diff --git a/.evergreen/generated_configs/legacy-config.yml b/.evergreen/generated_configs/legacy-config.yml index 6939395683..fe19585b4d 100644 --- a/.evergreen/generated_configs/legacy-config.yml +++ b/.evergreen/generated_configs/legacy-config.yml @@ -16147,8 +16147,15 @@ task_groups: - name: testazurekms_task_group setup_group: - func: fetch-det + - command: ec2.assume_role + params: + role_arn: ${aws_test_secrets_role} - command: shell.exec params: + include_expansions_in_env: + - AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY + - AWS_SESSION_TOKEN shell: bash script: |- set -o errexit diff --git a/.evergreen/legacy_config_generator/evergreen_config_lib/testazurekms.py b/.evergreen/legacy_config_generator/evergreen_config_lib/testazurekms.py index 809f29b3ed..282362ed08 100644 --- a/.evergreen/legacy_config_generator/evergreen_config_lib/testazurekms.py +++ b/.evergreen/legacy_config_generator/evergreen_config_lib/testazurekms.py @@ -18,8 +18,6 @@ from collections import OrderedDict as OD from typing import MutableSequence -from config_generator.components.funcs.find_cmake_latest import FindCMakeLatest - from evergreen_config_generator.functions import shell_exec, func from evergreen_config_generator.tasks import NamedTask from evergreen_config_generator.variants import Variant @@ -117,6 +115,13 @@ def _create_task_group(): task_group.setup_group_timeout_secs = 1800 # 30 minutes task_group.setup_group = [ func("fetch-det"), + # Assume role to get AWS secrets. + { + "command": "ec2.assume_role", + "params": { + "role_arn": "${aws_test_secrets_role}" + } + }, shell_exec( r""" DRIVERS_TOOLS=$(pwd)/drivers-evergreen-tools @@ -136,6 +141,7 @@ def _create_task_group(): $DRIVERS_TOOLS/.evergreen/csfle/azurekms/create-and-setup-vm.sh """, test=False, + include_expansions_in_env=[ "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN" ] ), # Load the AZUREKMS_VMNAME expansion. OD(