mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
name: Delete IAM configuration
|
|
description: Delete previously created IAM configuration.
|
|
|
|
inputs:
|
|
cloudProvider:
|
|
description: "Either 'aws', 'azure' or 'gcp'."
|
|
required: true
|
|
gcpServiceAccount:
|
|
description: "GCP service account to use for authentication."
|
|
required: false
|
|
azureCredentials:
|
|
description: "Azure service principal to use for authentication."
|
|
required: false
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Login to GCP (IAM service account)
|
|
if: inputs.cloudProvider == 'gcp'
|
|
uses: ./.github/actions/login_gcp
|
|
with:
|
|
service_account: ${{ inputs.gcpServiceAccount }}
|
|
|
|
- name: Login to AWS (IAM role)
|
|
if: inputs.cloudProvider == 'aws'
|
|
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
|
|
with:
|
|
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
|
|
aws-region: eu-central-1
|
|
# extend token expiry to 6 hours to ensure constellation can terminate
|
|
role-duration-seconds: 21600
|
|
|
|
- name: Login to Azure (IAM service principal)
|
|
if: inputs.cloudProvider == 'azure'
|
|
uses: ./.github/actions/login_azure
|
|
with:
|
|
azure_credentials: ${{ inputs.azureCredentials }}
|
|
|
|
- name: Delete IAM configuration
|
|
shell: bash
|
|
run: |
|
|
constellation iam destroy --yes --tf-log=DEBUG
|