wip

blink1073 · blink1073 · commit e6fa6102f378 · 2025-03-11T11:11:38.000-05:00
diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh
@@ -3,21 +3,9 @@
 set +x          # Disable debug trace
 set -eu
 
-echo "Running MONGODB-OIDC authentication tests"
+echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}..."
 
-if [ $OIDC_ENV == "azure" ]; then
-    source ./env.sh
-
-elif [ $OIDC_ENV == "gcp" ]; then
-    source ./secrets-export.sh
-
-elif [ $OIDC_ENV == "k8s" ]; then
-    echo "Running oidc on k8s"
-
-else
-    echo "Unrecognized OIDC_ENV $OIDC_ENV"
-    exit 1
-fi
-
-bash ./.evergreen/just.sh setup-tests auth_oidc remote
+bash ./.evergreen/just.sh setup-tests auth_oidc ${OIDC_ENV}-remote
 bash ./.evergreen/just.sh run-tests "${@:1}"
+
+echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}... done."
diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
@@ -24,11 +24,6 @@ else
   exit 1
 fi
 
-# Source the local secrets export file if available.
-if [ -f "./secrets-export.sh" ]; then
-  . "./secrets-export.sh"
-fi
-
 # List the packages.
 PIP_QUIET=0 uv run ${UV_ARGS} --with pip pip list
 
diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py
@@ -2,43 +2,65 @@
 
 import os
 
-from utils import (
-    DRIVERS_TOOLS,
-    TMP_DRIVER_FILE,
-    run_command,
-)
+from utils import DRIVERS_TOOLS, TMP_DRIVER_FILE, create_archive, read_env, run_command, write_env
 
 K8S_NAMES = ["aks", "gke", "eks"]
+K8S_REMOTE_NAMES = [f"{n}-remote" for n in K8S_NAMES]
 
 
 def _get_target_dir(sub_test_name: str) -> str:
     if sub_test_name == "test":
         target_dir = "auth_oidc"
-    elif sub_test_name == "azure":
+    elif sub_test_name.startswith("azure"):
         target_dir = "auth_oidc/azure"
-    elif sub_test_name == "gcp":
+    elif sub_test_name.startswith("gcp"):
         target_dir = "auth_oidc/gcp"
-    elif sub_test_name in K8S_NAMES:
+    elif sub_test_name in K8S_NAMES + K8S_REMOTE_NAMES:
         target_dir = "auth_oidc/k8s"
     else:
         raise ValueError(f"Invalid sub test name '{sub_test_name}'")
     return f"{DRIVERS_TOOLS}/.evergreen/{target_dir}"
 
 
-def setup_oidc(sub_test_name: str) -> None:
+def setup_oidc(sub_test_name: str) -> dict[str, str] | None:
     target_dir = _get_target_dir(sub_test_name)
     env = os.environ.copy()
     if sub_test_name == "azure":
         env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER"
-    run_command(f"bash {target_dir}/setup.sh", env=env)
+    elif "-remote" not in sub_test_name:
+        run_command(f"bash {target_dir}/setup.sh", env=env)
     if sub_test_name in K8S_NAMES:
-        run_command(f"bash {target_dir}/setup-pod.sh")
+        run_command(f"bash {target_dir}/setup-pod.sh {sub_test_name}")
         run_command(f"bash {target_dir}/run-self-test.sh")
+        return None
+
+    source_file = None
+    if sub_test_name == "test":
+        source_file = f"{target_dir}/secrets-export.sh"
+    elif sub_test_name == "azure-remote":
+        source_file = "./env.sh"
+    elif sub_test_name == "gcp-remote":
+        source_file = "./secrets-export.sh"
+    if sub_test_name in K8S_REMOTE_NAMES:
+        return os.environ.copy()
+    if source_file is None:
+        return None
+
+    config = read_env(source_file)
+    write_env("MONGODB_URI_SINGLE", config["MONGODB_URI_SINGLE"])
+    write_env("MONGODB_URI", config["MONGODB_URI"])
+    write_env("DB_IP", config["MONGODB_URI"])
+
+    if sub_test_name == "test":
+        write_env("OIDC_TOKEN_FILE", config["OIDC_TOKEN_FILE"])
+        write_env("OIDC_TOKEN_DIR", config["OIDC_TOKEN_DIR"])
+    return config
 
 
 def test_oidc_remote(sub_test_name: str) -> None:
     env = os.environ.copy()
     target_dir = _get_target_dir(sub_test_name)
+    create_archive()
     if sub_test_name in ["azure", "gcp"]:
         upper_name = sub_test_name.upper()
         env[f"{upper_name}OIDC_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE
@@ -48,8 +70,7 @@ def test_oidc_remote(sub_test_name: str) -> None:
     elif sub_test_name in K8S_NAMES:
         env["K8S_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE
         env["K8S_TEST_CMD"] = "OIDC_ENV=k8s ./.evergreen/run-mongodb-oidc-test.sh"
-
-    run_command(f"bash {target_dir}/run-driver-test.sh")
+    run_command(f"bash {target_dir}/run-driver-test.sh", env=env)
 
 
 def teardown_oidc(sub_test_name: str) -> None:
diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py
@@ -161,6 +161,13 @@ def handle_test_env() -> None:
     if group := GROUP_MAP.get(test_name, ""):
         UV_ARGS.append(f"--group {group}")
 
+    if test_name == "auth_oidc":
+        from oidc_tester import setup_oidc
+
+        config = setup_oidc(sub_test_name)
+        if not config:
+            AUTH = "noauth"
+
     if AUTH != "noauth":
         if test_name == "data_lake":
             config = read_env(f"{DRIVERS_TOOLS}/.evergreen/atlas_data_lake/secrets-export.sh")
@@ -174,9 +181,8 @@ def handle_test_env() -> None:
             write_env("SINGLE_MONGOS_LB_URI", config["SERVERLESS_URI"])
             write_env("MULTI_MONGOS_LB_URI", config["SERVERLESS_URI"])
         elif test_name == "auth_oidc":
-            DB_USER = os.environ["OIDC_ADMIN_USER"]
-            DB_PASSWORD = os.environ["OIDC_ADMIN_PWD"]
-            write_env("DB_IP", os.environ["MONGODB_URI"])
+            DB_USER = config["OIDC_ADMIN_USER"]
+            DB_PASSWORD = config["OIDC_ADMIN_PWD"]
         elif test_name == "index_management":
             config = read_env(f"{DRIVERS_TOOLS}/.evergreen/atlas/secrets-export.sh")
             DB_USER = config["DRIVERS_ATLAS_LAMBDA_USER"]
@@ -239,11 +245,6 @@ def handle_test_env() -> None:
         cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start'
         run_command(cmd)
 
-    if test_name == "auth_oidc":
-        from oidc_helper import setup_oidc
-
-        setup_oidc(sub_test_name)
-
     if test_name == "ocsp":
         if sub_test_name:
             os.environ["OCSP_SERVER_TYPE"] = sub_test_name
diff --git a/.evergreen/scripts/teardown_tests.py b/.evergreen/scripts/teardown_tests.py
@@ -25,7 +25,7 @@
     teardown_kms(SUB_TEST_NAME)
 
 # Tear down OIDC if applicable.
-elif TEST_NAME == "oidc":
+elif TEST_NAME == "auth_oidc":
     from oidc_tester import teardown_oidc
 
     teardown_oidc(SUB_TEST_NAME)
diff --git a/test/auth_oidc/test_auth_oidc.py b/test/auth_oidc/test_auth_oidc.py
@@ -70,6 +70,11 @@ def setUpClass(cls):
         cls.uri_single = os.environ["MONGODB_URI_SINGLE"]
         cls.uri_multiple = os.environ.get("MONGODB_URI_MULTI")
         cls.uri_admin = os.environ["MONGODB_URI"]
+        if ENVIRON == "test":
+            if not TOKEN_DIR:
+                raise ValueError("Please set OIDC_TOKEN_DIR")
+            if not TOKEN_FILE:
+                raise ValueError("Please set OIDC_TOKEN_FILE")
 
     def setUp(self):
         self.request_called = 0
