tests: enable keychain on ci for linux COMPASS-6119 (#5214)

Author: mabaasit

.evergreen/functions.yml

@@ -23,6 +23,7 @@ variables:
   - &compass-env
     WORKDIR: ${workdir}
     CI: '1'
+    MONGODB_COMPASS_TEST_USE_PLAIN_SAFE_STORAGE: 'true'
     EVERGREEN: '1'
     EVERGREEN_AUTHOR: ${author}
     EVERGREEN_BRANCH_NAME: ${branch_name}

packages/atlas-service/src/secret-store.ts

@@ -15,9 +15,6 @@ export class SecretStore {
 
   async getState(): Promise<string | undefined> {
     try {
-      if (process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE === 'true') {
-        throw new Error('Unsupported environment');
-      }
       const data = await this.userData.readOne(this.fileName);
       if (!data) {
         return undefined;
@@ -30,9 +27,6 @@ export class SecretStore {
 
   async setState(value: string): Promise<void> {
     try {
-      if (process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE === 'true') {
-        throw new Error('Unsupported environment');
-      }
       const data = safeStorage.encryptString(value).toString('base64');
       await this.userData.write(this.fileName, data);
     } catch {

packages/compass-e2e-tests/tests/atlas-login.test.ts

@@ -36,14 +36,10 @@ describe('Atlas Login', function () {
   let compass: Compass;
   let browser: CompassBrowser;
   let oidcMockProvider: OIDCMockProvider;
-  let originalDisableKeychainUsage: string | undefined;
   let getTokenPayload: OIDCMockProviderConfig['getTokenPayload'];
   let stopMockAtlasServer: () => Promise<void>;
 
   before(async function () {
-    originalDisableKeychainUsage =
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
-
     // Start a mock server to pass an ai response.
     const { endpoint, stop } = await startMockAtlasServiceServer();
     stopMockAtlasServer = stop;
@@ -100,11 +96,6 @@ describe('Atlas Login', function () {
     process.env.COMPASS_CLIENT_ID_OVERRIDE = 'testServer';
     process.env.COMPASS_OIDC_ISSUER_OVERRIDE = oidcMockProvider.issuer;
     process.env.COMPASS_ATLAS_AUTH_PORTAL_URL_OVERRIDE = `${oidcMockProvider.issuer}/auth-portal-redirect`;
-    if (process.platform === 'linux' && process.env.CI) {
-      // Keychain is not working on Linux in CI, see
-      // https://jira.mongodb.org/browse/COMPASS-6119 for more details.
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE = 'true';
-    }
   });
 
   beforeEach(async function () {
@@ -134,10 +125,6 @@ describe('Atlas Login', function () {
     delete process.env.COMPASS_CLIENT_ID_OVERRIDE;
     delete process.env.COMPASS_OIDC_ISSUER_OVERRIDE;
     delete process.env.COMPASS_ATLAS_AUTH_PORTAL_URL_OVERRIDE;
-    if (originalDisableKeychainUsage)
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE =
-        originalDisableKeychainUsage;
-    else delete process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
 
     await stopMockAtlasServer();
     delete process.env.COMPASS_ATLAS_SERVICE_UNAUTH_BASE_URL_OVERRIDE;

packages/compass-e2e-tests/tests/import-export-connections.test.ts

@@ -16,22 +16,11 @@ const debug = Debug('import-export-connections');
 describe('Connection Import / Export', function () {
   let tmpdir: string;
   let i = 0;
-  let originalDisableKeychainUsage: string | undefined;
   let telemetry: Telemetry;
 
   const getTrackedEvents = (): any[] =>
     telemetry.events().filter((e: any) => e.type === 'track');
 
-  before(function () {
-    originalDisableKeychainUsage =
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
-    if (process.platform === 'linux' && process.env.CI) {
-      // keytar is not working on Linux in CI, see
-      // https://jira.mongodb.org/browse/COMPASS-6119 for more details.
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE = 'true';
-    }
-  });
-
   beforeEach(async function () {
     telemetry = await startTelemetryServer();
 
@@ -48,13 +37,6 @@ describe('Connection Import / Export', function () {
     await telemetry.stop();
   });
 
-  after(function () {
-    if (originalDisableKeychainUsage)
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE =
-        originalDisableKeychainUsage;
-    else delete process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
-  });
-
   const connectionString = 'mongodb://foo:bar@host:1234/';
   const connectionStringWithoutCredentials = 'mongodb://foo@host:1234/';
   const favoriteName = 'Fav for export';

packages/compass-e2e-tests/tests/oidc.test.ts

@@ -46,7 +46,6 @@ function getTestBrowserShellCommand() {
 describe('OIDC integration', function () {
   let compass: Compass;
   let browser: CompassBrowser;
-  let originalDisableKeychainUsage: string | undefined;
 
   let getTokenPayload: typeof oidcMockProviderConfig.getTokenPayload;
   let overrideRequestHandler: typeof oidcMockProviderConfig.overrideRequestHandler;
@@ -63,16 +62,6 @@ describe('OIDC integration', function () {
   ) => Promise<Record<string, any> | undefined>;
 
   before(async function () {
-    {
-      originalDisableKeychainUsage =
-        process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
-      if (process.platform === 'linux' && process.env.CI) {
-        // keytar is not working on Linux in CI, see
-        // https://jira.mongodb.org/browse/COMPASS-6119 for more details.
-        process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE = 'true';
-      }
-    }
-
     if (process.platform !== 'linux') {
       // OIDC is only supported on Linux in the 7.0+ enterprise server.
       return this.skip();
@@ -170,11 +159,6 @@ describe('OIDC integration', function () {
     await cluster?.close();
     await oidcMockProvider?.close();
     if (tmpdir) await fs.rmdir(tmpdir, { recursive: true });
-
-    if (originalDisableKeychainUsage)
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE =
-        originalDisableKeychainUsage;
-    else delete process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
   });
 
   it('can successfully connect with a connection string', async function () {

packages/compass/src/app/auto-connect.spec.ts

@@ -55,26 +55,13 @@ const loadAutoConnectWithConnection = async (
 
 describe('auto connection argument parsing', function () {
   let sandbox: sinon.SinonSandbox;
-  const initialKeychainEnvValue =
-    process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
-
   beforeEach(function () {
     sandbox = sinon.createSandbox();
     sandbox.stub(ipcRenderer!, 'call').resolves(true);
-    if (process.platform === 'linux' && process.env.CI) {
-      // Keychain is not working on Linux in CI, see
-      // https://jira.mongodb.org/browse/COMPASS-6119 for more details.
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE = 'true';
-    }
   });
 
   afterEach(function () {
     sandbox.restore();
-    if (initialKeychainEnvValue) {
-      process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE = initialKeychainEnvValue;
-    } else {
-      delete process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE;
-    }
   });
 
   it('skips connecting if shouldAutoConnect is false', async function () {

packages/compass/src/main/application.ts

@@ -2,7 +2,7 @@ import './disable-node-deprecations'; // Separate module so it runs first
 import path from 'path';
 import { EventEmitter } from 'events';
 import type { BrowserWindow, Event } from 'electron';
-import { app } from 'electron';
+import { app, safeStorage } from 'electron';
 import { ipcMain } from 'hadron-ipc';
 import { CompassAutoUpdateManager } from './auto-update-manager';
 import { CompassLogging } from './logging';
@@ -98,6 +98,13 @@ class CompassApplication {
       );
     }
 
+    if (process.env.MONGODB_COMPASS_TEST_USE_PLAIN_SAFE_STORAGE === 'true') {
+      // When testing we want to use plain text encryption to avoid having to
+      // deal with keychain popups or setting up keychain for test on CI (Linux env).
+      // This method is only available on Linux and is no-op on other platforms.
+      safeStorage.setUsePlainTextEncryption(true);
+    }
+
     if (mode === 'CLI') {
       return;
     }

packages/connection-storage/src/connection-storage.ts

@@ -233,10 +233,10 @@ export class ConnectionStorage {
     return deleteCompassAppNameParam(connectionInfo);
   }
 
+  // This method is only called when compass tries to migrate connections to a new version.
+  // In e2e-tests we do not migrate any connections as all the connections are created
+  // in the new format, so keychain is not triggered (using keytar) and hence test is not blocked.
   private static async getKeytarCredentials() {
-    if (process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE === 'true') {
-      return {};
-    }
     try {
       const credentials = await keytar.findCredentials(getKeytarServiceName());
       return Object.fromEntries(
@@ -326,34 +326,26 @@ export class ConnectionStorage {
       // where we use storage-mixin. storage-mixin uses this prop
       // to map keytar credentials to the stored connection.
 
-      // While testing, we don't use keychain to store secrets
-      if (process.env.COMPASS_E2E_DISABLE_KEYCHAIN_USAGE === 'true') {
-        await this.userData.write(connectionInfo.id, {
-          connectionInfo,
-          _id: connectionInfo.id,
-        });
-      } else {
-        const { secrets, connectionInfo: connectionInfoWithoutSecrets } =
-          extractSecrets(connectionInfo);
-
-        let connectionSecrets: string | undefined = undefined;
-        try {
-          connectionSecrets = this.encryptSecrets(secrets);
-        } catch (e) {
-          log.error(
-            mongoLogId(1_001_000_202),
-            'Connection Storage',
-            'Failed to encrypt secrets',
-            { message: (e as Error).message }
-          );
-        }
-        await this.userData.write(connectionInfo.id, {
-          _id: connectionInfo.id,
-          connectionInfo: connectionInfoWithoutSecrets,
-          connectionSecrets,
-          version: this.version,
-        });
+      const { secrets, connectionInfo: connectionInfoWithoutSecrets } =
+        extractSecrets(connectionInfo);
+
+      let connectionSecrets: string | undefined = undefined;
+      try {
+        connectionSecrets = this.encryptSecrets(secrets);
+      } catch (e) {
+        log.error(
+          mongoLogId(1_001_000_202),
+          'Connection Storage',
+          'Failed to encrypt secrets',
+          { message: (e as Error).message }
+        );
       }
+      await this.userData.write(connectionInfo.id, {
+        _id: connectionInfo.id,
+        connectionInfo: connectionInfoWithoutSecrets,
+        connectionSecrets,
+        version: this.version,
+      });
       await this.afterConnectionHasBeenSaved(connectionInfo);
     } catch (err) {
       log.error(