NRL-1595 Workflow didn't have permission to pull CA certs for dev-sandbox env. Retrying with just server certs instead.

anjalitrace2-nhs · anjalitrace2-nhs · commit b68eb2153306 · 2025-11-26T15:44:47.000Z
diff --git a/.github/workflows/deploy-account-wide-infra.yml b/.github/workflows/deploy-account-wide-infra.yml
@@ -62,7 +62,7 @@ jobs:
         env:
           ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
         run: |
-          make truststore-pull-all-for-account ACCOUNT=${ACCOUNT_NAME}
+          make truststore-pull-server-for-account ACCOUNT=${ACCOUNT_NAME}
 
       - name: Terraform Init
         env:
@@ -124,7 +124,7 @@ jobs:
         env:
           ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
         run: |
-          make truststore-pull-all-for-account ACCOUNT=${ACCOUNT_NAME}
+          make truststore-pull-server-for-account ACCOUNT=${ACCOUNT_NAME}
 
       - name: Terraform Init
         env:
diff --git a/Makefile b/Makefile
@@ -202,8 +202,8 @@ truststore-build-ca: check-warn ## Build a CA (Certificate Authority)
 truststore-build-cert: check-warn ## Build a certificate
 	@./scripts/truststore.sh build-cert "$(CA_NAME)" "$(CERT_NAME)" "$(CERT_SUBJECT)"
 
-truststore-pull-all-for-account: check-warn ## Pull all certificates for each environment in a given account
-	@./scripts/truststore.sh pull-all-for-account "$(ACCOUNT)"
+truststore-pull-server-for-account: check-warn ## Pull all certificates for each environment in a given account
+	@./scripts/truststore.sh pull-server-for-account "$(ACCOUNT)"
 
 truststore-pull-all: check-warn ## Pull all certificates
 	@./scripts/truststore.sh pull-all "$(ENV)"
diff --git a/scripts/truststore.sh b/scripts/truststore.sh
@@ -25,6 +25,7 @@ function _truststore_help() {
     echo "  pull-ca-key <ca>                - Pull the certificate authority private key"
     echo "  pull-client <env>               - pull the files needed for a client connection"
     echo "  pull-server <env>               - pull the files needed for a server connection"
+    echo "  pull-server-for-account <acc>   - pull the files needed for a server connection for all environments in a given account"
     echo "  pull-all <env>                  - pull all the truststore files for an environment"
     echo "  push-all <env>                  - push all the truststore files for an environment"
     echo "  rotate-ca <env>                 - rotate the certificate authority, archiving the previous one"
@@ -312,18 +313,16 @@ function _truststore_pull_all() {
     return 0
 }
 
-function _truststore_pull_all_for_account() {
+function _truststore_pull_server_for_account() {
     account=$1
 
     # sets envs_array
     source ./scripts/get-envs-for-account.sh $account
 
-    echo "Pulling certs for environments ${envs_array[@]} in ${account} account"
+    echo "Pulling server certs for environments ${envs_array[@]} in ${account} account"
 
     for env in ${envs_array[@]}; do
         echo "⏳ Pulling ${env} truststore certs"
-        _truststore_pull_ca $env
-        _truststore_pull_client $env
         _truststore_pull_server $env
     done
 
@@ -384,7 +383,7 @@ function _truststore() {
         "build-ca") _truststore_build_ca $args ;;
         "build-cert") _truststore_build_cert $args ;;
         "pull-all") _truststore_pull_all $args ;;
-        "pull-all-for-account") _truststore_pull_all_for_account $args ;;
+        "pull-server-for-account") _truststore_pull_server_for_account $args ;;
         "pull-server") _truststore_pull_server $args ;;
         "pull-client") _truststore_pull_client $args ;;
         "pull-ca") _truststore_pull_ca $args ;;
