chore: Remove secure repo and fetch secrets from AWS

edx · Oct 12, 2023 · af35cb2 · af35cb2
1 parent b1ddbbc
commit af35cb2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 18 deletions.
diff --git a/devops/resources/user-retirement-archiver.sh b/devops/resources/user-retirement-archiver.sh
@@ -13,6 +13,18 @@ set -ex
 cd $WORKSPACE/configuration
 . util/jenkins/assume-role.sh
 
+# hide the sensitive information in the logs
+set +x
+
+SECRET_JSON=$(aws secretsmanager get-secret-value --secret-id "user-retirement-secure/${ENVIRONMENT_DEPLOYMENT}" --region "us-east-1" --output json)
+# Check for a successful response
+if [ $? -eq 0 ]; then
+    # Use jq to convert the JSON to YAML
+    SECRET_YAML=$(echo "$SECRET_JSON" | jq -r '.SecretString' | yq eval - -P)
+else
+    echo "AWS CLI command failed"
+fi
+
 assume-role ${ROLE_ARN}
 
 # prepare tubular
@@ -26,7 +38,7 @@ fi
 
 # Call the script to read the retirement statuses from the LMS, send them to S3, and delete them from the LMS.
 python scripts/retirement_archive_and_cleanup.py \
-    --config_file=$WORKSPACE/user-retirement-secure/${ENVIRONMENT_DEPLOYMENT}.yml \
+    --config_file=$SECRET_YAML \
     --cool_off_days=$COOL_OFF_DAYS \
     --batch_size=$BATCH_SIZE \
     --start_date=$START_DATE \

diff --git a/src/main/groovy/org/edx/jenkins/dsl/UserRetirementConstants.groovy b/src/main/groovy/org/edx/jenkins/dsl/UserRetirementConstants.groovy
@@ -59,23 +59,6 @@ class UserRetirementConstants {
 
     public static def common_multiscm = { extraVars ->
         return {
-            git {
-                remote {
-                    url('[email protected]:edx-ops/user-retirement-secure.git')
-                    if (extraVars.containsKey('SECURE_GIT_CREDENTIALS')) {
-                        credentials(extraVars.get('SECURE_GIT_CREDENTIALS'))
-                    }
-                }
-                branch('$USER_RETIREMENT_SECURE_BRANCH')
-                extensions {
-                    relativeTargetDirectory('user-retirement-secure')
-                    cloneOptions {
-                        shallow()
-                        timeout(10)
-                    }
-                    cleanBeforeCheckout()
-                }
-            }
             git {
                 remote {
                     url('https://github.com/edx/tubular.git')