Merge pull request #4746 from hashicorp/backport/moduli-e2e-credentia…

…l-rotation-minio/possibly-outgoing-dragon This pull request was automerged via backport-assistant
hashicorp · Apr 29, 2024 · 7d3acf8 · 7d3acf8
2 parents 9101b92 + f4bff79
commit 7d3acf8
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 2 deletions.
diff --git a/enos/modules/docker_minio/main.tf b/enos/modules/docker_minio/main.tf
@@ -174,6 +174,10 @@ output "bucket_region" {
   value = var.region
 }
 
+output "bucket_user_id" {
+  value = var.user_id
+}
+
 output "endpoint_url" {
   value = "http://${var.container_name}:9000"
 }

diff --git a/enos/modules/docker_minio/policy.json b/enos/modules/docker_minio/policy.json
@@ -4,16 +4,26 @@
     {
       "Effect": "Allow",
       "Action": [
-        "s3:ListBucket",
         "s3:PutObject",
         "s3:GetObject",
         "s3:DeleteObject",
         "s3:GetObjectAttributes"
       ],
       "Resource": [
-        "arn:aws:s3:::testbucket",
         "arn:aws:s3:::testbucket/*"
       ]
+    },
+    {
+      "Action": "s3:ListBucket",
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::testbucket"
+    },
+    {
+      "Action": [
+        "admin:CreateServiceAccount",
+        "admin:RemoveServiceAccount"
+      ],
+      "Effect": "Allow"
     }
   ]
 }
diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf
@@ -134,6 +134,11 @@ variable "bucket_name" {
   type        = string
   default     = ""
 }
+variable "bucket_user_id" {
+  description = "User ID created in bucket"
+  type        = string
+  default     = ""
+}
 variable "minio_alias" {
   description = "Alias used in the minio cli"
   type        = string
@@ -261,6 +266,7 @@ resource "enos_local_exec" "run_e2e_test" {
     E2E_VAULT_ADDR                = local.vault_addr_internal
     E2E_BUCKET_NAME               = var.bucket_name
     E2E_BUCKET_ENDPOINT_URL       = var.bucket_endpoint_url
+    E2E_BUCKET_USER_ID            = var.bucket_user_id
     E2E_BUCKET_ACCESS_KEY_ID      = var.access_key_id
     E2E_BUCKET_SECRET_ACCESS_KEY  = var.secret_access_key
     E2E_MINIO_ALIAS               = var.minio_alias

diff --git a/enos/modules/test_e2e_docker/test_runner.sh b/enos/modules/test_e2e_docker/test_runner.sh
@@ -24,6 +24,7 @@ docker run \
     -e "E2E_SSH_KEY_PATH=/keys/target.pem" \
     -e "E2E_REGION=$E2E_REGION" \
     -e "E2E_BUCKET_NAME=$E2E_BUCKET_NAME" \
+    -e "E2E_BUCKET_USER_ID=$E2E_BUCKET_USER_ID" \
     -e "E2E_BUCKET_ENDPOINT_URL=$E2E_BUCKET_ENDPOINT_URL" \
     -e "E2E_BUCKET_ACCESS_KEY_ID=$E2E_BUCKET_ACCESS_KEY_ID" \
     -e "E2E_BUCKET_SECRET_ACCESS_KEY=$E2E_BUCKET_SECRET_ACCESS_KEY" \