Minor PR feedback

aws · Jan 31, 2025 · f2fa641 · f2fa641
1 parent 134d2b7
commit f2fa641
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 25 deletions.
diff --git a/terraform/ec2/assume_role/main.tf b/terraform/ec2/assume_role/main.tf
@@ -82,14 +82,14 @@ locals {
     source_account_key = {
       suffix = "-source_account_key"
       condition = {
-        "aws:SourceAccount" = "506463145083"
+        "aws:SourceAccount" = data.aws_caller_identity.account_id.account_id
       }
     }
     all_context_keys = {
       suffix = "-all_context_keys"
       condition = {
         "aws:SourceArn"     = aws_instance.cwagent.arn
-        "aws:SourceAccount" = "506463145083"
+        "aws:SourceAccount" = data.aws_caller_identity.account_id.account_id
       }
     }
   }
@@ -174,7 +174,6 @@ resource "null_resource" "integration_test_setup" {
       "echo sha ${var.cwa_github_sha}",
       "sudo cloud-init status --wait",
       "echo clone and install agent",
-      "rm -rf amazon-cloudwatch-agent-test",
       "git clone --branch ${var.github_test_repo_branch} ${var.github_test_repo}",
       "cd amazon-cloudwatch-agent-test",
       "aws s3 cp s3://${local.binary_uri} .",
@@ -201,14 +200,13 @@ resource "null_resource" "integration_test_run" {
   provisioner "remote-exec" {
     inline = [
       "echo prepare environment",
-      "export LOCAL_STACK_HOST_NAME=${var.local_stack_host_name}",
       "export AWS_REGION=${var.region}",
       "export PATH=$PATH:/snap/bin:/usr/local/go/bin",
       "echo run integration test",
       "cd ~/amazon-cloudwatch-agent-test",
       "echo run sanity test && go test ./test/sanity -p 1 -v",
       "echo base assume role arn is ${aws_iam_role.roles["no_context_keys"].arn}",
-      "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -assumeRoleArn=${aws_iam_role.roles["no_context_keys"].arn} -instanceArn=${aws_instance.cwagent.arn} -accountId=${data.aws_caller_identity.account_id.account_id} -v"
+      "go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -assumeRoleArn=${aws_iam_role.roles["no_context_keys"].arn} -instanceArn=${aws_instance.cwagent.arn} -accountId=${data.aws_caller_identity.account_id.account_id} -v"
     ]
   }
 

diff --git a/terraform/ec2/assume_role/variables.tf b/terraform/ec2/assume_role/variables.tf
@@ -36,12 +36,6 @@ variable "install_agent" {
   type        = string
   default     = "go run ./install/install_agent.go rpm"
 }
-
-variable "ca_cert_path" {
-  type    = string
-  default = ""
-}
-
 variable "arc" {
   type    = string
   default = "amd64"
@@ -57,11 +51,6 @@ variable "binary_name" {
   default = ""
 }
 
-variable "local_stack_host_name" {
-  type    = string
-  default = "localhost.localstack.cloud"
-}
-
 variable "s3_bucket" {
   type    = string
   default = ""
@@ -97,11 +86,6 @@ variable "is_canary" {
   default = false
 }
 
-variable "excluded_tests" {
-  type    = string
-  default = ""
-}
-
 variable "plugin_tests" {
   type    = string
   default = ""

diff --git a/test/assume_role/assume_role_unix.go b/test/assume_role/assume_role_unix.go
@@ -468,6 +468,7 @@ func (t *ConfusedDeputyAssumeRoleTestRunner) validateFoundConfusedDeputyHeaders(
 			if isStsAssumeRoleRequest && checkForConfusedDeputyHeaders(httpDebugLog) {
 				log.Println("Found confused deputy headers in the HTTP debug log")
 				testResult.Status = status.SUCCESSFUL
+				return testResult
 			}
 
 			// Reset the search
@@ -511,10 +512,8 @@ func (t *ConfusedDeputyAssumeRoleTestRunner) SetupBeforeAgentRun() error {
 
 	// Clear out log file since we'll need to check the logs on each run and we don't want logs from another test
 	// being checked
-	err = t.clearLogFile()
-	if err != nil {
-		return fmt.Errorf("failed to clear log file: %w", err)
-	}
+	common.RecreateAgentLogfile(common.AgentLogFile)
+
 	return t.setupAgentConfig()
 }