diff --git a/ci-operator/step-registry/aws-load-balancer/post-install-rosa/aws-load-balancer-post-install-rosa-commands.sh b/ci-operator/step-registry/aws-load-balancer/post-install-rosa/aws-load-balancer-post-install-rosa-commands.sh index 04449adae0ede..9c4772485bd78 100755 --- a/ci-operator/step-registry/aws-load-balancer/post-install-rosa/aws-load-balancer-post-install-rosa-commands.sh +++ b/ci-operator/step-registry/aws-load-balancer/post-install-rosa/aws-load-balancer-post-install-rosa-commands.sh @@ -1,13 +1,11 @@ #!/bin/bash set -o nounset -set -o errexit -set -o pipefail AWSCRED="${CLUSTER_PROFILE_DIR}/.awscred" REGION="${LEASED_RESOURCE}" E2E_INPUT_DIR="${SHARED_DIR}" -E2E_WAFV2_WEB_ACL_NAME="echoserver-acl" +E2E_WAFV2_WEB_ACL_NAME="echoserver-acl-${UNIQUE_HASH}" echo "=> configuring aws" if [ -f "${AWSCRED}" ]; then @@ -20,9 +18,12 @@ fi if [ -f "${E2E_INPUT_DIR}/wafv2-webacl" ]; then E2E_WAFV2_WEB_ACL_ARN="$(cat ${E2E_INPUT_DIR}/wafv2-webacl)" E2E_WAFV2_WEB_ACL_ID="${E2E_WAFV2_WEB_ACL_ARN##*/}" - echo "=> deleting e2e wafv2 web acl: ${E2E_WAFV2_WEB_ACL_ARN}" + echo "=> getting lock token for e2e wafv2 web acl named ${E2E_WAFV2_WEB_ACL_NAME} with id ${E2E_WAFV2_WEB_ACL_ID}" LOCK_TOKEN=$(aws wafv2 get-web-acl --name "${E2E_WAFV2_WEB_ACL_NAME}" --id "${E2E_WAFV2_WEB_ACL_ID}" --scope=REGIONAL --output json | jq -r .LockToken) - aws wafv2 delete-web-acl --name "${E2E_WAFV2_WEB_ACL_NAME}" --id "${E2E_WAFV2_WEB_ACL_ID}" --scope=REGIONAL --lock-token "${LOCK_TOKEN}" + if [ -n "${LOCK_TOKEN}" ]; then + echo "=> deleting e2e wafv2 web acl named ${E2E_WAFV2_WEB_ACL_NAME} with id ${E2E_WAFV2_WEB_ACL_ID}" + aws wafv2 delete-web-acl --name "${E2E_WAFV2_WEB_ACL_NAME}" --id "${E2E_WAFV2_WEB_ACL_ID}" --scope=REGIONAL --lock-token "${LOCK_TOKEN}" + fi else echo "=> nothing to do for e2e wafv2 web acl" fi @@ -31,9 +32,12 @@ if [ -f "${E2E_INPUT_DIR}/waf-webacl" ]; then # it's possible to create webacls with duplicate name using wafregional, # we have to take this case into account for id in $(cat "${E2E_INPUT_DIR}/waf-webacl"); do - echo "=> deleting e2e wafregional web acl: ${id}" + echo "=> getting change token for e2e wafregional web acl: ${id}" CHANGE_TOKEN=$(aws waf-regional get-change-token --output json | jq -r .ChangeToken) - aws waf-regional delete-web-acl --web-acl-id "${id}" --change-token "${CHANGE_TOKEN}" + if [ -n "${CHANGE_TOKEN}" ]; then + echo "=> deleting e2e wafregional web acl: ${id}" + aws waf-regional delete-web-acl --web-acl-id "${id}" --change-token "${CHANGE_TOKEN}" || true + fi done else echo "=> nothing to do for e2e wafregional web acl" diff --git a/ci-operator/step-registry/aws-load-balancer/pre-install-rosa/aws-load-balancer-pre-install-rosa-commands.sh b/ci-operator/step-registry/aws-load-balancer/pre-install-rosa/aws-load-balancer-pre-install-rosa-commands.sh index 928f1355905b3..cacd5bc905a07 100755 --- a/ci-operator/step-registry/aws-load-balancer/pre-install-rosa/aws-load-balancer-pre-install-rosa-commands.sh +++ b/ci-operator/step-registry/aws-load-balancer/pre-install-rosa/aws-load-balancer-pre-install-rosa-commands.sh @@ -22,8 +22,8 @@ E2E_INPUT_WAFV2_WEBACL="wafv2-webacl" E2E_INPUT_WAF_WEBACL="waf-webacl" E2E_INPUT_OPERATOR_ROLE_ARN="operator-role-arn" E2E_INPUT_CONTROLLER_ROLE_ARN="controller-role-arn" -E2E_WAFV2_WEB_ACL_NAME="echoserver-acl" -E2E_WAF_WEB_ACL_NAME="echoserverclassicacl" +E2E_WAFV2_WEB_ACL_NAME="echoserver-acl-${UNIQUE_HASH}" +E2E_WAF_WEB_ACL_NAME="echoserverclassicacl${UNIQUE_HASH}" if [ -f "${AWSCRED}" ]; then echo "=> configuring aws"