CI: remove uneeded AWS creds from test-integrations (#17113)

pull/17127/head
Dan Bond 2023-04-25 08:49:43 -07:00 committed by GitHub
parent 5f5590e1be
commit 1bfd83fdac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 21 deletions

View File

@ -177,9 +177,6 @@ jobs:
envoy-integration-test:
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
needs:
- setup
- generate-envoy-job-matrices
@ -195,24 +192,6 @@ jobs:
XDS_TARGET: ${{ matrix.xds-target }}
AWS_LAMBDA_REGION: us-west-2
steps:
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/aws arn | AWS_ROLE_ARN ;
- uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with: