test rest of script with perms

.github/workflows/secrets-rotation-reminder.yml

@@ -48,48 +48,46 @@ jobs:
 
           - name: Run Secrets Rotation Reminder Script
             run: |
-              gh issue create --title "TEST" --label security --body "TEST ISSUE" --project "Modernisation Platform"
-
-              # # Get the list of secret names from AWS Secrets Manager
-              # secrets=$(aws secretsmanager list-secrets --region $AWS_REGION --query "SecretList[].Name" --output text)
+              # Get the list of secret names from AWS Secrets Manager
+              secrets=$(aws secretsmanager list-secrets --region $AWS_REGION --query "SecretList[].Name" --output text)
               
-              # # Remove secrets from list that are exempt from rotation
-              # delete=("environment_management" "nuke_account_ids" "nuke_account_blocklist" "mod-platform-circleci" "pagerduty_integration_keys")
-              # for del in ${delete[@]}
-              # do
-              #   secrets=("${secrets[@]/$del}")
-              # done
+              # Remove secrets from list that are exempt from rotation
+              delete=("environment_management" "nuke_account_ids" "nuke_account_blocklist" "mod-platform-circleci" "pagerduty_integration_keys")
+              for del in ${delete[@]}
+              do
+                secrets=("${secrets[@]/$del}")
+              done
               
-              # # Define the threshold in seconds (180 days)
-              # threshold=$((180 * 24 * 60 * 60))
+              # Define the threshold in seconds (180 days)
+              threshold=$((180 * 24 * 60 * 60))
               
-              # # Get the current timestamp in seconds
-              # current_timestamp=$(date +%s)
+              # Get the current timestamp in seconds
+              current_timestamp=$(date +%s)
               
-              # # Loop through each secret,  check its last changed date and raise issue if required
-              # for secret in $secrets; do
-              #   last_changed=$(aws secretsmanager list-secret-version-ids --secret-id $secret --region $AWS_REGION --query "Versions[?contains(VersionStages,'AWSCURRENT')].CreatedDate" --output text | sort -r | head -n 1)
+              # Loop through each secret,  check its last changed date and raise issue if required
+              for secret in $secrets; do
+                last_changed=$(aws secretsmanager list-secret-version-ids --secret-id $secret --region $AWS_REGION --query "Versions[?contains(VersionStages,'AWSCURRENT')].CreatedDate" --output text | sort -r | head -n 1)
                 
-              #   # If the secret has never been changed, set the last_changed date to 0
-              #   if [ -z "$last_changed" ]; then
-              #     last_changed=0
-              #   fi
+                # If the secret has never been changed, set the last_changed date to 0
+                if [ -z "$last_changed" ]; then
+                  last_changed=0
+                fi
               
-              #   # Calculate the age of the secret in seconds
-              #   age=$((current_timestamp - $(date -d "$last_changed" +%s)))
+                # Calculate the age of the secret in seconds
+                age=$((current_timestamp - $(date -d "$last_changed" +%s)))
 
-              #   # Check if there is an existing open issue to rotate the secret
-              #   open_issue=$(gh issue list -R ministryofjustice/modernisation-platform --search "Rotate $secret in:title" --state open)
+                # Check if there is an existing open issue to rotate the secret
+                open_issue=$(gh issue list -R ministryofjustice/modernisation-platform --search "Rotate $secret in:title" --state open)
               
-              #   # Check if the secret is older than the threshold and if there is an existing open issue to rotate it, if required raise a new issue
-              #   if [ $age -gt $threshold ] && [ -z "$open_issue" ]; then
-              #   echo "$secret secret is older than 180 days (age: $((age / (24 * 60 * 60))) days)"
-              #   echo "Creating GitHub Issue to rotate $secret"
-              #   gh issue create --title "Rotate $secret Credential" --label security --body "The [secrets-rotation-reminder workflow](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) has identified that the $secret credential requires rotation as it is close to or exceeding the threshold of 180 days. 
+                # Check if the secret is older than the threshold and if there is an existing open issue to rotate it, if required raise a new issue
+                if [ $age -gt $threshold ] && [ -z "$open_issue" ]; then
+                echo "$secret secret is older than 180 days (age: $((age / (24 * 60 * 60))) days)"
+                echo "Creating GitHub Issue to rotate $secret"
+                # gh issue create --title "Rotate $secret Credential" --label security --project "Modernisation Platform" --body "The [secrets-rotation-reminder workflow](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) has identified that the $secret credential requires rotation as it is close to or exceeding the threshold of 180 days. 
 
-              #   Consult [this documentation](https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/rotating-secrets.html#how-to-rotate-secrets) which describes the process for rotation."
-              #   else 
-              #   echo "The $secret secret has not been identified for rotation (age: $((age / (24 * 60 * 60))) days)"
-              #   fi
+                # Consult [this documentation](https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/rotating-secrets.html#how-to-rotate-secrets) which describes the process for rotation."
+                else 
+                echo "The $secret secret has not been identified for rotation (age: $((age / (24 * 60 * 60))) days)"
+                fi
 
-              # done              
+              done