From 0c19702bf6943cc9d7dbcd666557e41c4b1c994e Mon Sep 17 00:00:00 2001 From: David Venable Date: Tue, 21 Oct 2025 13:10:16 -0500 Subject: [PATCH] Fixes the AWS Secrets end-to-end test by setting permissions for the .aws directory. Removes getting the STS caller. Updates the configure-aws-credentials GHA action to v5. Use a String for the binds map rather than a GString. Signed-off-by: David Venable --- .github/workflows/data-prepper-aws-secrets-e2e-tests.yml | 9 +++++---- .github/workflows/kinesis-source-integration-tests.yml | 5 +---- e2e-test/log/build.gradle | 2 +- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/data-prepper-aws-secrets-e2e-tests.yml b/.github/workflows/data-prepper-aws-secrets-e2e-tests.yml index 26247886f8..ba327c35b1 100644 --- a/.github/workflows/data-prepper-aws-secrets-e2e-tests.yml +++ b/.github/workflows/data-prepper-aws-secrets-e2e-tests.yml @@ -29,20 +29,21 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: configure aws credentials id: creds - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.TEST_IAM_ROLE_ARN }} aws-region: ${{ secrets.TEST_REGION }} output-credentials: true - - name: get caller identity 1 - run: | - aws sts get-caller-identity - name: Configure AWS Credentials file run: | aws configure set default.region ${{ secrets.TEST_REGION }} aws configure set default.aws_access_key_id ${{ steps.creds.outputs.aws-access-key-id }} aws configure set default.aws_secret_access_key ${{ steps.creds.outputs.aws-secret-access-key }} aws configure set default.aws_session_token ${{ steps.creds.outputs.aws-session-token }} + - name: Fix AWS credentials permissions for Docker + run: | + chmod 644 ~/.aws/credentials ~/.aws/config + ls -la ~/.aws/ - name: Set up JDK 11 uses: actions/setup-java@v1 with: diff --git a/.github/workflows/kinesis-source-integration-tests.yml b/.github/workflows/kinesis-source-integration-tests.yml index 54dd79b902..d45ffe0bbe 100644 --- a/.github/workflows/kinesis-source-integration-tests.yml +++ b/.github/workflows/kinesis-source-integration-tests.yml @@ -30,15 +30,12 @@ jobs: - name: configure aws credentials id: creds - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.TEST_IAM_ROLE_ARN }} aws-region: ${{ secrets.TEST_REGION }} output-credentials: true - - name: get caller identity 1 - run: | - aws sts get-caller-identity - name: Configure AWS Credentials file run: | aws configure set default.region ${{ secrets.TEST_REGION }} diff --git a/e2e-test/log/build.gradle b/e2e-test/log/build.gradle index da40ce1603..87c26adc77 100644 --- a/e2e-test/log/build.gradle +++ b/e2e-test/log/build.gradle @@ -79,7 +79,7 @@ logTestConfigurations.each { testConfiguration -> exposePorts('tcp', [2021, 4900]) hostConfig.portBindings = ['2021:2021', '4900:4900'] hostConfig.binds = [ - "${System.getProperty('user.home')}/.aws" : '/.aws', + ("${System.getProperty('user.home')}/.aws".toString()) : '/.aws', (project.file("src/integrationTest/resources/${testConfiguration.pipelineConfiguration}").toString()) : '/usr/share/data-prepper/pipelines/log-pipeline.yaml', (project.file("src/integrationTest/resources/${testConfiguration.dataPrepperConfiguration}").toString()): '/usr/share/data-prepper/config/data-prepper-config.yaml' ]