GODRIVER-3367 Use subprocess.exec for remaining Evergreen functions

.evergreen/setup-system.sh

@@ -6,6 +6,7 @@ set -eu
 # Set up default environment variables.
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 PROJECT_DIRECTORY=$(dirname $SCRIPT_DIR)
+pushd $PROJECT_DIRECTORY
 ROOT_DIR=$(dirname $PROJECT_DIRECTORY)
 DRIVERS_TOOLS=${DRIVERS_TOOLS:-${ROOT_DIR}/drivers-evergreen-tools}
 MONGO_ORCHESTRATION_HOME="${DRIVERS_TOOLS}/.evergreen/orchestration"
@@ -90,3 +91,4 @@ RUN_TASK: "$PROJECT_DIRECTORY/.evergreen/run-task.sh"
 EOT
 
 cat env.sh
+popd

Taskfile.yml

@@ -55,7 +55,7 @@ tasks:
     status: 
       - test -d install || test -d /cygdrive/c/libmongocrypt/bin
 
-  run-docker: bash etc/run_docker.sh {{.CLI_ARGS}}
+  run-docker: bash etc/run_docker.sh
 
   run-fuzz: bash etc/run-fuzz.sh
 
@@ -91,11 +91,17 @@ tasks:
 
   test-oidc: bash etc/run-oidc-test.sh 'task --silent evg-test-oidc-auth'
 
+  test-oidc-remote: bash etc/run-oidc-remote-test.sh
+
   test-atlas-connect: 
     - go test -v -run ^TestAtlas$ go.mongodb.org/mongo-driver/v2/internal/cmd/testatlas -args "$ATLAS_REPL" "$ATLAS_SHRD" "$ATLAS_FREE" "$ATLAS_TLS11" "$ATLAS_TLS12" "$ATLAS_SERVERLESS" "$ATLAS_SRV_REPL" "$ATLAS_SRV_SHRD" "$ATLAS_SRV_FREE" "$ATLAS_SRV_TLS11" "$ATLAS_SRV_TLS12" "$ATLAS_SRV_SERVERLESS" >> test.suite
 
   test-awskms: bash etc/run-awskms-test.sh
 
+  test-azurekms: bash etc/run-azurekms-test.sh
+
+  test-gcpkms: bash etc/run-gcpkms-test.sh
+
   ### Local FaaS tasks. ###
   build-faas-awslambda:
     requires: 
@@ -104,7 +110,9 @@ tasks:
       - make -c internal/cmd/faas/awslambda
 
   ### Evergreen specific tasks. ###
-  setup-test: bash etc/setup-test.sh {{.CLI_ARGS}}
+  setup-test: bash etc/setup-test.sh
+
+  setup-encryption: bash etc/setup-encryption.sh
 
   evg-test:
     - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=$MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s -p 1 ./... >> test.suite
@@ -177,12 +185,14 @@ tasks:
     - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration >> test.suite
     - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration/unified >> test.suite
 
-  evg-test-aws: bash etc/run-mongodb-aws-test.sh {{.CLI_ARGS}}
+  evg-test-aws: bash etc/run-mongodb-aws-test.sh
 
   evg-test-aws-ecs: bash etc/run-mongodb-aws-ecs-test.sh
 
   evg-test-deployed-lambda-aws: bash ${DRIVERS_TOOLS}/.evergreen/aws_lambda/run-deployed-lambda-aws-tests.sh
 
+  evg-gather-test-suites: find . -name \*.suite | xargs tar czf test_suite.tgz
+
   build-kms-test: go build ${BUILD_TAGS} ./internal/cmd/testkms
 
   ### Benchmark specific tasks and support. ###

etc/run-azurekms-test.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# run-gcpkms-test
+# Runs gcpkms tests.
+set -eu
+
+GO_BUILD_TAGS="cse" task setup-test
+task build-kms-test
+
+if [ -n "${EXPECT_ERROR:-}" ]; then
+  . ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup-secrets.sh
+  LD_LIBRARY_PATH=./install/libmongocrypt/lib64 \
+  MONGODB_URI='mongodb://localhost:27017' \
+  EXPECT_ERROR='unable to retrieve azure credentials' \
+  PROVIDER='azure' AZUREKMS_KEY_NAME=$AZUREKMS_KEYNAME AZUREKMS_KEY_VAULT_ENDPOINT=$AZUREKMS_KEYVAULTENDPOINT \
+    ./testkms
+  exit 0
+fi
+
+echo "Copying files ... begin"
+source ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/secrets-export.sh
+tar czf testazurekms.tgz ./testkms ./install/libmongocrypt/lib64/libmongocrypt.*
+AZUREKMS_SRC=testazurekms.tgz AZUREKMS_DST=/tmp ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/copy-file.sh
+echo "Copying files ... end"
+echo "Untarring file ... begin"
+AZUREKMS_CMD="tar xf /tmp/testazurekms.tgz" ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh
+echo "Untarring file ... end"
+
+AZUREKMS_CMD="LD_LIBRARY_PATH=./install/libmongocrypt/lib64 MONGODB_URI='mongodb://localhost:27017' PROVIDER='azure' AZUREKMS_KEY_NAME=$AZUREKMS_KEYNAME AZUREKMS_KEY_VAULT_ENDPOINT=$AZUREKMS_KEYVAULTENDPOINT ./testkms" ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh

etc/run-gcpkms-test.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# run-gcpkms-test
+# Runs gcpkms tests.
+set -eu
+
+GO_BUILD_TAGS="cse" task setup-test
+task build-kms-test
+
+if [ -n "${EXPECT_ERROR:-}" ]; then
+  LD_LIBRARY_PATH=./install/libmongocrypt/lib64 \
+  MONGODB_URI='mongodb://localhost:27017/' \
+  EXPECT_ERROR='unable to retrieve GCP credentials' \
+  PROVIDER='gcp' \
+    ./testkms
+  exit 0
+fi
+
+source ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/secrets-export.sh
+echo "Copying files ... begin"
+tar czf testgcpkms.tgz ./testkms ./install/libmongocrypt/lib64/libmongocrypt.*
+GCPKMS_SRC=testgcpkms.tgz GCPKMS_DST=$GCPKMS_INSTANCENAME: ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/copy-file.sh
+echo "Copying files ... end"
+
+echo "Untarring file ... begin"
+GCPKMS_CMD="tar xf testgcpkms.tgz" ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh
+echo "Untarring file ... end"
+
+GCPKMS_CMD="LD_LIBRARY_PATH=./install/libmongocrypt/lib64 MONGODB_URI='mongodb://localhost:27017' PROVIDER='gcp' ./testkms" ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh

etc/run-mongodb-aws-test.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -o errexit  # Exit the script with error if any of the commands fail
+set -eu
 
 ############################################
 #            Main Program                  #
@@ -13,18 +13,18 @@ set -o errexit  # Exit the script with error if any of the commands fail
 
 echo "Running MONGODB-AWS authentication tests"
 
-if [ "$1" == "ec2" ] && [ "${SKIP_EC2_AUTH_TEST:-}" == "true" ]; then
+if [ "$AWS_TEST" == "ec2" ] && [ "${SKIP_EC2_AUTH_TEST:-}" == "true" ]; then
   echo "This platform does not support the EC2 auth test, skipping..."
   exit 0
 fi
 
-if [ "$1" == "web-identity" ] && [ "${SKIP_WEB_IDENTITY_AUTH_TEST:-}" == "true" ]; then
+if [ "$AWS_TEST" == "web-identity" ] && [ "${SKIP_WEB_IDENTITY_AUTH_TEST:-}" == "true" ]; then
   echo "This platform does not support the web identity auth test, skipping..."
   exit 0
 fi
 
 # Handle credentials and environment setup.
-. $DRIVERS_TOOLS/.evergreen/auth_aws/aws_setup.sh $1
+. $DRIVERS_TOOLS/.evergreen/auth_aws/aws_setup.sh $AWS_TEST
 
 # show test output
 set -x

etc/run-oidc-remote-test.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# run-oidc-test
+# Runs oidc auth tests.
+set -eu
+
+echo "Running remote MONGODB-OIDC authentication tests on $OIDC_ENV"
+
+DRIVERS_TAR_FILE=/tmp/mongo-go-driver.tar.gz
+# we need to statically link libc to avoid the situation where the VM has a different
+# version of libc
+go build -tags osusergo,netgo -ldflags '-w -extldflags "-static -lgcc -lc"' -o test ./internal/cmd/testoidcauth/main.go
+rm "$DRIVERS_TAR_FILE" || true
+tar -cf $DRIVERS_TAR_FILE ./test
+tar -uf $DRIVERS_TAR_FILE ./etc
+rm "$DRIVERS_TAR_FILE".gz || true
+gzip $DRIVERS_TAR_FILE
+
+if [ $OIDC_ENV == "azure" ]; then
+    export AZUREOIDC_DRIVERS_TAR_FILE=$DRIVERS_TAR_FILE
+    # Define the command to run on the azure VM.
+    # Ensure that we source the environment file created for us, set up any other variables we need,
+    # and then run our test suite on the vm.
+    export AZUREOIDC_TEST_CMD="PROJECT_DIRECTORY='.' OIDC_ENV=azure OIDC=oidc ./etc/run-oidc-test.sh ./test"
+    bash ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/run-driver-test.sh
+
+elif [ $OIDC_ENV == "gcp" ]; then
+    export GCPOIDC_DRIVERS_TAR_FILE=$DRIVERS_TAR_FILE
+    # Define the command to run on the gcp VM.
+    # Ensure that we source the environment file created for us, set up any other variables we need,
+    # and then run our test suite on the vm.
+    export GCPOIDC_TEST_CMD="PROJECT_DIRECTORY='.' OIDC_ENV=gcp OIDC=oidc ./etc/run-oidc-test.sh ./test"
+    bash ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/run-driver-test.sh
+
+else
+    echo "Unrecognized OIDC_ENV $OIDC_ENV"
+    exit 1
+fi

etc/run_docker.sh

@@ -11,7 +11,8 @@ PLATFORM=${DOCKER_PLATFORM:-}
 docker build $PLATFORM -t go-test .
 
 # Handle environment variables and optional positional arg for the taskfile target.
-TASKFILE_TARGET=${1:-evg-test-versioned-api}
+TASKFILE_TARGET=${TASKFILE_TARGET:-$1}
+TASKFILE_TARGET=${TASKFILE_TARGET:-evg-test-versioned-api}
 GO_BUILD_TAGS=${GO_BUILD_TAGS:-""}
 
 ARGS=" -e TASKFILE_TARGET=$TASKFILE_TARGET"

etc/setup-test.sh

@@ -7,53 +7,63 @@ OS=${OS:-""}
 SSL=${SSL:-nossl}
 GO_BUILD_TAGS=${GO_BUILD_TAGS:-}
 RACE=${RACE:-}
+SERVERLESS=${SERVERLESS:-}
+LOAD_BALANCER=${LOAD_BALANCER:-}
+MONGODB_URI=${MONGODB_URI:-}
 
 # Handle special cases first.
-case ${1:-} in
-    enterprise-plain)
-        . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth
-        MONGODB_URI="mongodb://${SASL_USER}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/ldap?authMechanism=PLAIN"
-        rm secrets-export.sh
-        AUTH="auth"
-        ;;
-    enterprise-gssapi)
-        . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth
-        if [ "Windows_NT" = "${OS:-}" ]; then
-            MONGODB_URI="mongodb://${PRINCIPAL/@/%40}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI"
-        else
-            echo ${KEYTAB_BASE64} | base64 -d > ${PROJECT_DIRECTORY}/.evergreen/drivers.keytab
-            mkdir -p ~/.krb5
-            cat .evergreen/krb5.config | tee -a ~/.krb5/config
-            kinit -k -t .evergreen/drivers.keytab -p "${PRINCIPAL}"
-            MONGODB_URI="mongodb://${PRINCIPAL/@/%40}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI"
-        fi
-        rm secrets-export.sh
-        AUTH="auth"
-        ;;
-    serverless)
-        . $DRIVERS_TOOLS/.evergreen/serverless/secrets-export.sh
-        MONGODB_URI="${SERVERLESS_URI}"
-        SERVERLESS="serverless"
-        AUTH="auth"
-        ;;
-    atlas-connect)
-        . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect
-        ;;
-    load-balancer)
-        # Verify that the required LB URI expansions are set to ensure that the test runner can correctly connect to
-        # the LBs.
-        if [ -z "${SINGLE_MONGOS_LB_URI}" ]; then
-            echo "SINGLE_MONGOS_LB_URI must be set for testing against LBs"
-            exit 1
-        fi
-        if [ -z "${MULTI_MONGOS_LB_URI}" ]; then
-            echo "MULTI_MONGOS_LB_URI must be set for testing against LBs"
-            exit 1
-        fi
-        MONGODB_URI="${SINGLE_MONGOS_LB_URI}"
-        LOAD_BALANCER="true"
-        ;;
-esac
+if [ -n "${TEST_ENTERPRISE_AUTH:-}" ]; then
+    . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth
+    AUTH="auth"
+    case $TEST_ENTERPRISE_AUTH in
+        plain)
+            MONGODB_URI="mongodb://${SASL_USER}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/ldap?authMechanism=PLAIN"
+            ;;
+        gssapi)
+            if [ "Windows_NT" = "${OS:-}" ]; then
+                MONGODB_URI="mongodb://${PRINCIPAL/@/%40}:${SASL_PASS}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI"
+            else
+                echo ${KEYTAB_BASE64} | base64 -d > ${PROJECT_DIRECTORY}/.evergreen/drivers.keytab
+                mkdir -p ~/.krb5
+                cat .evergreen/krb5.config | tee -a ~/.krb5/config
+                kinit -k -t .evergreen/drivers.keytab -p "${PRINCIPAL}"
+                MONGODB_URI="mongodb://${PRINCIPAL/@/%40}@${SASL_HOST}:${SASL_PORT}/kerberos?authMechanism=GSSAPI"
+            fi
+            ;;
+    esac
+    rm secrets-export.sh
+fi
+
+if [ -n "${SERVERLESS}" ]; then
+    . $DRIVERS_TOOLS/.evergreen/serverless/secrets-export.sh
+    MONGODB_URI="${SERVERLESS_URI}"
+    AUTH="auth"
+fi
+
+if [ -n "${TEST_ATLAS_CONNECT:-}" ]; then
+    . $DRIVERS_TOOLS/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect
+fi
+
+if [ -n "${LOAD_BALANCER}" ]; then
+    # Verify that the required LB URI expansions are set to ensure that the test runner can correctly connect to
+    # the LBs.
+    if [ -z "${SINGLE_MONGOS_LB_URI}" ]; then
+        echo "SINGLE_MONGOS_LB_URI must be set for testing against LBs"
+        exit 1
+    fi
+    if [ -z "${MULTI_MONGOS_LB_URI}" ]; then
+        echo "MULTI_MONGOS_LB_URI must be set for testing against LBs"
+        exit 1
+    fi
+    MONGODB_URI="${SINGLE_MONGOS_LB_URI}"
+fi
+
+if [ -n "${OCSP_ALGORITHM:-}" ]; then
+    MONGO_GO_DRIVER_CA_FILE="${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem"
+    if [ "Windows_NT" = "$OS" ]; then
+        MONGO_GO_DRIVER_CA_FILE=$(cygpath -m $MONGO_GO_DRIVER_CA_FILE)
+    fi
+fi
 
 # Handle encryption.
 if [[ "${GO_BUILD_TAGS}" =~ cse ]]; then
@@ -87,7 +97,7 @@ else
 fi
 
 # Handle certificates.
-if [ "$SSL" != "nossl" ] && [ -z "${SERVERLESS+x}" ]; then
+if [ "$SSL" != "nossl" ] && [ -z "${SERVERLESS}" ] && [ -z "${OCSP_ALGORITHM:-}" ]; then
     MONGO_GO_DRIVER_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem"
     MONGO_GO_DRIVER_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem"
     MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client-pkcs8-encrypted.pem"
@@ -109,9 +119,9 @@ MONGO_GO_DRIVER_KEY_FILE="${MONGO_GO_DRIVER_KEY_FILE:-}"
 MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE="${MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE:-}"
 MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE="${MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE:-}"
 TOPOLOGY="${TOPOLOGY:-}"
-SERVERLESS="${SERVERLESS:-}"
+SERVERLESS="${SERVERLESS}"
 REQUIRE_API_VERSION="${REQUIRE_API_VERSION:-}"
-LOAD_BALANCER="${LOAD_BALANCER:-}"
+LOAD_BALANCER="${LOAD_BALANCER}"
 MONGO_GO_DRIVER_COMPRESSOR="${MONGO_GO_DRIVER_COMPRESSOR:-}"
 BUILD_TAGS="${BUILD_TAGS}"
 CRYPT_SHARED_LIB_PATH="${CRYPT_SHARED_LIB_PATH:-}"
@@ -121,16 +131,16 @@ MACOS_LIBRARY_PATH="${DYLD_FALLBACK_LIBRARY_PATH:-}"
 SKIP_CSOT_TESTS=${SKIP_CSOT_TESTS:-}
 EOT
 
-if [ -n "${MONGODB_URI:-}" ]; then
+if [ -n "${MONGODB_URI}" ]; then
     echo "MONGODB_URI=\"${MONGODB_URI}\"" >> .test.env
 fi
 
-if [ -n "${SERVERLESS:-}" ]; then
+if [ -n "${SERVERLESS}" ]; then
     echo "SERVERLESS_ATLAS_USER=$SERVERLESS_ATLAS_USER" >> .test.env
     echo "SERVERLESS_ATLAS_PASSWORD=$SERVERLESS_ATLAS_PASSWORD" >> .test.env
 fi
 
-if [ -n "${LOAD_BALANCER:-}" ];then
+if [ -n "${LOAD_BALANCER}" ];then
     echo "SINGLE_MONGOS_LB_URI=${SINGLE_MONGOS_LB_URI}" >> .test.env
     echo "MULTI_MONGOS_LB_URI=${MULTI_MONGOS_LB_URI}" >> .test.env
 fi