diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 56d6866c7c..e5f0885455 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -43,8 +43,7 @@ functions: VERSION_ID: ${version_id} # Define an alias for the task runner script. TASK_RUNNER_ALIAS: &task-runner src/go.mongodb.org/mongo-driver/.evergreen/run-task.sh - args: - - ".evergreen/setup-system.sh" + args: [.evergreen/setup-system.sh] - command: expansions.update params: file: src/go.mongodb.org/mongo-driver/expansion.yml @@ -86,12 +85,10 @@ functions: permissions: public-read content_type: application/x-gzip display_name: "fuzz.tgz" - - command: shell.exec + - command: subprocess.exec params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - find . -name \*.suite | xargs tar czf test_suite.tgz + binary: bash + args: [*task-runner, evg-gather-test-suites] - command: s3.put params: aws_key: ${AWS_ACCESS_KEY_ID} @@ -154,6 +151,11 @@ functions: binary: bash args: - ${DRIVERS_TOOLS}/.evergreen/csfle/teardown.sh + - command: subprocess.exec + params: + binary: bash + args: + - ${DRIVERS_TOOLS}/.evergreen/ocsp/teardown.sh - command: subprocess.exec params: binary: bash @@ -175,32 +177,20 @@ functions: include_expansions_in_env: [DRIVERS_TOOLS, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN] args: [*task-runner, test-oidc] - run-task: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - ${BUILD_ENV|} BUILD_TAGS=${BUILD_TAGS|-tags=cse,gssapi} ${RUN_TASK} setup-test - ${RUN_TASK} ${targets} - run-tests: - - command: shell.exec + - command: subprocess.exec type: test params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver + binary: bash + env: + GO_BUILD_TAGS: cse include_expansions_in_env: ["TOPOLOGY", "AUTH", "SSL", "SKIP_CSOT_TESTS", "MONGODB_URI", "CRYPT_SHARED_LIB_PATH", "SKIP_CRYPT_SHARED_LIB", "RACE", "MONGO_GO_DRIVER_COMPRESSOR", "REQUIRE_API_VERSION", "LOAD_BALANCER"] - script: | - set -e - GO_BUILD_TAGS="cse" ${RUN_TASK} setup-test - if [ "$(uname -s)" = "Darwin" ]; then - # Run a subset of the tests on Darwin - ${RUN_TASK} evg-test-load-balancers - else - ${RUN_TASK} evg-test - fi + args: [*task-runner, setup-test] + - command: subprocess.exec + type: test + params: + binary: bash + args: [*task-runner, "${DEFAULT_TASK}" ] create-api-report: - command: subprocess.exec @@ -256,7 +246,9 @@ functions: params: binary: bash include_expansions_in_env: [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN] - args: [*task-runner, setup-test, --, enterprise-plain] + env: + TEST_ENTERPRISE_AUTH: plain + args: [*task-runner, setup-test] - command: subprocess.exec type: test params: @@ -272,7 +264,9 @@ functions: params: binary: bash include_expansions_in_env: [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN] - args: [*task-runner, setup-test, --, enterprise-gssapi] + env: + TEST_ENTERPRISE_AUTH: gssapi + args: [*task-runner, setup-test] - command: subprocess.exec type: test params: @@ -288,7 +282,9 @@ functions: params: binary: bash include_expansions_in_env: [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN] - args: [*task-runner, setup-test, --, atlas-connect] + env: + TEST_ATLAS_CONNECT: "1" + args: [*task-runner, setup-test] - command: subprocess.exec type: test params: @@ -296,23 +292,22 @@ functions: args: [*task-runner, test-atlas-connect] run-ocsp-test: - - command: shell.exec + - command: subprocess.exec type: test params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - export MONGO_GO_DRIVER_CA_FILE="${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem" - if [ "Windows_NT" = "$OS" ]; then # Magic variable in cygwin - export MONGO_GO_DRIVER_CA_FILE=$(cygpath -m $MONGO_GO_DRIVER_CA_FILE) - fi - - AUTH="auth" \ - SSL="ssl" \ - TOPOLOGY="server" \ - MONGODB_URI="${MONGODB_URI}" \ - OCSP_TLS_SHOULD_SUCCEED="${OCSP_TLS_SHOULD_SUCCEED}" \ - ${RUN_TASK} evg-test-ocsp + binary: bash + env: + TOPOLOGY: server + AUTH: auth + SSL: ssl + include_expansions_in_env: [OCSP_ALGORITHM, MONGODB_URI] + args: [*task-runner, setup-test] + - command: subprocess.exec + type: test + params: + binary: bash + include_expansions_in_env: [OCSP_TLS_SHOULD_SUCCEED] + args: [*task-runner, evg-test-ocsp] run-versioned-api-test: - command: subprocess.exec @@ -336,7 +331,9 @@ functions: params: binary: bash include_expansions_in_env: [SINGLE_MONGOS_LB_URI, MULTI_MONGOS_LB_URI, AUTH, SSL, MONGO_GO_DRIVER_COMPRESSOR] - args: [*task-runner, setup-test, --, load-balancer] + env: + LOAD_BALANCER: "true" + args: [*task-runner, setup-test] - command: subprocess.exec type: test params: @@ -348,7 +345,9 @@ functions: type: test params: binary: "bash" - args: [*task-runner, setup-test, --, serverless] + env: + SERVERLESS: "serverless" + args: [*task-runner, setup-test] - command: subprocess.exec type: test params: @@ -377,78 +376,26 @@ functions: type: test params: binary: "bash" - args: [*task-runner, run-docker, --, test-short] + env: + TASKFILE_TARGET: test-short + args: [*task-runner, run-docker] - command: subprocess.exec type: test params: binary: "bash" env: TOPOLOGY: sharded_cluster - args: [*task-runner, run-docker, --, test-short] - - run-valid-ocsp-server: - - command: shell.exec - params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \ - -p 8100 -v - - run-revoked-ocsp-server: - - command: shell.exec - params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \ - -p 8100 \ - -v \ - --fault revoked - - run-valid-delegate-ocsp-server: - - command: shell.exec - params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh + TASKFILE_TARGET: test-short + args: [*task-runner, run-docker] - python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \ - -p 8100 -v - - run-revoked-delegate-ocsp-server: - - command: shell.exec + run-ocsp-server: + - command: subprocess.exec params: - shell: "bash" + binary: bash background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \ - -p 8100 \ - -v \ - --fault revoked + include_expansions_in_env: [SERVER_TYPE, OCSP_ALGORITHM] + args: + - ${DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh run-load-balancer: - command: subprocess.exec @@ -486,14 +433,18 @@ functions: type: test params: binary: "bash" - args: [*task-runner, evg-test-aws, --, regular] + env: + AWS_TEST: regular + args: [*task-runner, evg-test-aws] run-aws-auth-test-with-assume-role-credentials: - command: subprocess.exec type: test params: binary: "bash" - args: [*task-runner, evg-test-aws, --, assume-role] + env: + AWS_TEST: assume-role + args: [*task-runner, evg-test-aws] run-aws-auth-test-with-aws-EC2-credentials: - command: subprocess.exec @@ -501,28 +452,33 @@ functions: params: binary: bash include_expansions_in_env: [SKIP_EC2_AUTH_TEST] - args: [*task-runner, evg-test-aws, --, ec2] + env: + AWS_TEST: ec2 + args: [*task-runner, evg-test-aws] run-aws-auth-test-with-aws-credentials-as-environment-variables: - command: subprocess.exec type: test params: binary: "bash" - args: [*task-runner, evg-test-aws, --, env-creds] + env: + AWS_TEST: env-creds + args: [*task-runner, evg-test-aws] run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables: - command: subprocess.exec type: test params: binary: "bash" - args: [*task-runner, evg-test-aws, --, session-creds] + env: + AWS_TEST: session-creds + args: [*task-runner, evg-test-aws] run-aws-ECS-auth-test: - command: subprocess.exec type: test params: binary: "bash" - working_dir: src include_expansions_in_env: [SKIP_ECS_AUTH_TEST] args: [*task-runner, evg-test-aws-ecs] @@ -532,15 +488,18 @@ functions: params: binary: bash include_expansions_in_env: [SKIP_WEB_IDENTITY_AUTH_TEST] - args: [*task-runner, evg-test-aws, --, web-identity] + env: + AWS_TEST: web-identity + args: [*task-runner, evg-test-aws] - command: subprocess.exec type: test params: binary: bash env: AWS_ROLE_SESSION_NAME: test + AWS_TEST: web-identity include_expansions_in_env: [SKIP_WEB_IDENTITY_AUTH_TEST] - args: [*task-runner, evg-test-aws, --, web-identity] + args: [*task-runner, evg-test-aws] start-cse-servers: - command: ec2.assume_role @@ -552,14 +511,12 @@ functions: binary: bash background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] - args: - - etc/setup-encryption.sh + # This cannot use task because it will hang on Windows. + args: [etc/setup-encryption.sh] - command: subprocess.exec params: - working_dir: src/go.mongodb.org/mongo-driver binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/csfle/await-servers.sh + args: ["${DRIVERS_TOOLS}/.evergreen/csfle/await-servers.sh"] run-kms-tls-test: - command: subprocess.exec @@ -614,9 +571,10 @@ tasks: - name: static-analysis tags: ["static-analysis"] commands: - - func: run-task - vars: - targets: "check-fmt check-license check-modules lint" + - command: subprocess.exec + params: + binary: bash + args: [*task-runner, check-fmt, check-license, check-modules, lint] - name: pull-request-helpers allowed_requesters: ["patch", "github_pr"] @@ -641,9 +599,10 @@ tasks: AUTH: "noauth" SSL: "nossl" SKIP_LEGACY_SHELL: "true" - - func: run-task - vars: - targets: driver-benchmark + - command: subprocess.exec + params: + binary: bash + args: [*task-runner, driver-benchmark] - func: send-perf-data - name: test-standalone-noauth-nossl @@ -790,9 +749,10 @@ tasks: - name: test-ocsp-rsa-valid-cert-server-staples tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] commands: - - func: run-valid-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: valid - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" @@ -804,9 +764,10 @@ tasks: - name: test-ocsp-rsa-invalid-cert-server-staples tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] commands: - - func: run-revoked-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: revoked - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" @@ -818,9 +779,10 @@ tasks: - name: test-ocsp-rsa-valid-cert-server-does-not-staple tags: ["ocsp", "ocsp-rsa"] commands: - - func: run-valid-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: valid - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" @@ -832,9 +794,10 @@ tasks: - name: test-ocsp-rsa-invalid-cert-server-does-not-staple tags: ["ocsp", "ocsp-rsa"] commands: - - func: run-revoked-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: revoked - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" @@ -857,9 +820,10 @@ tasks: - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple tags: ["ocsp", "ocsp-rsa"] commands: - - func: run-revoked-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: revoked - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" @@ -882,9 +846,10 @@ tasks: - name: test-ocsp-rsa-delegate-valid-cert-server-staples tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] commands: - - func: run-valid-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: valid-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" @@ -896,9 +861,10 @@ tasks: - name: test-ocsp-rsa-delegate-invalid-cert-server-staples tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] commands: - - func: run-revoked-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: revoked-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" @@ -910,9 +876,10 @@ tasks: - name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple tags: ["ocsp", "ocsp-rsa"] commands: - - func: run-valid-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: valid-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" @@ -924,9 +891,10 @@ tasks: - name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple tags: ["ocsp", "ocsp-rsa"] commands: - - func: run-revoked-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: revoked-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" @@ -938,9 +906,10 @@ tasks: - name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple tags: ["ocsp", "ocsp-rsa"] commands: - - func: run-revoked-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "rsa" + SERVER_TYPE: revoked-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" @@ -952,9 +921,10 @@ tasks: - name: test-ocsp-ecdsa-valid-cert-server-staples tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] commands: - - func: run-valid-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: valid - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" @@ -966,9 +936,10 @@ tasks: - name: test-ocsp-ecdsa-invalid-cert-server-staples tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] commands: - - func: run-revoked-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: revoked - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" @@ -980,9 +951,10 @@ tasks: - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple tags: ["ocsp", "ocsp-ecdsa"] commands: - - func: run-valid-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: valid - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" @@ -994,9 +966,10 @@ tasks: - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple tags: ["ocsp", "ocsp-ecdsa"] commands: - - func: run-revoked-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: revoked - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" @@ -1019,9 +992,10 @@ tasks: - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple tags: ["ocsp", "ocsp-ecdsa"] commands: - - func: run-revoked-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: revoked - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" @@ -1044,9 +1018,10 @@ tasks: - name: test-ocsp-ecdsa-delegate-valid-cert-server-staples tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] commands: - - func: run-valid-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: valid-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" @@ -1058,9 +1033,10 @@ tasks: - name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] commands: - - func: run-revoked-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: revoked-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" @@ -1072,9 +1048,10 @@ tasks: - name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple tags: ["ocsp", "ocsp-ecdsa"] commands: - - func: run-valid-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: valid-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" @@ -1086,9 +1063,10 @@ tasks: - name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple tags: ["ocsp", "ocsp-ecdsa"] commands: - - func: run-revoked-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: revoked-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" @@ -1100,9 +1078,10 @@ tasks: - name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple tags: ["ocsp", "ocsp-ecdsa"] commands: - - func: run-revoked-delegate-ocsp-server + - func: run-ocsp-server vars: OCSP_ALGORITHM: "ecdsa" + SERVER_TYPE: revoked-delegate - func: ocsp-bootstrap-mongo-orchestration vars: ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" @@ -1387,18 +1366,22 @@ tasks: - name: go1.18-build tags: ["compile-check"] commands: - - func: run-task - vars: - targets: "build-compile-check" - BUILD_ENV: "PATH=/opt/golang/go1.18/bin:$PATH GOROOT=/opt/golang/go1.18" + - command: subprocess.exec + params: + binary: bash + env: + GOROOT: /opt/golang/go1.18 + add_to_path: [/opt/golang/go1.18/bin] + args: [*task-runner, build-compile-check] # Build with the same Go version that we're using for tests. - name: build tags: ["compile-check"] commands: - - func: run-task - vars: - targets: "build" + - command: subprocess.exec + params: + binary: bash + args: [*task-runner, build] - name: "atlas-test" commands: @@ -1510,51 +1493,23 @@ tasks: - name: "testgcpkms-task" commands: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - GO_BUILD_TAGS="cse" ${RUN_TASK} setup-test - ${RUN_TASK} build-kms-test - source ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/secrets-export.sh - echo "Copying files ... begin" - tar czf testgcpkms.tgz ./testkms ./install/libmongocrypt/lib64/libmongocrypt.* - GCPKMS_SRC=testgcpkms.tgz GCPKMS_DST=$GCPKMS_INSTANCENAME: ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/copy-file.sh - echo "Copying files ... end" - - echo "Untarring file ... begin" - GCPKMS_CMD="tar xf testgcpkms.tgz" ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh - echo "Untarring file ... end" - - - command: shell.exec + - command: subprocess.exec type: test params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - source ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/secrets-export.sh - GCPKMS_CMD="LD_LIBRARY_PATH=./install/libmongocrypt/lib64 MONGODB_URI='mongodb://localhost:27017' PROVIDER='gcp' ./testkms" ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh + binary: bash + args: [*task-runner, test-gcpkms] - name: "testgcpkms-fail-task" # testgcpkms-fail-task runs in a non-GCE environment. # It is expected to fail to obtain GCE credentials. commands: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - GO_BUILD_TAGS="cse" ${RUN_TASK} setup-test - ${RUN_TASK} build-kms-test - - LD_LIBRARY_PATH=./install/libmongocrypt/lib64 \ - MONGODB_URI='mongodb://localhost:27017/' \ - EXPECT_ERROR='unable to retrieve GCP credentials' \ - PROVIDER='gcp' \ - ./testkms + - command: subprocess.exec + type: test + params: + binary: bash + env: + EXPECT_ERROR: "1" + args: [*task-runner, test-gcpkms] - name: "testawskms-task" commands: @@ -1578,50 +1533,23 @@ tasks: - name: "testazurekms-task" commands: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - GO_BUILD_TAGS="cse" ${RUN_TASK} setup-test - ${RUN_TASK} build-kms-test - echo "Copying files ... begin" - source ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/secrets-export.sh - tar czf testazurekms.tgz ./testkms ./install/libmongocrypt/lib64/libmongocrypt.* - AZUREKMS_SRC=testazurekms.tgz AZUREKMS_DST=/tmp ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/copy-file.sh - echo "Copying files ... end" - echo "Untarring file ... begin" - AZUREKMS_CMD="tar xf /tmp/testazurekms.tgz" ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh - echo "Untarring file ... end" - - - command: shell.exec + - command: subprocess.exec type: test params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - source ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/secrets-export.sh - AZUREKMS_CMD="LD_LIBRARY_PATH=./install/libmongocrypt/lib64 MONGODB_URI='mongodb://localhost:27017' PROVIDER='azure' AZUREKMS_KEY_NAME=$AZUREKMS_KEYNAME AZUREKMS_KEY_VAULT_ENDPOINT=$AZUREKMS_KEYVAULTENDPOINT ./testkms" ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh + binary: bash + args: [*task-runner, test-azurekms] - name: "testazurekms-fail-task" # testazurekms-fail-task runs without environment variables. # It is expected to fail to obtain credentials. commands: - - command: shell.exec + - command: subprocess.exec type: test params: - shell: "bash" - working_dir: src/go.mongodb.org/mongo-driver - script: | - GO_BUILD_TAGS="cse" ${RUN_TASK} setup-test - ${RUN_TASK} build-kms-test - . ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup-secrets.sh - LD_LIBRARY_PATH=./install/libmongocrypt/lib64 \ - MONGODB_URI='mongodb://localhost:27017' \ - EXPECT_ERROR='unable to retrieve azure credentials' \ - PROVIDER='azure' AZUREKMS_KEY_NAME=$AZUREKMS_KEYNAME AZUREKMS_KEY_VAULT_ENDPOINT=$AZUREKMS_KEYVAULTENDPOINT \ - ./testkms + binary: bash + env: + EXPECT_ERROR: "1" + args: [*task-runner, test-azurekms] - name: "test-fuzz" commands: @@ -1651,55 +1579,23 @@ tasks: - name: "oidc-auth-test-azure" commands: - - command: shell.exec + - command: subprocess.exec type: test params: - working_dir: src/go.mongodb.org/mongo-driver - shell: bash - script: |- - set -o errexit - source env.sh - export AZUREOIDC_DRIVERS_TAR_FILE=/tmp/mongo-go-driver.tar.gz - # we need to statically link libc to avoid the situation where the VM has a different - # version of libc - go build -tags osusergo,netgo -ldflags '-w -extldflags "-static -lgcc -lc"' -o test ./internal/cmd/testoidcauth/main.go - rm "$AZUREOIDC_DRIVERS_TAR_FILE" || true - tar -cf $AZUREOIDC_DRIVERS_TAR_FILE ./test - tar -uf $AZUREOIDC_DRIVERS_TAR_FILE ./etc - rm "$AZUREOIDC_DRIVERS_TAR_FILE".gz || true - gzip $AZUREOIDC_DRIVERS_TAR_FILE - export AZUREOIDC_DRIVERS_TAR_FILE=/tmp/mongo-go-driver.tar.gz - # Define the command to run on the azure VM. - # Ensure that we source the environment file created for us, set up any other variables we need, - # and then run our test suite on the vm. - export AZUREOIDC_TEST_CMD="PROJECT_DIRECTORY='.' OIDC_ENV=azure OIDC=oidc ./etc/run-oidc-test.sh ./test" - bash ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/run-driver-test.sh + binary: bash + env: + OIDC_ENV: azure + args: [*task-runner, test-oidc-remote] - name: "oidc-auth-test-gcp" commands: - - command: shell.exec + - command: subprocess.exec type: test params: - working_dir: src/go.mongodb.org/mongo-driver - shell: bash - script: |- - set -o errexit - source env.sh - export GCPOIDC_DRIVERS_TAR_FILE=/tmp/mongo-go-driver.tar.gz - # we need to statically link libc to avoid the situation where the VM has a different - # version of libc - go build -tags osusergo,netgo -ldflags '-w -extldflags "-static -lgcc -lc"' -o test ./internal/cmd/testoidcauth/main.go - rm "$GCPOIDC_DRIVERS_TAR_FILE" || true - tar -cf $GCPOIDC_DRIVERS_TAR_FILE ./test - tar -uf $GCPOIDC_DRIVERS_TAR_FILE ./etc - rm "$GCPOIDC_DRIVERS_TAR_FILE".gz || true - gzip $GCPOIDC_DRIVERS_TAR_FILE - export GCPOIDC_DRIVERS_TAR_FILE=/tmp/mongo-go-driver.tar.gz - # Define the command to run on the gcp VM. - # Ensure that we source the environment file created for us, set up any other variables we need, - # and then run our test suite on the vm. - export GCPOIDC_TEST_CMD="PROJECT_DIRECTORY='.' OIDC_ENV=gcp OIDC=oidc ./etc/run-oidc-test.sh ./test" - bash ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/run-driver-test.sh + binary: bash + env: + OIDC_ENV: gcp + args: [*task-runner, test-oidc-remote] - name: "test-search-index" commands: @@ -1766,6 +1662,7 @@ axes: GCC_PATH: "/cygdrive/c/ProgramData/chocolatey/lib/mingw/tools/install/mingw64/bin" GO_DIST: "C:\\golang\\go1.22" VENV_BIN_DIR: "Scripts" + DEFAULT_TASK: evg-test # CSOT tests are unreliable on our slow Windows hosts. SKIP_CSOT_TESTS: true - id: "rhel87-64" @@ -1773,12 +1670,14 @@ axes: run_on: rhel8.7-large variables: GO_DIST: "/opt/golang/go1.22" + DEFAULT_TASK: evg-test - id: "macos" display_name: "MacOS 14.0" run_on: macos-14 batchtime: 1440 # Run at most once per 24 hours. variables: GO_DIST: "/opt/golang/go1.22" + DEFAULT_TASK: evg-test-load-balancers # CSOT tests are unreliable on our slow macOS hosts. SKIP_CSOT_TESTS: true @@ -1794,6 +1693,7 @@ axes: GCC_PATH: "/cygdrive/c/ProgramData/chocolatey/lib/mingw/tools/install/mingw64/bin" GO_DIST: "C:\\golang\\go1.22" VENV_BIN_DIR: "Scripts" + DEFAULT_TASK: evg-test # CSOT tests are unreliable on our slow Windows hosts. SKIP_CSOT_TESTS: true - id: "rhel87-64" @@ -1801,12 +1701,14 @@ axes: run_on: rhel8.7-large variables: GO_DIST: "/opt/golang/go1.22" + DEFAULT_TASK: evg-test - id: "macos" display_name: "MacOS 14.0" run_on: macos-14 batchtime: 1440 # Run at most once per 24 hours. variables: GO_DIST: "/opt/golang/go1.22" + DEFAULT_TASK: evg-test-load-balancers # CSOT tests are unreliable on our slow macOS hosts. SKIP_CSOT_TESTS: true @@ -1818,6 +1720,7 @@ axes: run_on: rhel8.7-large variables: GO_DIST: "/opt/golang/go1.22" + DEFAULT_TASK: evg-test - id: os-aws-auth display_name: OS @@ -1830,6 +1733,7 @@ axes: GCC_PATH: "/cygdrive/c/ProgramData/chocolatey/lib/mingw/tools/install/mingw64/bin" GO_DIST: "C:\\golang\\go1.22" SKIP_ECS_AUTH_TEST: true + DEFAULT_TASK: evg-test # CSOT tests are unreliable on our slow Windows hosts. SKIP_CSOT_TESTS: true - id: "ubuntu2004-64" @@ -1837,6 +1741,7 @@ axes: run_on: ubuntu2004-test variables: GO_DIST: "/opt/golang/go1.22" + DEFAULT_TASK: evg-test - id: "macos" display_name: "MacOS 14.0" run_on: macos-14 @@ -1846,6 +1751,7 @@ axes: SKIP_ECS_AUTH_TEST: true SKIP_EC2_AUTH_TEST: true SKIP_WEB_IDENTITY_AUTH_TEST: true + DEFAULT_TASK: evg-test-load-balancers # CSOT tests are unreliable on our slow macOS hosts. SKIP_CSOT_TESTS: true diff --git a/.evergreen/setup-system.sh b/.evergreen/setup-system.sh index 4343b5190d..542060fee4 100755 --- a/.evergreen/setup-system.sh +++ b/.evergreen/setup-system.sh @@ -6,6 +6,7 @@ set -eu # Set up default environment variables. SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) PROJECT_DIRECTORY=$(dirname $SCRIPT_DIR) +pushd $PROJECT_DIRECTORY ROOT_DIR=$(dirname $PROJECT_DIRECTORY) DRIVERS_TOOLS=${DRIVERS_TOOLS:-${ROOT_DIR}/drivers-evergreen-tools} MONGO_ORCHESTRATION_HOME="${DRIVERS_TOOLS}/.evergreen/orchestration" @@ -90,3 +91,4 @@ RUN_TASK: "$PROJECT_DIRECTORY/.evergreen/run-task.sh" EOT cat env.sh +popd diff --git a/Taskfile.yml b/Taskfile.yml index ef9700bd67..9d00315305 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -55,7 +55,7 @@ tasks: status: - test -d install || test -d /cygdrive/c/libmongocrypt/bin - run-docker: bash etc/run_docker.sh {{.CLI_ARGS}} + run-docker: bash etc/run_docker.sh run-fuzz: bash etc/run-fuzz.sh @@ -91,11 +91,17 @@ tasks: test-oidc: bash etc/run-oidc-test.sh 'task --silent evg-test-oidc-auth' + test-oidc-remote: bash etc/run-oidc-remote-test.sh + test-atlas-connect: - go test -v -run ^TestAtlas$ go.mongodb.org/mongo-driver/v2/internal/cmd/testatlas -args "$ATLAS_REPL" "$ATLAS_SHRD" "$ATLAS_FREE" "$ATLAS_TLS11" "$ATLAS_TLS12" "$ATLAS_SERVERLESS" "$ATLAS_SRV_REPL" "$ATLAS_SRV_SHRD" "$ATLAS_SRV_FREE" "$ATLAS_SRV_TLS11" "$ATLAS_SRV_TLS12" "$ATLAS_SRV_SERVERLESS" >> test.suite test-awskms: bash etc/run-awskms-test.sh + test-azurekms: bash etc/run-azurekms-test.sh + + test-gcpkms: bash etc/run-gcpkms-test.sh + ### Local FaaS tasks. ### build-faas-awslambda: requires: @@ -104,7 +110,9 @@ tasks: - make -c internal/cmd/faas/awslambda ### Evergreen specific tasks. ### - setup-test: bash etc/setup-test.sh {{.CLI_ARGS}} + setup-test: bash etc/setup-test.sh + + setup-encryption: bash etc/setup-encryption.sh evg-test: - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=$MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s -p 1 ./... >> test.suite @@ -177,12 +185,14 @@ tasks: - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration >> test.suite - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration/unified >> test.suite - evg-test-aws: bash etc/run-mongodb-aws-test.sh {{.CLI_ARGS}} + evg-test-aws: bash etc/run-mongodb-aws-test.sh evg-test-aws-ecs: bash etc/run-mongodb-aws-ecs-test.sh evg-test-deployed-lambda-aws: bash ${DRIVERS_TOOLS}/.evergreen/aws_lambda/run-deployed-lambda-aws-tests.sh + evg-gather-test-suites: find . -name \*.suite | xargs tar czf test_suite.tgz + build-kms-test: go build ${BUILD_TAGS} ./internal/cmd/testkms ### Benchmark specific tasks and support. ### diff --git a/etc/run-azurekms-test.sh b/etc/run-azurekms-test.sh new file mode 100755 index 0000000000..6ad6fd76a9 --- /dev/null +++ b/etc/run-azurekms-test.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +# run-gcpkms-test +# Runs gcpkms tests. +set -eu + +GO_BUILD_TAGS="cse" task setup-test +task build-kms-test + +if [ -n "${EXPECT_ERROR:-}" ]; then + . ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup-secrets.sh + LD_LIBRARY_PATH=./install/libmongocrypt/lib64 \ + MONGODB_URI='mongodb://localhost:27017' \ + EXPECT_ERROR='unable to retrieve azure credentials' \ + PROVIDER='azure' AZUREKMS_KEY_NAME=$AZUREKMS_KEYNAME AZUREKMS_KEY_VAULT_ENDPOINT=$AZUREKMS_KEYVAULTENDPOINT \ + ./testkms + exit 0 +fi + +echo "Copying files ... begin" +source ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/secrets-export.sh +tar czf testazurekms.tgz ./testkms ./install/libmongocrypt/lib64/libmongocrypt.* +AZUREKMS_SRC=testazurekms.tgz AZUREKMS_DST=/tmp ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/copy-file.sh +echo "Copying files ... end" +echo "Untarring file ... begin" +AZUREKMS_CMD="tar xf /tmp/testazurekms.tgz" ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh +echo "Untarring file ... end" + +AZUREKMS_CMD="LD_LIBRARY_PATH=./install/libmongocrypt/lib64 MONGODB_URI='mongodb://localhost:27017' PROVIDER='azure' AZUREKMS_KEY_NAME=$AZUREKMS_KEYNAME AZUREKMS_KEY_VAULT_ENDPOINT=$AZUREKMS_KEYVAULTENDPOINT ./testkms" ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh diff --git a/etc/run-gcpkms-test.sh b/etc/run-gcpkms-test.sh new file mode 100755 index 0000000000..2c3be54c37 --- /dev/null +++ b/etc/run-gcpkms-test.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +# run-gcpkms-test +# Runs gcpkms tests. +set -eu + +GO_BUILD_TAGS="cse" task setup-test +task build-kms-test + +if [ -n "${EXPECT_ERROR:-}" ]; then + LD_LIBRARY_PATH=./install/libmongocrypt/lib64 \ + MONGODB_URI='mongodb://localhost:27017/' \ + EXPECT_ERROR='unable to retrieve GCP credentials' \ + PROVIDER='gcp' \ + ./testkms + exit 0 +fi + +source ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/secrets-export.sh +echo "Copying files ... begin" +tar czf testgcpkms.tgz ./testkms ./install/libmongocrypt/lib64/libmongocrypt.* +GCPKMS_SRC=testgcpkms.tgz GCPKMS_DST=$GCPKMS_INSTANCENAME: ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/copy-file.sh +echo "Copying files ... end" + +echo "Untarring file ... begin" +GCPKMS_CMD="tar xf testgcpkms.tgz" ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh +echo "Untarring file ... end" + +GCPKMS_CMD="LD_LIBRARY_PATH=./install/libmongocrypt/lib64 MONGODB_URI='mongodb://localhost:27017' PROVIDER='gcp' ./testkms" ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh diff --git a/etc/run-mongodb-aws-test.sh b/etc/run-mongodb-aws-test.sh index 4a74b3c027..6438b5810b 100755 --- a/etc/run-mongodb-aws-test.sh +++ b/etc/run-mongodb-aws-test.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -o errexit # Exit the script with error if any of the commands fail +set -eu ############################################ # Main Program # @@ -13,18 +13,18 @@ set -o errexit # Exit the script with error if any of the commands fail echo "Running MONGODB-AWS authentication tests" -if [ "$1" == "ec2" ] && [ "${SKIP_EC2_AUTH_TEST:-}" == "true" ]; then +if [ "$AWS_TEST" == "ec2" ] && [ "${SKIP_EC2_AUTH_TEST:-}" == "true" ]; then echo "This platform does not support the EC2 auth test, skipping..." exit 0 fi -if [ "$1" == "web-identity" ] && [ "${SKIP_WEB_IDENTITY_AUTH_TEST:-}" == "true" ]; then +if [ "$AWS_TEST" == "web-identity" ] && [ "${SKIP_WEB_IDENTITY_AUTH_TEST:-}" == "true" ]; then echo "This platform does not support the web identity auth test, skipping..." exit 0 fi # Handle credentials and environment setup. -. $DRIVERS_TOOLS/.evergreen/auth_aws/aws_setup.sh $1 +. $DRIVERS_TOOLS/.evergreen/auth_aws/aws_setup.sh $AWS_TEST # show test output set -x diff --git a/etc/run-oidc-remote-test.sh b/etc/run-oidc-remote-test.sh new file mode 100755 index 0000000000..ee958c22fc --- /dev/null +++ b/etc/run-oidc-remote-test.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# run-oidc-test +# Runs oidc auth tests. +set -eu + +echo "Running remote MONGODB-OIDC authentication tests on $OIDC_ENV" + +DRIVERS_TAR_FILE=/tmp/mongo-go-driver.tar.gz +# we need to statically link libc to avoid the situation where the VM has a different +# version of libc +go build -tags osusergo,netgo -ldflags '-w -extldflags "-static -lgcc -lc"' -o test ./internal/cmd/testoidcauth/main.go +rm "$DRIVERS_TAR_FILE" || true +tar -cf $DRIVERS_TAR_FILE ./test +tar -uf $DRIVERS_TAR_FILE ./etc +rm "$DRIVERS_TAR_FILE".gz || true +gzip $DRIVERS_TAR_FILE + +if [ $OIDC_ENV == "azure" ]; then + export AZUREOIDC_DRIVERS_TAR_FILE=$DRIVERS_TAR_FILE + # Define the command to run on the azure VM. + # Ensure that we source the environment file created for us, set up any other variables we need, + # and then run our test suite on the vm. + export AZUREOIDC_TEST_CMD="PROJECT_DIRECTORY='.' OIDC_ENV=azure OIDC=oidc ./etc/run-oidc-test.sh ./test" + bash ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/run-driver-test.sh + +elif [ $OIDC_ENV == "gcp" ]; then + export GCPOIDC_DRIVERS_TAR_FILE=$DRIVERS_TAR_FILE + # Define the command to run on the gcp VM. + # Ensure that we source the environment file created for us, set up any other variables we need, + # and then run our test suite on the vm. + export GCPOIDC_TEST_CMD="PROJECT_DIRECTORY='.' OIDC_ENV=gcp OIDC=oidc ./etc/run-oidc-test.sh ./test" + bash ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/run-driver-test.sh + +else + echo "Unrecognized OIDC_ENV $OIDC_ENV" + exit 1 +fi diff --git a/etc/run_docker.sh b/etc/run_docker.sh index 175fe1239d..5624d9f983 100755 --- a/etc/run_docker.sh +++ b/etc/run_docker.sh @@ -11,7 +11,8 @@ PLATFORM=${DOCKER_PLATFORM:-} docker build $PLATFORM -t go-test . # Handle environment variables and optional positional arg for the taskfile target. -TASKFILE_TARGET=${1:-evg-test-versioned-api} +TASKFILE_TARGET=${TASKFILE_TARGET:-$1} +TASKFILE_TARGET=${TASKFILE_TARGET:-evg-test-versioned-api} GO_BUILD_TAGS=${GO_BUILD_TAGS:-""} ARGS=" -e TASKFILE_TARGET=$TASKFILE_TARGET" diff --git a/etc/setup-test.sh b/etc/setup-test.sh index b90d420613..8f31e301a4 100755 --- a/etc/setup-test.sh +++ b/etc/setup-test.sh @@ -7,53 +7,63 @@ OS=${OS:-""} SSL=${SSL:-nossl} GO_BUILD_TAGS=${GO_BUILD_TAGS:-} RACE=${RACE:-} +SERVERLESS=${SERVERLESS:-} +LOAD_BALANCER=${LOAD_BALANCER:-} +MONGODB_URI=${MONGODB_URI:-} # Handle special cases first. -case ${1:-} in - enterprise-plain) - . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth - MONGODB_URI="mongodb://${SASL_USER}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/ldap?authMechanism=PLAIN" - rm secrets-export.sh - AUTH="auth" - ;; - enterprise-gssapi) - . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth - if [ "Windows_NT" = "${OS:-}" ]; then - MONGODB_URI="mongodb://${PRINCIPAL/@/%40}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI" - else - echo ${KEYTAB_BASE64} | base64 -d > ${PROJECT_DIRECTORY}/.evergreen/drivers.keytab - mkdir -p ~/.krb5 - cat .evergreen/krb5.config | tee -a ~/.krb5/config - kinit -k -t .evergreen/drivers.keytab -p "${PRINCIPAL}" - MONGODB_URI="mongodb://${PRINCIPAL/@/%40}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI" - fi - rm secrets-export.sh - AUTH="auth" - ;; - serverless) - . $DRIVERS_TOOLS/.evergreen/serverless/secrets-export.sh - MONGODB_URI="${SERVERLESS_URI}" - SERVERLESS="serverless" - AUTH="auth" - ;; - atlas-connect) - . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect - ;; - load-balancer) - # Verify that the required LB URI expansions are set to ensure that the test runner can correctly connect to - # the LBs. - if [ -z "${SINGLE_MONGOS_LB_URI}" ]; then - echo "SINGLE_MONGOS_LB_URI must be set for testing against LBs" - exit 1 - fi - if [ -z "${MULTI_MONGOS_LB_URI}" ]; then - echo "MULTI_MONGOS_LB_URI must be set for testing against LBs" - exit 1 - fi - MONGODB_URI="${SINGLE_MONGOS_LB_URI}" - LOAD_BALANCER="true" - ;; -esac +if [ -n "${TEST_ENTERPRISE_AUTH:-}" ]; then + . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth + AUTH="auth" + case $TEST_ENTERPRISE_AUTH in + plain) + MONGODB_URI="mongodb://${SASL_USER}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/ldap?authMechanism=PLAIN" + ;; + gssapi) + if [ "Windows_NT" = "${OS:-}" ]; then + MONGODB_URI="mongodb://${PRINCIPAL/@/%40}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI" + else + echo ${KEYTAB_BASE64} | base64 -d > ${PROJECT_DIRECTORY}/.evergreen/drivers.keytab + mkdir -p ~/.krb5 + cat .evergreen/krb5.config | tee -a ~/.krb5/config + kinit -k -t .evergreen/drivers.keytab -p "${PRINCIPAL}" + MONGODB_URI="mongodb://${PRINCIPAL/@/%40}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI" + fi + ;; + esac + rm secrets-export.sh +fi + +if [ -n "${SERVERLESS}" ]; then + . $DRIVERS_TOOLS/.evergreen/serverless/secrets-export.sh + MONGODB_URI="${SERVERLESS_URI}" + AUTH="auth" +fi + +if [ -n "${TEST_ATLAS_CONNECT:-}" ]; then + . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect +fi + +if [ -n "${LOAD_BALANCER}" ]; then + # Verify that the required LB URI expansions are set to ensure that the test runner can correctly connect to + # the LBs. + if [ -z "${SINGLE_MONGOS_LB_URI}" ]; then + echo "SINGLE_MONGOS_LB_URI must be set for testing against LBs" + exit 1 + fi + if [ -z "${MULTI_MONGOS_LB_URI}" ]; then + echo "MULTI_MONGOS_LB_URI must be set for testing against LBs" + exit 1 + fi + MONGODB_URI="${SINGLE_MONGOS_LB_URI}" +fi + +if [ -n "${OCSP_ALGORITHM:-}" ]; then + MONGO_GO_DRIVER_CA_FILE="${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem" + if [ "Windows_NT" = "$OS" ]; then + MONGO_GO_DRIVER_CA_FILE=$(cygpath -m $MONGO_GO_DRIVER_CA_FILE) + fi +fi # Handle encryption. if [[ "${GO_BUILD_TAGS}" =~ cse ]]; then @@ -87,7 +97,7 @@ else fi # Handle certificates. -if [ "$SSL" != "nossl" ] && [ -z "${SERVERLESS+x}" ]; then +if [ "$SSL" != "nossl" ] && [ -z "${SERVERLESS}" ] && [ -z "${OCSP_ALGORITHM:-}" ]; then MONGO_GO_DRIVER_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem" MONGO_GO_DRIVER_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem" MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client-pkcs8-encrypted.pem" @@ -109,9 +119,9 @@ MONGO_GO_DRIVER_KEY_FILE="${MONGO_GO_DRIVER_KEY_FILE:-}" MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE="${MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE:-}" MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE="${MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE:-}" TOPOLOGY="${TOPOLOGY:-}" -SERVERLESS="${SERVERLESS:-}" +SERVERLESS="${SERVERLESS}" REQUIRE_API_VERSION="${REQUIRE_API_VERSION:-}" -LOAD_BALANCER="${LOAD_BALANCER:-}" +LOAD_BALANCER="${LOAD_BALANCER}" MONGO_GO_DRIVER_COMPRESSOR="${MONGO_GO_DRIVER_COMPRESSOR:-}" BUILD_TAGS="${BUILD_TAGS}" CRYPT_SHARED_LIB_PATH="${CRYPT_SHARED_LIB_PATH:-}" @@ -121,16 +131,16 @@ MACOS_LIBRARY_PATH="${DYLD_FALLBACK_LIBRARY_PATH:-}" SKIP_CSOT_TESTS=${SKIP_CSOT_TESTS:-} EOT -if [ -n "${MONGODB_URI:-}" ]; then +if [ -n "${MONGODB_URI}" ]; then echo "MONGODB_URI=\"${MONGODB_URI}\"" >> .test.env fi -if [ -n "${SERVERLESS:-}" ]; then +if [ -n "${SERVERLESS}" ]; then echo "SERVERLESS_ATLAS_USER=$SERVERLESS_ATLAS_USER" >> .test.env echo "SERVERLESS_ATLAS_PASSWORD=$SERVERLESS_ATLAS_PASSWORD" >> .test.env fi -if [ -n "${LOAD_BALANCER:-}" ];then +if [ -n "${LOAD_BALANCER}" ];then echo "SINGLE_MONGOS_LB_URI=${SINGLE_MONGOS_LB_URI}" >> .test.env echo "MULTI_MONGOS_LB_URI=${MULTI_MONGOS_LB_URI}" >> .test.env fi