test

outcomes-winter-rakhulsprakash · outcomes-winter-rakhulsprakash · commit 1a4013bfc149 · 2026-02-11T10:02:17.000+05:30
diff --git a/cfn-resources/log-integration/test/cfn-test-create-inputs.sh b/cfn-resources/log-integration/test/cfn-test-create-inputs.sh
@@ -28,7 +28,8 @@ fi
 regionFormatted=$(echo "$region" | sed -e "s/-/_/g" | tr '[:lower:]' '[:upper:]')
 echo "Using region: $region (formatted: $regionFormatted)"
 
-roleName="mongodb-atlas-logs-role-${regionFormatted}"
+# Use dynamic role name to avoid conflicts in CI (matches test-folder pattern)
+roleName="mongodb-atlas-logs-role-${regionFormatted}-$(date +%s)-${RANDOM}"
 policyName="atlas-logs-s3-policy-${regionFormatted}"
 bucketTag="${CFN_TEST_TAG:-$(date +%Y%m%d%H%M%S)}"
 bucketName="mongodb-atlas-cfn-test-logs-${bucketTag}"
@@ -115,8 +116,9 @@ for inputFile in inputs_*; do
 	jq --arg projectId "$projectId" \
 		--arg bucketName "$bucketName" \
 		--arg iamRoleId "$roleID" \
+		--arg awsRoleArn "$awsRoleArn" \
 		--arg profile "$profile" \
-		'.Profile?|=$profile | .ProjectId?|=$projectId | .BucketName?|=$bucketName | .IamRoleId?|=$iamRoleId' \
+		'.Profile?|=$profile | .ProjectId?|=$projectId | .BucketName?|=$bucketName | .IamRoleId?|=$iamRoleId | .AwsRoleArn?|=$awsRoleArn' \
 		"$inputFile" >"../inputs/$outputFile"
 done
 cd ..
diff --git a/cfn-resources/log-integration/test/cfn-test-delete-inputs.sh b/cfn-resources/log-integration/test/cfn-test-delete-inputs.sh
@@ -18,31 +18,55 @@ projectId=$(jq -r '.ProjectId' ./inputs/inputs_1_create.json)
 echo "Check if a project is created $projectId"
 export MCLI_PROJECT_ID=$projectId
 
-region=$AWS_DEFAULT_REGION
-if [ -z "$region" ]; then
-	region=$(aws configure get region)
+# Extract role ARN from input file (dynamically generated during create)
+roleArn=$(jq -r '.AwsRoleArn // empty' ./inputs/inputs_1_create.json)
+if [ -z "$roleArn" ] || [ "$roleArn" == "null" ]; then
+	echo "Warning: AwsRoleArn not found in inputs file, skipping IAM role cleanup"
+	roleName=""
+	policyName=""
+else
+	# Extract role name from ARN (everything after the last '/')
+	roleName=$(echo "${roleArn}" | awk -F'/' '{print $NF}')
+	region=$AWS_DEFAULT_REGION
+	if [ -z "$region" ]; then
+		region=$(aws configure get region)
+	fi
+	# shellcheck disable=SC2001
+	region=$(echo "$region" | sed -e "s/-/_/g")
+	region=$(echo "$region" | tr '[:lower:]' '[:upper:]')
+	policyName="atlas-logs-s3-policy-${region}"
+	echo "Found IAM role to delete: ${roleName}"
 fi
-# shellcheck disable=SC2001
-region=$(echo "$region" | sed -e "s/-/_/g")
-region=$(echo "$region" | tr '[:lower:]' '[:upper:]')
-
-roleName="mongodb-atlas-logs-role-${region}"
-policyName="atlas-logs-s3-policy-${region}"
 
-trustPolicy=$(jq '.Statement[0].Condition.StringEquals["sts:ExternalId"]' "$(dirname "$0")/trust-policy.json")
-# shellcheck disable=SC2001
-atlasAssumedRoleExternalID=$(echo "${trustPolicy}" | sed 's/"//g')
+# Deauthorize role from Atlas if trust policy exists
+if [ -f "$(dirname "$0")/trust-policy.json" ]; then
+	trustPolicy=$(jq '.Statement[0].Condition.StringEquals["sts:ExternalId"]' "$(dirname "$0")/trust-policy.json")
+	# shellcheck disable=SC2001
+	atlasAssumedRoleExternalID=$(echo "${trustPolicy}" | sed 's/"//g')
 
-roleId=$(atlas cloudProviders accessRoles list --projectId "${projectId}" --output json | jq --arg roleID "${atlasAssumedRoleExternalID}" -r '.awsIamRoles[] | select(.atlasAssumedRoleExternalId | test($roleID)) | .roleId')
+	roleId=$(atlas cloudProviders accessRoles list --projectId "${projectId}" --output json | jq --arg roleID "${atlasAssumedRoleExternalID}" -r '.awsIamRoles[] | select(.atlasAssumedRoleExternalId | test($roleID)) | .roleId')
 
-atlas cloudProviders accessRoles aws deauthorize "${roleId}" --projectId "${projectId}" --force
-echo "--------------------------------deauthorize role ends----------------------------"
+	if [ -n "${roleId}" ] && [ "${roleId}" != "null" ]; then
+		echo "Deauthorizing role from Atlas: ${roleId}"
+		atlas cloudProviders accessRoles aws deauthorize "${roleId}" --projectId "${projectId}" --force
+		echo "--------------------------------deauthorize role ends----------------------------"
+	else
+		echo "Warning: Could not find Atlas role ID to deauthorize"
+	fi
+else
+	echo "Warning: trust-policy.json not found, skipping Atlas role deauthorization"
+fi
 bucketName=$(jq -r '.BucketName' "./inputs/inputs_1_create.json")
 aws s3 rb "s3://${bucketName}" --force
 
 echo "--------------------------------delete IAM role starts----------------------------"
-aws iam delete-role-policy --role-name "$roleName" --policy-name "$policyName"
-aws iam delete-role --role-name "$roleName"
+if [ -n "$roleName" ]; then
+	aws iam delete-role-policy --role-name "$roleName" --policy-name "$policyName" || echo "Failed to delete role policy (may not exist)"
+	aws iam delete-role --role-name "$roleName" || echo "Failed to delete role (may not exist)"
+	echo "Deleted IAM role: ${roleName}"
+else
+	echo "No IAM role to delete (not found in inputs)"
+fi
 echo "--------------------------------delete IAM role ends----------------------------"
 
 #delete project
