diff --git a/.evergreen/config.yml b/.evergreen/config.yml index d77769d3da..0b64eb0fe8 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -26,6 +26,11 @@ timeout: args: [ls, -la] functions: + assume-test-secrets-ec2-role: + - command: ec2.assume_role + params: + role_arn: ${aws_test_secrets_role} + setup-system: # Executes clone and applies the submitted patch, if any - command: git.get_project @@ -109,9 +114,13 @@ functions: display_name: test_suite.tgz bootstrap-mongohoused: + - command: ec2.assume_role + params: + role_arn: ${aws_test_secrets_role} - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/atlas_data_lake/pull-mongohouse-image.sh - command: subprocess.exec @@ -376,20 +385,6 @@ functions: binary: bash args: [*task-runner, evg-test-load-balancers] - run-serverless-tests: - - command: subprocess.exec - type: test - params: - binary: "bash" - env: - SERVERLESS: "serverless" - args: [*task-runner, setup-test] - - command: subprocess.exec - type: test - params: - binary: "bash" - args: [*task-runner, evg-test-serverless] - run-atlas-data-lake-test: - command: subprocess.exec type: test @@ -1606,14 +1601,6 @@ tasks: - func: start-cse-servers - func: run-retry-kms-requests - - name: "test-serverless" - tags: ["serverless"] - commands: - - func: start-cse-servers - - func: "run-serverless-tests" - vars: - MONGO_GO_DRIVER_COMPRESSOR: "snappy" - - name: "testgcpkms-task" commands: - command: subprocess.exec @@ -1636,20 +1623,24 @@ tasks: - name: "testawskms-task" commands: + - func: assume-test-secrets-ec2-role - command: subprocess.exec type: test params: binary: "bash" + add_expansions_to_env: true args: [*task-runner, test-awskms] - name: "testawskms-fail-task" # testawskms-fail-task runs without environment variables. # It is expected to fail to obtain credentials. commands: + - func: assume-test-secrets-ec2-role - command: subprocess.exec type: test params: binary: "bash" + add_expansions_to_env: true env: EXPECT_ERROR: 'status=400' args: [*task-runner, test-awskms] @@ -1660,16 +1651,19 @@ tasks: type: test params: binary: bash + add_expansions_to_env: true args: [*task-runner, test-azurekms] - name: "testazurekms-fail-task" # testazurekms-fail-task runs without environment variables. # It is expected to fail to obtain credentials. commands: + - func: assume-test-secrets-ec2-role - command: subprocess.exec type: test params: binary: bash + add_expansions_to_env: true env: EXPECT_ERROR: "1" args: [*task-runner, test-azurekms] @@ -1681,10 +1675,6 @@ tasks: - name: "test-aws-lambda-deployed" commands: - - command: ec2.assume_role - params: - role_arn: ${LAMBDA_AWS_ROLE_ARN} - duration_seconds: 3600 - command: subprocess.exec type: test params: @@ -1896,49 +1886,17 @@ axes: variables: GO_DIST: "/opt/golang/go1.23" - - id: os-serverless - display_name: OS - values: - - id: "rhel87" - display_name: "RHEL 8.7" - run_on: rhel8.7-small - variables: - GO_DIST: "/opt/golang/go1.23" - task_groups: - - name: serverless_task_group - setup_group_can_fail_task: true - setup_group_timeout_secs: 1800 # 30 minutes - setup_group: - - func: setup-system - - command: subprocess.exec - params: - binary: "bash" - args: - - ${DRIVERS_TOOLS}/.evergreen/serverless/setup.sh - - command: expansions.update - params: - file: serverless-expansion.yml - teardown_group: - - command: subprocess.exec - params: - binary: "bash" - args: - - ${DRIVERS_TOOLS}/.evergreen/serverless/teardown.sh - - func: teardown - - func: handle-test-artifacts - - tasks: - - ".serverless" - - name: testgcpkms_task_group setup_group_can_fail_task: true setup_group_timeout_secs: 1800 # 30 minutes setup_group: - func: setup-system + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: binary: "bash" + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh teardown_group: @@ -1958,9 +1916,11 @@ task_groups: setup_group_timeout_secs: 1800 # 30 minutes setup_group: - func: setup-system + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: binary: bash + add_expansions_to_env: true env: AZUREKMS_VMNAME_PREFIX: GODRIVER args: @@ -2013,9 +1973,11 @@ task_groups: teardown_group_timeout_secs: 180 # 3 minutes (max allowed time) setup_group: - func: setup-system + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: binary: bash + add_expansions_to_env: true env: AZUREOIDC_VMNAME_PREFIX: "GO_DRIVER" args: @@ -2038,9 +2000,11 @@ task_groups: teardown_group_timeout_secs: 180 # 3 minutes (max allowed time) setup_group: - func: setup-system + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: binary: bash + add_expansions_to_env: true env: AZUREOIDC_VMNAME_PREFIX: "GO_DRIVER" args: @@ -2063,6 +2027,7 @@ task_groups: teardown_group_timeout_secs: 180 # 3 minutes (max allowed time) setup_group: - func: setup-system + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: binary: bash @@ -2083,10 +2048,12 @@ task_groups: - name: test-aws-lambda-task-group setup_group: - func: setup-system + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: working_dir: src/go.mongodb.org/mongo-driver binary: bash + add_expansions_to_env: true env: LAMBDA_STACK_NAME: dbx-go-lambda args: @@ -2340,13 +2307,6 @@ buildvariants: tasks: - name: ".load-balancer" - - matrix_name: "serverless" - tags: ["pullrequest"] - matrix_spec: { os-serverless: "*" } - display_name: "Serverless ${os-serverless}" - tasks: - - "serverless_task_group" - - matrix_name: "kms-kmip-test" matrix_spec: { version: ["7.0"], os-ssl-40: ["rhel87-64"] } display_name: "KMS KMIP ${os-ssl-40}" diff --git a/Taskfile.yml b/Taskfile.yml index 6784d855c2..ab552205f5 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -165,24 +165,6 @@ tasks: evg-test-ocsp: - go test -v ./mongo -run TestOCSP ${OCSP_TLS_SHOULD_SUCCEED} >> test.suite - evg-test-serverless: - # Serverless should be tested with all unified tests as well as tests in the following components: CRUD, load balancer, - # retryable reads, retryable writes, sessions, transactions and cursor behavior. - - go test ${BUILD_TAGS} ./internal/integration -run TestWriteErrorsWithLabels -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestWriteErrorsDetails -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestHintErrors -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestWriteConcernError -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestErrorsCodeNamePropagated -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestLoadBalancerSupport -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestRetryableReadsProse -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestRetryableWritesProse -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestSessionsProse -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestConvenientTransactions -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration -run TestCursor -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test ${BUILD_TAGS} ./internal/integration/unified -run TestUnifiedSpec -v -timeout {{.TEST_TIMEOUT}}s >> test.suite - - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration -run TestClientSideEncryptionSpec >> test.suite - - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./internal/integration -run TestClientSideEncryptionProse >> test.suite - evg-test-versioned-api: # Versioned API related tests are in the mongo, integration and unified packages. - go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=${MACOS_LIBRARY_PATH}" ${BUILD_TAGS} -v -timeout {{.TEST_TIMEOUT}}s ./mongo >> test.suite diff --git a/etc/run-awskms-test.sh b/etc/run-awskms-test.sh index e37c27f57f..11c6adb953 100755 --- a/etc/run-awskms-test.sh +++ b/etc/run-awskms-test.sh @@ -10,9 +10,13 @@ task build-kms-test export MONGODB_URI="$ATLAS_FREE" if [ -z "${EXPECT_ERROR:-}" ]; then - . ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh - export AWS_SECRET_ACCESS_KEY=$FLE_AWS_SECRET_ACCESS_KEY - export AWS_ACCESS_KEY_ID=$FLE_AWS_ACCESS_KEY_ID + . ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh + export AWS_SECRET_ACCESS_KEY=$FLE_AWS_SECRET_ACCESS_KEY + export AWS_ACCESS_KEY_ID=$FLE_AWS_ACCESS_KEY_ID fi +# AWS_SESSION_TOKEN is required to get credentials from the drivers/csfle vault +# but interferes with the testkms binary causing UnrecognizedClientException. +unset AWS_SESSION_TOKEN + LD_LIBRARY_PATH=./install/libmongocrypt/lib64 PROVIDER='aws' ./testkms