roll back aws auth apply on staging (#1772)

Co-authored-by: Ben Larabie <[email protected]>
cds-snc · Feb 19, 2025 · 8c45cb5 · 8c45cb5
1 parent a38dbf9
commit 8c45cb5
Showing 1 changed file with 0 additions and 80 deletions.
diff --git a/.github/workflows/merge_to_main_staging.yml b/.github/workflows/merge_to_main_staging.yml
@@ -295,86 +295,6 @@ jobs:
           cd env/${{env.ENVIRONMENT}}/eks
           terragrunt apply --terragrunt-non-interactive -auto-approve
 
-  terragrunt-apply-aws-auth:
-    if: |
-      always() &&
-      !contains(needs.*.result, 'failure') &&
-      !contains(needs.*.result, 'cancelled')
-    runs-on: ubuntu-latest  
-    needs: [terragrunt-apply-eks]
-    env:
-      COMPONENT: "aws-auth"
-    steps:
-      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-
-      - uses: ./.github/actions/setup-terraform
-        with:
-          role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
-          role_session_name: NotifyTerraformApply
-
-      - name: Install sponge
-        run: |
-          sudo apt update
-          sudo apt-get install -y moreutils
-
-      - name: Install OpenVPN
-        run: |
-          sudo apt update
-          sudo apt install -y openvpn openvpn-systemd-resolved
-
-      - name: Install 1Pass CLI and Download TFVars
-        run: |
-          curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
-          sudo dpkg -i 1pass.deb
-          sudo mkdir -p aws && cd aws
-          op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars    
-              
-      - name: Retrieve VPN Config
-        run: |
-          sudo mkdir -p aws
-          cd aws
-          op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
-          cd ../env/${{env.ENVIRONMENT}}/eks
-          ENDPOINT_ID=$(terragrunt output --raw gha_vpn_id)
-          CERT=$(terragrunt output --raw gha_vpn_certificate)
-          KEY=$(terragrunt output --raw gha_vpn_key)
-          aws ec2 export-client-vpn-client-configuration --client-vpn-endpoint-id $ENDPOINT_ID --output text > /var/tmp/${{env.ENVIRONMENT}}.ovpn
-          echo "<cert>
-          $CERT
-          </cert>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn
-          echo "<key>
-          $KEY
-          </key>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn
-
-      - name: Setup helmfile
-        uses: mamezou-tech/setup-helmfile@03233e1cd9b19b2ba320e431f7bcc0618db4248d # v2.0.0
-        with:
-          install-kubectl: yes
-          install-helm: yes       
-          helmfile-version: "v0.151.0"
-
-      - name: Connect to VPN
-        uses: "kota65535/github-openvpn-connect-action@cd2ed8a90cc7b060dc4e001143e811b5f7ea0af5" # v3.1.0
-        with:
-          config_file: /var/tmp/${{env.ENVIRONMENT}}.ovpn
-          echo_config: false       
-
-      - name: Configure kubeconfig
-        run: |
-          aws eks update-kubeconfig --name notification-canada-ca-${{env.ENVIRONMENT}}-eks-cluster     
-          kubectl config rename-context arn:aws:eks:ca-central-1:${{env.ACCOUNT_ID}}:cluster/notification-canada-ca-${{env.ENVIRONMENT}}-eks-cluster ${{env.ENVIRONMENT}}
-
-      - name: get role name
-        run: |
-          export TF_VAR_role_name=$(aws iam list-roles | jq -r '.Roles[] | select(.RoleName|match("AWSReservedSSO_AWSAdministratorAccess_*")) | .RoleName')
-          echo "TF_VAR_role_name=$TF_VAR_role_name" >> $GITHUB_ENV
-
-      - name: terragrunt apply aws-auth
-        run: |
-          cd env/${{env.ENVIRONMENT}}/aws-auth
-          terragrunt apply --terragrunt-non-interactive -auto-approve
-
   terragrunt-apply-elasticache:
     if: |
       always() &&