Hi,
My PR previously had a passing build, but after a recent update it’s started failing with permission errors from the AWS APIs. I’d like to get this passing again but can’t work out what it is that controls the permissions granted to the AWS test roles used in the shippable builds.
Can someone point me in the right direction to get more permissions granted to the AWS test user / roles used in these builds?
Specifically, my PR is here: https://github.com/ansible/ansible/pull/31140
This adds a new module and the associated integration tests (which are now failing).
Someone else helpfully added a couple of elements I appear to have missed (though I’m not 100% clear on what these are used for)
- moving the integration test to “Group 4”
- Adding the required permissions to hacking/aws_config/testing_policies/compute-policy.json
The builds are now failing with the following error:
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetIdentityVerificationAttributes operation: User: arn:aws:sts::966509639900:assumed-role/ansible-core-ci-test-prod/prod=shippable=ansible=ansible=47642.56 is not authorized to perform: ses:GetIdentityVerificationAttributes
I’ve run the tests using my own AWS user with only the permissions from the compute-policy file above and they pass. So presumably that file doesn’t control the permissions granted the roles used by the build.
I’m assuming that previously my integration test was not actually running in the shippable build and the move to group 4 has enabled it, which is why I’m now getting failures.
Any help on how to update these permissions would be much appreciated.
Thanks
Ed