From 3e55f3ba13fd3fb1ecce86e7bb9e71847f334371 Mon Sep 17 00:00:00 2001 From: Preston Vasquez Date: Mon, 9 Jun 2025 16:47:01 -0600 Subject: [PATCH 1/5] GODRIVER-3560 Use lambda-specific arn for FaaS --- .evergreen/config.yml | 8 ++++++-- internal/test/faas/awslambda/template.yaml | 14 -------------- 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index e8ebae8bda..5e4d892345 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1988,11 +1988,11 @@ tasks: params: working_dir: src/go.mongodb.org/mongo-driver shell: bash + add_expansions_to_env: true env: TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/internal/test/faas/awslambda LAMBDA_STACK_NAME: dbx-go-lambda AWS_REGION: us-east-1 - include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] script: | ${PREPARE_SHELL} pushd $TEST_LAMBDA_DIRECTORY/mongodb @@ -2357,7 +2357,10 @@ task_groups: setup_group: - func: fetch-source - func: prepare-resources - - func: assume-test-secrets-ec2-role + - command: ec2.assume_role + params: + role_arn: ${LAMBDA_AWS_ROLE_ARN} + duration_seconds: 3600 - command: subprocess.exec params: working_dir: src/go.mongodb.org/mongo-driver @@ -2375,6 +2378,7 @@ task_groups: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash + add_expansions_to_env: true env: LAMBDA_STACK_NAME: dbx-go-lambda AWS_REGION: us-east-1 diff --git a/internal/test/faas/awslambda/template.yaml b/internal/test/faas/awslambda/template.yaml index 417d3b3a11..34d44007e2 100644 --- a/internal/test/faas/awslambda/template.yaml +++ b/internal/test/faas/awslambda/template.yaml @@ -32,20 +32,6 @@ Resources: Variables: MONGODB_URI: !Ref MongoDbUri - ApplicationResourceGroup: - Type: AWS::ResourceGroups::Group - Properties: - Name: - Fn::Sub: ApplicationInsights-SAM-${AWS::StackName} - ResourceQuery: - Type: CLOUDFORMATION_STACK_1_0 - ApplicationInsightsMonitoring: - Type: AWS::ApplicationInsights::Application - Properties: - ResourceGroupName: - Ref: ApplicationResourceGroup - AutoConfigurationEnabled: 'true' - Outputs: MongoDBApi: Description: "API Gateway endpoint URL for Prod stage for MongoDB function" From ce1ecf038538f8568a38d29f013b4c8a8496db9e Mon Sep 17 00:00:00 2001 From: Preston Vasquez Date: Mon, 9 Jun 2025 17:09:56 -0600 Subject: [PATCH 2/5] GODRIVER-3560 Assume role for PR Helper task --- .evergreen/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 5e4d892345..0806452e5c 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -403,6 +403,7 @@ functions: params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver + add_expansions_to_env: true script: | ${PREPARE_SHELL} export BASE_SHA=${revision} @@ -415,6 +416,7 @@ functions: params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver + add_expansions_to_env: true script: | ${PREPARE_SHELL} export CONFIG=$PROJECT_DIRECTORY/.github/labeler.yml @@ -427,6 +429,7 @@ functions: params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver + add_expansions_to_env: true script: | ${PREPARE_SHELL} export CONFIG=$PROJECT_DIRECTORY/.github/reviewers.txt @@ -932,6 +935,7 @@ tasks: - name: pull-request-helpers allowed_requesters: ["patch", "github_pr"] commands: + - func: assume-test-secrets-ec2-role - func: "add PR reviewer" - func: "add PR labels" - func: "create-api-report" From fcaaaca750030fbc72fe2eef37c6b73381f64792 Mon Sep 17 00:00:00 2001 From: Preston Vasquez Date: Mon, 9 Jun 2025 17:43:04 -0600 Subject: [PATCH 3/5] GODRIVER-3560 Parameterize duration_seconds in assume-test-secrets-ec2-role --- .evergreen/config.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 0806452e5c..ac6b593968 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -26,10 +26,11 @@ timeout: script: | ls -la functions: - assume-test-secrets-ec2-role: - - command: ec2.assume_role + assume-test-secrets-ec2-role: + - command: ec2.assume_rol params: role_arn: ${aws_test_secrets_role} + duration_seconds: ${ec2_assume_role_duration|3600} fetch-source: # Executes clone and applies the submitted patch, if any @@ -2361,10 +2362,7 @@ task_groups: setup_group: - func: fetch-source - func: prepare-resources - - command: ec2.assume_role - params: - role_arn: ${LAMBDA_AWS_ROLE_ARN} - duration_seconds: 3600 + - func: assume-test-secrets-ec2-role - command: subprocess.exec params: working_dir: src/go.mongodb.org/mongo-driver From 365aea2007cfeab04359042591929761c751e4aa Mon Sep 17 00:00:00 2001 From: Preston Vasquez Date: Mon, 9 Jun 2025 17:44:44 -0600 Subject: [PATCH 4/5] GODRIVER-3560 Fix typo --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index ac6b593968..66da8f0586 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -27,7 +27,7 @@ timeout: ls -la functions: assume-test-secrets-ec2-role: - - command: ec2.assume_rol + - command: ec2.assume_role params: role_arn: ${aws_test_secrets_role} duration_seconds: ${ec2_assume_role_duration|3600} From 066c5bbdf39fc1aa51c566290613b0a3e2ae3c53 Mon Sep 17 00:00:00 2001 From: Preston Vasquez Date: Mon, 9 Jun 2025 17:53:46 -0600 Subject: [PATCH 5/5] GODRIVER-3560 Remove parameterized duration --- .evergreen/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 66da8f0586..1800457b2b 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -30,7 +30,6 @@ functions: - command: ec2.assume_role params: role_arn: ${aws_test_secrets_role} - duration_seconds: ${ec2_assume_role_duration|3600} fetch-source: # Executes clone and applies the submitted patch, if any