Fixes the AWS Secrets end-to-end test by setting permissions for the .aws directory. (#6192)

dlvenable · web-flow · commit 8d1f99068181 · 2025-10-21T11:53:45.000-07:00
Removes getting the STS caller. Updates the configure-aws-credentials GHA action to v5. Use a String for the binds map rather than a GString.

Signed-off-by: David Venable &lt;dlv@amazon.com&gt;
diff --git a/.github/workflows/data-prepper-aws-secrets-e2e-tests.yml b/.github/workflows/data-prepper-aws-secrets-e2e-tests.yml
@@ -29,20 +29,21 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: configure aws credentials
         id: creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ secrets.TEST_IAM_ROLE_ARN }}
           aws-region: ${{ secrets.TEST_REGION }}
           output-credentials: true
-      - name: get caller identity 1
-        run: |
-          aws sts get-caller-identity
       - name: Configure AWS Credentials file
         run: |
           aws configure set default.region ${{ secrets.TEST_REGION }}
           aws configure set default.aws_access_key_id ${{ steps.creds.outputs.aws-access-key-id }}
           aws configure set default.aws_secret_access_key ${{ steps.creds.outputs.aws-secret-access-key }}
           aws configure set default.aws_session_token ${{ steps.creds.outputs.aws-session-token }}
+      - name: Fix AWS credentials permissions for Docker
+        run: |
+          chmod 644 ~/.aws/credentials ~/.aws/config
+          ls -la ~/.aws/
       - name: Set up JDK 11
         uses: actions/setup-java@v1
         with:
diff --git a/.github/workflows/kinesis-source-integration-tests.yml b/.github/workflows/kinesis-source-integration-tests.yml
@@ -30,15 +30,12 @@ jobs:
 
       - name: configure aws credentials
         id: creds
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ secrets.TEST_IAM_ROLE_ARN }}
           aws-region: ${{ secrets.TEST_REGION }}
           output-credentials: true
 
-      - name: get caller identity 1
-        run: |
-          aws sts get-caller-identity
       - name: Configure AWS Credentials file
         run: |
           aws configure set default.region ${{ secrets.TEST_REGION }}
diff --git a/e2e-test/log/build.gradle b/e2e-test/log/build.gradle
@@ -79,7 +79,7 @@ logTestConfigurations.each { testConfiguration ->
         exposePorts('tcp', [2021, 4900])
         hostConfig.portBindings = ['2021:2021', '4900:4900']
         hostConfig.binds = [
-                "${System.getProperty('user.home')}/.aws" : '/.aws',
+                ("${System.getProperty('user.home')}/.aws".toString()) : '/.aws',
                 (project.file("src/integrationTest/resources/${testConfiguration.pipelineConfiguration}").toString())   : '/usr/share/data-prepper/pipelines/log-pipeline.yaml',
                 (project.file("src/integrationTest/resources/${testConfiguration.dataPrepperConfiguration}").toString()): '/usr/share/data-prepper/config/data-prepper-config.yaml'
         ]

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ logTestConfigurations.each { testConfiguration ->`
`79`	`79`	`exposePorts('tcp', [2021, 4900])`
`80`	`80`	`hostConfig.portBindings = ['2021:2021', '4900:4900']`
`81`	`81`	`hostConfig.binds = [`
`82`		`- "${System.getProperty('user.home')}/.aws" : '/.aws',`
	`82`	`+ ("${System.getProperty('user.home')}/.aws".toString()) : '/.aws',`
`83`	`83`	`(project.file("src/integrationTest/resources/${testConfiguration.pipelineConfiguration}").toString()) : '/usr/share/data-prepper/pipelines/log-pipeline.yaml',`
`84`	`84`	`(project.file("src/integrationTest/resources/${testConfiguration.dataPrepperConfiguration}").toString()): '/usr/share/data-prepper/config/data-prepper-config.yaml'`
`85`	`85`	`]`