c -r '.AssumedRoleUser.Arn') ]; then
349-
# Restore previous credentials on failure
350-
export AWS_ACCESS_KEY_ID="$saved_key"
351-
export AWS_SECRET_ACCESS_KEY="$saved_secret"
352-
export AWS_SESSION_TOKEN="$saved_token"
353-
echo "Warning: Failed to refresh credentials, continuing with existing ones"
354-
return 0
331+
echo "Unable to assume parent e2e account role."
332+
return
355333
fi
356334
echo "Using account credentials for $(echo $creds | jq -c -r '.AssumedRoleUser.Arn')"
357335
export AWS_ACCESS_KEY_ID=$(echo $creds | jq -c -r ".Credentials.AccessKeyId")
@@ -386,10 +364,6 @@ function _runE2ETestsLinux {
386364

387365
function _runCDKTestsLinux {
388366
echo "RUN CDK Tests Linux"
389-
# Refresh parent account credentials before running tests to prevent expiry.
390-
# Credentials are initially loaded during setup (_setupCDKTestsLinux), but if
391-
# setup + test execution exceeds the 1-hour STS session limit, they expire.
392-
_loadTestAccountCredentials
393367
retry runCDKTest
394368
}
395369

0 commit comments

Comments
 (0)