Merge branch 'RUST-1529-no-ff' into RUST-1529-aws-sdk-signature

Author: JamieTsai1024

.evergreen/compile-only.sh

@@ -9,6 +9,11 @@ source ./.evergreen/env.sh
 if [ "$RUST_VERSION" != "" ]; then
   rustup toolchain install $RUST_VERSION
   TOOLCHAIN="+${RUST_VERSION}"
+
+  # The MSRV resolver does not properly select an MSRV-compliant version
+  # for this transient dependency.
+  cargo add [email protected]
+
   CARGO_RESOLVER_INCOMPATIBLE_RUST_VERSIONS=fallback cargo +nightly -Zmsrv-policy generate-lockfile
 fi
 

.evergreen/config.yml

@@ -257,11 +257,20 @@ buildvariants:
     # Limit the test to only schedule every 14 days to reduce external resource usage.
     batchtime: 20160
 
-  - name: gssapi-auth
-    display_name: "GSSAPI Authentication"
+  - name: gssapi-auth-linux
+    display_name: "GSSAPI Authentication - Linux"
     patchable: true
     run_on:
-      - ubuntu2004-small
+      - ubuntu2204-small
+    tasks:
+      - test-gssapi-auth
+
+  - name: gssapi-auth-macos
+    display_name: "GSSAPI Authentication - macOS"
+    patchable: true
+    disable: true
+    run_on:
+      - macos-14
     tasks:
       - test-gssapi-auth
 
@@ -1389,6 +1398,9 @@ functions:
           AWS_AUTH_TYPE: web-identity
 
   "run gssapi auth test":
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
     - command: subprocess.exec
       type: test
       params:
@@ -1397,6 +1409,10 @@ functions:
         args:
           - .evergreen/run-gssapi-tests.sh
         include_expansions_in_env:
+          - AWS_ACCESS_KEY_ID
+          - AWS_SECRET_ACCESS_KEY
+          - AWS_SESSION_TOKEN
+          - DRIVERS_TOOLS
           - PROJECT_DIRECTORY
 
   "run x509 tests":

.evergreen/run-gssapi-tests.sh

@@ -9,10 +9,59 @@ cd ${PROJECT_DIRECTORY}
 source .evergreen/env.sh
 source .evergreen/cargo-test.sh
 
+# Source the drivers/atlas_connect secrets, where GSSAPI test values are held
+source "${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh" drivers/atlas_connect
+
 FEATURE_FLAGS+=("gssapi-auth")
 
 set +o errexit
 
+# Create a krb5 config file with relevant
+touch krb5.conf
+echo "[realms]
+  $SASL_REALM = {
+    kdc = $SASL_HOST
+    admin_server = $SASL_HOST
+  }
+
+  $SASL_REALM_CROSS = {
+    kdc = $SASL_HOST
+    admin_server = $SASL_HOST
+  }
+
+[domain_realm]
+  .$SASL_DOMAIN = $SASL_REALM
+  $SASL_DOMAIN = $SASL_REALM
+" > krb5.conf
+
+export KRB5_CONFIG=krb5.conf
+
+# Authenticate the user principal in the KDC before running the e2e test
+echo "Authenticating $PRINCIPAL"
+echo "$SASL_PASS" | kinit -p $PRINCIPAL
+klist
+
+# Run end-to-end auth tests for "$PRINCIPAL" user
+TEST_OPTIONS+=("--skip with_service_realm_and_host_options")
+cargo_test test::auth::gssapi_skip_local
+
+# Unauthenticate
+echo "Unauthenticating $PRINCIPAL"
+kdestroy
+
+# Authenticate the alternative user principal in the KDC and run other e2e test
+echo "Authenticating $PRINCIPAL_CROSS"
+echo "$SASL_PASS_CROSS" | kinit -p $PRINCIPAL_CROSS
+klist
+
+TEST_OPTIONS=()
+cargo_test test::auth::gssapi_skip_local::with_service_realm_and_host_options
+
+# Unauthenticate
+echo "Unuthenticating $PRINCIPAL_CROSS"
+kdestroy
+
+# Run remaining tests
 cargo_test spec::auth
 cargo_test uri_options
 cargo_test connection_string