Merge branch 'master' into PYTHON-4493-prod

Author: NoahStapp

.evergreen/config.yml

@@ -107,95 +107,51 @@ buildvariants:
   # Aws auth tests
   - name: auth-aws-ubuntu-20-python3.9
     tasks:
-      - name: aws-auth-test-4.4
-      - name: aws-auth-test-5.0
-      - name: aws-auth-test-6.0
-      - name: aws-auth-test-7.0
-      - name: aws-auth-test-8.0
-      - name: aws-auth-test-rapid
-      - name: aws-auth-test-latest
+      - name: .auth-aws
     display_name: Auth AWS Ubuntu-20 Python3.9
     run_on:
       - ubuntu2004-small
     expansions:
       PYTHON_BINARY: /opt/python/3.9/bin/python3
   - name: auth-aws-ubuntu-20-python3.13
     tasks:
-      - name: aws-auth-test-4.4
-      - name: aws-auth-test-5.0
-      - name: aws-auth-test-6.0
-      - name: aws-auth-test-7.0
-      - name: aws-auth-test-8.0
-      - name: aws-auth-test-rapid
-      - name: aws-auth-test-latest
+      - name: .auth-aws
     display_name: Auth AWS Ubuntu-20 Python3.13
     run_on:
       - ubuntu2004-small
     expansions:
       PYTHON_BINARY: /opt/python/3.13/bin/python3
   - name: auth-aws-win64-python3.9
     tasks:
-      - name: aws-auth-test-4.4
-      - name: aws-auth-test-5.0
-      - name: aws-auth-test-6.0
-      - name: aws-auth-test-7.0
-      - name: aws-auth-test-8.0
-      - name: aws-auth-test-rapid
-      - name: aws-auth-test-latest
+      - name: .auth-aws !.auth-aws-ecs
     display_name: Auth AWS Win64 Python3.9
     run_on:
       - windows-64-vsMulti-small
     expansions:
-      skip_ECS_auth_test: "true"
       PYTHON_BINARY: C:/python/Python39/python.exe
   - name: auth-aws-win64-python3.13
     tasks:
-      - name: aws-auth-test-4.4
-      - name: aws-auth-test-5.0
-      - name: aws-auth-test-6.0
-      - name: aws-auth-test-7.0
-      - name: aws-auth-test-8.0
-      - name: aws-auth-test-rapid
-      - name: aws-auth-test-latest
+      - name: .auth-aws !.auth-aws-ecs
     display_name: Auth AWS Win64 Python3.13
     run_on:
       - windows-64-vsMulti-small
     expansions:
-      skip_ECS_auth_test: "true"
       PYTHON_BINARY: C:/python/Python313/python.exe
   - name: auth-aws-macos-python3.9
     tasks:
-      - name: aws-auth-test-4.4
-      - name: aws-auth-test-5.0
-      - name: aws-auth-test-6.0
-      - name: aws-auth-test-7.0
-      - name: aws-auth-test-8.0
-      - name: aws-auth-test-rapid
-      - name: aws-auth-test-latest
+      - name: .auth-aws !.auth-aws-web-identity !.auth-aws-ecs !.auth-aws-ec2
     display_name: Auth AWS macOS Python3.9
     run_on:
       - macos-14
     expansions:
-      skip_ECS_auth_test: "true"
-      skip_EC2_auth_test: "true"
-      skip_web_identity_auth_test: "true"
       PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.9/bin/python3
   - name: auth-aws-macos-python3.13
     tasks:
-      - name: aws-auth-test-4.4
-      - name: aws-auth-test-5.0
-      - name: aws-auth-test-6.0
-      - name: aws-auth-test-7.0
-      - name: aws-auth-test-8.0
-      - name: aws-auth-test-rapid
-      - name: aws-auth-test-latest
+      - name: .auth-aws !.auth-aws-web-identity !.auth-aws-ecs !.auth-aws-ec2
     display_name: Auth AWS macOS Python3.13
     run_on:
       - macos-14
     expansions:
-      skip_ECS_auth_test: "true"
-      skip_EC2_auth_test: "true"
-      skip_web_identity_auth_test: "true"
       PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.13/bin/python3
 
   # Compression tests

.evergreen/generated_configs/tasks.yml

@@ -30,5 +30,5 @@ export SET_XTRACE_ON=1
 cd src
 rm -rf .venv
 rm -f .evergreen/scripts/test-env.sh || true
-bash ./.evergreen/just.sh setup-tests auth_aws ecs
+bash ./.evergreen/just.sh setup-tests auth_aws ecs-remote
 bash .evergreen/just.sh run-tests

.evergreen/generated_configs/variants.yml

@@ -734,23 +734,14 @@ def create_atlas_connect_variants():
 
 def create_aws_auth_variants():
     variants = []
-    tasks = [
-        "aws-auth-test-4.4",
-        "aws-auth-test-5.0",
-        "aws-auth-test-6.0",
-        "aws-auth-test-7.0",
-        "aws-auth-test-8.0",
-        "aws-auth-test-rapid",
-        "aws-auth-test-latest",
-    ]
 
     for host_name, python in product(["ubuntu20", "win64", "macos"], MIN_MAX_PYTHON):
         expansions = dict()
-        if host_name != "ubuntu20":
-            expansions["skip_ECS_auth_test"] = "true"
+        tasks = [".auth-aws"]
         if host_name == "macos":
-            expansions["skip_EC2_auth_test"] = "true"
-            expansions["skip_web_identity_auth_test"] = "true"
+            tasks = [".auth-aws !.auth-aws-web-identity !.auth-aws-ecs !.auth-aws-ec2"]
+        elif host_name == "win64":
+            tasks = [".auth-aws !.auth-aws-ecs"]
         host = HOSTS[host_name]
         variant = create_variant(
             tasks,
@@ -804,20 +795,20 @@ def create_server_tasks():
     for topo, version, (auth, ssl), sync in product(TOPOLOGIES, ALL_VERSIONS, AUTH_SSLS, SYNCS):
         name = f"test-{version}-{topo}-{auth}-{ssl}-{sync}".lower()
         tags = [version, topo, auth, ssl, sync]
-        bootstrap_vars = dict(
+        server_vars = dict(
             VERSION=version,
             TOPOLOGY=topo if topo != "standalone" else "server",
             AUTH=auth,
             SSL=ssl,
         )
-        bootstrap_func = FunctionCall(func="bootstrap mongo-orchestration", vars=bootstrap_vars)
+        server_func = FunctionCall(func="run server", vars=server_vars)
         test_vars = dict(AUTH=auth, SSL=ssl, SYNC=sync)
         if sync == "sync":
             test_vars["TEST_NAME"] = "default_sync"
         elif sync == "async":
             test_vars["TEST_NAME"] = "default_async"
         test_func = FunctionCall(func="run tests", vars=test_vars)
-        tasks.append(EvgTask(name=name, tags=tags, commands=[bootstrap_func, test_func]))
+        tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func]))
     return tasks
 
 
@@ -826,11 +817,13 @@ def create_load_balancer_tasks():
     for auth, ssl in AUTH_SSLS:
         name = f"test-load-balancer-{auth}-{ssl}".lower()
         tags = ["load-balancer", auth, ssl]
-        bootstrap_vars = dict(TOPOLOGY="sharded_cluster", AUTH=auth, SSL=ssl, LOAD_BALANCER="true")
-        bootstrap_func = FunctionCall(func="bootstrap mongo-orchestration", vars=bootstrap_vars)
+        server_vars = dict(
+            TOPOLOGY="sharded_cluster", AUTH=auth, SSL=ssl, TEST_NAME="load_balancer"
+        )
+        server_func = FunctionCall(func="run server", vars=server_vars)
         test_vars = dict(AUTH=auth, SSL=ssl, TEST_NAME="load_balancer")
         test_func = FunctionCall(func="run tests", vars=test_vars)
-        tasks.append(EvgTask(name=name, tags=tags, commands=[bootstrap_func, test_func]))
+        tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func]))
 
     return tasks
 
@@ -846,14 +839,105 @@ def create_kms_tasks():
                 sub_test_name += "-fail"
             commands = []
             if not success:
-                commands.append(FunctionCall(func="bootstrap mongo-orchestration"))
+                commands.append(FunctionCall(func="run server"))
             test_vars = dict(TEST_NAME="kms", SUB_TEST_NAME=sub_test_name)
             test_func = FunctionCall(func="run tests", vars=test_vars)
             commands.append(test_func)
             tasks.append(EvgTask(name=name, commands=commands))
     return tasks
 
 
+def create_aws_tasks():
+    tasks = []
+    aws_test_types = [
+        "regular",
+        "assume-role",
+        "ec2",
+        "env-creds",
+        "session-creds",
+        "web-identity",
+        "ecs",
+    ]
+    for version in get_versions_from("4.4"):
+        base_name = f"test-auth-aws-{version}"
+        base_tags = ["auth-aws"]
+        server_vars = dict(AUTH_AWS="1", VERSION=version)
+        server_func = FunctionCall(func="run server", vars=server_vars)
+        assume_func = FunctionCall(func="assume ec2 role")
+        for test_type in aws_test_types:
+            tags = [*base_tags, f"auth-aws-{test_type}"]
+            name = f"{base_name}-{test_type}"
+            test_vars = dict(TEST_NAME="auth_aws", SUB_TEST_NAME=test_type)
+            test_func = FunctionCall(func="run tests", vars=test_vars)
+            funcs = [server_func, assume_func, test_func]
+            tasks.append(EvgTask(name=name, tags=tags, commands=funcs))
+
+        tags = [*base_tags, "auth-aws-web-identity"]
+        name = f"{base_name}-web-identity-session-name"
+        test_vars = dict(
+            TEST_NAME="auth_aws", SUB_TEST_NAME="web-identity", AWS_ROLE_SESSION_NAME="test"
+        )
+        test_func = FunctionCall(func="run tests", vars=test_vars)
+        funcs = [server_func, assume_func, test_func]
+        tasks.append(EvgTask(name=name, tags=tags, commands=funcs))
+
+    return tasks
+
+
+def _create_ocsp_task(algo, variant, server_type, base_task_name):
+    file_name = f"{algo}-basic-tls-ocsp-{variant}.json"
+
+    vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name)
+    server_func = FunctionCall(func="run server", vars=vars)
+
+    vars = dict(ORCHESTRATION_FILE=file_name, OCSP_SERVER_TYPE=server_type, TEST_NAME="ocsp")
+    test_func = FunctionCall(func="run tests", vars=vars)
+
+    tags = ["ocsp", f"ocsp-{algo}"]
+    if "disableStapling" not in variant:
+        tags.append("ocsp-staple")
+
+    task_name = f"test-ocsp-{algo}-{base_task_name}"
+    commands = [server_func, test_func]
+    return EvgTask(name=task_name, tags=tags, commands=commands)
+
+
+def create_ocsp_tasks():
+    tasks = []
+    tests = [
+        ("disableStapling", "valid", "valid-cert-server-does-not-staple"),
+        ("disableStapling", "revoked", "invalid-cert-server-does-not-staple"),
+        ("disableStapling", "valid-delegate", "delegate-valid-cert-server-does-not-staple"),
+        ("disableStapling", "revoked-delegate", "delegate-invalid-cert-server-does-not-staple"),
+        ("disableStapling", "no-responder", "soft-fail"),
+        ("mustStaple", "valid", "valid-cert-server-staples"),
+        ("mustStaple", "revoked", "invalid-cert-server-staples"),
+        ("mustStaple", "valid-delegate", "delegate-valid-cert-server-staples"),
+        ("mustStaple", "revoked-delegate", "delegate-invalid-cert-server-staples"),
+        (
+            "mustStaple-disableStapling",
+            "revoked",
+            "malicious-invalid-cert-mustStaple-server-does-not-staple",
+        ),
+        (
+            "mustStaple-disableStapling",
+            "revoked-delegate",
+            "delegate-malicious-invalid-cert-mustStaple-server-does-not-staple",
+        ),
+        (
+            "mustStaple-disableStapling",
+            "no-responder",
+            "malicious-no-responder-mustStaple-server-does-not-staple",
+        ),
+    ]
+    for algo in ["ecdsa", "rsa"]:
+        for variant, server_type, base_task_name in tests:
+            task = _create_ocsp_task(algo, variant, server_type, base_task_name)
+            tasks.append(task)
+
+    return tasks
+
+
 ##################
 # Generate Config
 ##################

.evergreen/run-mongodb-aws-ecs-test.sh

@@ -22,7 +22,8 @@ PYTHON_VERSION=$(${PYTHON_BINARY} -c "import sys; sys.stdout.write('.'.join(str(
 ${PYTHON_BINARY} -m venv --system-site-packages .venv
 source .venv/bin/activate
 pip install -U pip
-python -m pip install -e .
+export PYMONGO_C_EXT_MUST_BUILD=1
+python -m pip install -v -e .
 
 export MOD_WSGI_SO=/opt/python/mod_wsgi/python_version/$PYTHON_VERSION/mod_wsgi_version/$MOD_WSGI_VERSION/mod_wsgi.so
 export PYTHONHOME=/opt/python/$PYTHON_VERSION