Skip to content

Commit 2566197

Browse files
outcomes-winter-rakhulsprakashoutcomes-winter-rakhulsprakash
committed
test
1 parent 1df1eb8 commit 2566197

2 files changed

Lines changed: 50 additions & 18 deletions

File tree

cfn-resources/log-integration/test/cfn-test-create-inputs.sh

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,8 @@ fi
2828
regionFormatted=$(echo "$region" | sed -e "s/-/_/g" | tr '[:lower:]' '[:upper:]')
2929
echo "Using region: $region (formatted: $regionFormatted)"
3030

31-
roleName="mongodb-atlas-logs-role-${regionFormatted}"
31+
# Use dynamic role name to avoid conflicts in CI (matches test-folder pattern)
32+
roleName="mongodb-atlas-logs-role-${regionFormatted}-$(date +%s)-${RANDOM}"
3233
policyName="atlas-logs-s3-policy-${regionFormatted}"
3334
bucketTag="${CFN_TEST_TAG:-$(date +%Y%m%d%H%M%S)}"
3435
bucketName="mongodb-atlas-cfn-test-logs-${bucketTag}"
@@ -108,6 +109,15 @@ echo "--------------------------------authorize mongodb Role ends---------------
108109
rm -rf inputs
109110
mkdir inputs
110111

112+
# Store AWS role ARN in a separate metadata file for cleanup (not part of CFN schema)
113+
cat > "$(dirname "$0")/test-metadata.json" <<EOF
114+
{
115+
"awsRoleArn": "${awsRoleArn}",
116+
"roleName": "${roleName}",
117+
"policyName": "${policyName}"
118+
}
119+
EOF
120+
111121
WORDTOREMOVE="template."
112122
cd "$(dirname "$0")" || exit
113123
for inputFile in inputs_*; do

cfn-resources/log-integration/test/cfn-test-delete-inputs.sh

Lines changed: 39 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,31 +18,53 @@ projectId=$(jq -r '.ProjectId' ./inputs/inputs_1_create.json)
1818
echo "Check if a project is created $projectId"
1919
export MCLI_PROJECT_ID=$projectId
2020

21-
region=$AWS_DEFAULT_REGION
22-
if [ -z "$region" ]; then
23-
region=$(aws configure get region)
21+
# Extract role info from metadata file (not from CFN input since AwsRoleArn is not part of the schema)
22+
metadataFile="$(dirname "$0")/test-metadata.json"
23+
if [ -f "$metadataFile" ]; then
24+
roleArn=$(jq -r '.awsRoleArn // empty' "$metadataFile")
25+
roleName=$(jq -r '.roleName // empty' "$metadataFile")
26+
policyName=$(jq -r '.policyName // empty' "$metadataFile")
27+
echo "Found test metadata file with role: ${roleName}"
28+
else
29+
echo "Warning: test-metadata.json not found, skipping IAM role cleanup"
30+
roleArn=""
31+
roleName=""
32+
policyName=""
2433
fi
25-
# shellcheck disable=SC2001
26-
region=$(echo "$region" | sed -e "s/-/_/g")
27-
region=$(echo "$region" | tr '[:lower:]' '[:upper:]')
28-
29-
roleName="mongodb-atlas-logs-role-${region}"
30-
policyName="atlas-logs-s3-policy-${region}"
3134

32-
trustPolicy=$(jq '.Statement[0].Condition.StringEquals["sts:ExternalId"]' "$(dirname "$0")/trust-policy.json")
33-
# shellcheck disable=SC2001
34-
atlasAssumedRoleExternalID=$(echo "${trustPolicy}" | sed 's/"//g')
35+
# Deauthorize role from Atlas if trust policy exists
36+
if [ -f "$(dirname "$0")/trust-policy.json" ] && [ -n "$roleArn" ]; then
37+
trustPolicy=$(jq '.Statement[0].Condition.StringEquals["sts:ExternalId"]' "$(dirname "$0")/trust-policy.json")
38+
# shellcheck disable=SC2001
39+
atlasAssumedRoleExternalID=$(echo "${trustPolicy}" | sed 's/"//g')
3540

36-
roleId=$(atlas cloudProviders accessRoles list --projectId "${projectId}" --output json | jq --arg roleID "${atlasAssumedRoleExternalID}" -r '.awsIamRoles[] | select(.atlasAssumedRoleExternalId | test($roleID)) | .roleId')
41+
roleId=$(atlas cloudProviders accessRoles list --projectId "${projectId}" --output json | jq --arg roleID "${atlasAssumedRoleExternalID}" -r '.awsIamRoles[] | select(.atlasAssumedRoleExternalId | test($roleID)) | .roleId')
3742

38-
atlas cloudProviders accessRoles aws deauthorize "${roleId}" --projectId "${projectId}" --force
39-
echo "--------------------------------deauthorize role ends----------------------------"
43+
if [ -n "${roleId}" ] && [ "${roleId}" != "null" ]; then
44+
echo "Deauthorizing role from Atlas: ${roleId}"
45+
atlas cloudProviders accessRoles aws deauthorize "${roleId}" --projectId "${projectId}" --force
46+
echo "--------------------------------deauthorize role ends----------------------------"
47+
else
48+
echo "Warning: Could not find Atlas role ID to deauthorize"
49+
fi
50+
else
51+
if [ -z "$roleArn" ]; then
52+
echo "Warning: No role ARN found in metadata, skipping Atlas role deauthorization"
53+
else
54+
echo "Warning: trust-policy.json not found, skipping Atlas role deauthorization"
55+
fi
56+
fi
4057
bucketName=$(jq -r '.BucketName' "./inputs/inputs_1_create.json")
4158
aws s3 rb "s3://${bucketName}" --force
4259

4360
echo "--------------------------------delete IAM role starts----------------------------"
44-
aws iam delete-role-policy --role-name "$roleName" --policy-name "$policyName"
45-
aws iam delete-role --role-name "$roleName"
61+
if [ -n "$roleName" ]; then
62+
aws iam delete-role-policy --role-name "$roleName" --policy-name "$policyName" || echo "Failed to delete role policy (may not exist)"
63+
aws iam delete-role --role-name "$roleName" || echo "Failed to delete role (may not exist)"
64+
echo "Deleted IAM role: ${roleName}"
65+
else
66+
echo "No IAM role to delete (not found in inputs)"
67+
fi
4668
echo "--------------------------------delete IAM role ends----------------------------"
4769

4870
#delete project

0 commit comments

Comments
 (0)