test

Signed-off-by: torredil <torredil@amazon.com>
kubernetes-sigs · Apr 10, 2024 · f0e071a · f0e071a
1 parent b83f0af
commit f0e071a
Showing 1 changed file with 49 additions and 0 deletions.
diff --git a/hack/e2e/ecr.sh b/hack/e2e/ecr.sh
@@ -23,7 +23,50 @@ function ecr_build_and_push() {
   IMAGE_TAG=${4}
   IMAGE_ARCH=${5}
 
+  ROLE_NAME="aws-shared-testing-role"
+  NEW_ROLE_NAME="aws-ebs-csi-driver-ecr-role"
+  POLICY_NAME="ECRBatchDeleteImagePolicy"
+
+  echo "Listing policies attached to the role ${ROLE_NAME}:"
+  aws iam list-attached-role-policies --role-name ${ROLE_NAME}
+
+  echo "creating new role"
+  aws iam create-role --role-name ${NEW_ROLE_NAME} --assume-role-policy-document '{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Principal": {
+          "Service": "ec2.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+      }
+    ]
+  }'
+
+  echo "creating policy document"
+  cat > /tmp/ecr-batch-delete-image-policy.json << EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": "ecr:BatchDeleteImage",
+        "Resource": "arn:aws:ecr:us-west-2:209411653980:repository/aws-ebs-csi-driver"
+      }
+    ]
+  }
+  EOF
+
+  echo "creating policy"
+  aws iam create-policy --policy-name ${POLICY_NAME} --policy-document file:///tmp/ecr-batch-delete-image-policy.json
+
+  echo "attaching policy"
+  # Attach the policy to the new IAM role
+  aws iam attach-role-policy --role-name ${NEW_ROLE_NAME} --policy-arn $(aws iam list-policies --query "Policies[?PolicyName=='${POLICY_NAME}'].Arn" --output text)
+
   loudecho "Checking number of images in the repository"
+
   IMAGE_COUNT=$(aws ecr list-images --repository-name aws-ebs-csi-driver --region ${REGION} --query 'length(imageIds[])')
   echo $IMAGE_COUNT
 
@@ -32,6 +75,12 @@ function ecr_build_and_push() {
 
   if [ $IMAGE_COUNT -ge $MAX_IMAGES ]; then
     loudecho "Repository image limit reached. Unable to push new images."
+
+    aws ecr batch-delete-image --region ${REGION} \
+      --repository-name aws-ebs-csi-driver \
+      --image-ids "$(
+        aws ecr list-images --region ${REGION} --repository-name aws-ebs-csi-driver --query 'imageIds[*]' --output json
+      )" || true
   fi
 
   loudecho "Building and pushing test driver image to ${IMAGE_NAME}:${IMAGE_TAG}"