web identitiy

Author: baileympearson

.evergreen/config.in.yml

@@ -598,61 +598,69 @@ functions:
           - .evergreen/run-mongodb-aws-test-copy.sh
 
   "run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set":
-    - command: shell.exec
-      type: test
+    - command: ec2.assume_role
       params:
-        working_dir: "src"
-        silent: true
-        shell: bash
-        script: |
-          set -ex
-          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
-          . ./activate-authawsvenv.sh
-          python aws_tester.py web-identity
-          cd -
-          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
-            export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
-            export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
-            export AWS_ROLE_SESSION_NAME='test'
-            export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
-          EOF
-    - command: shell.exec
+        role_arn: ${OIDC_AWS_ROLE_ARN}
+    - command: subprocess.exec
       type: test
       params:
+        include_expansions_in_env:
+          - MONGODB_URI
+          - DRIVERS_TOOLS
+          - MONGODB_AWS_SDK
         env:
-          MONGODB_AWS_SDK: ${MONGODB_AWS_SDK}
+          AWS_CREDENTIAL_TYPE: web-identity
+          AWS_ROLE_SESSION_NAME: test
         working_dir: "src"
-        script: |
-          ${PREPARE_SHELL}
-          ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
+        binary: bash
+        args: 
+          - .evergreen/run-mongodb-aws-test-copy.sh
+
+    # - command: shell.exec
+    #   type: test
+    #   params:
+    #     working_dir: "src"
+    #     silent: true
+    #     shell: bash
+    #     script: |
+    #       set -ex
+    #       cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
+    #       . ./activate-authawsvenv.sh
+    #       python aws_tester.py web-identity
+    #       cd -
+    #       cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
+    #         export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
+    #         export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
+    #         export AWS_ROLE_SESSION_NAME='test'
+    #         export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
+    #       EOF
+    # - command: shell.exec
+    #   type: test
+    #   params:
+    #     env:
+    #       MONGODB_AWS_SDK: ${MONGODB_AWS_SDK}
+    #     working_dir: "src"
+    #     script: |
+    #       ${PREPARE_SHELL}
+    #       ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
 
   "run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset":
-    - command: shell.exec
-      type: test
+    - command: ec2.assume_role
       params:
-        working_dir: "src"
-        silent: true
-        shell: bash
-        script: |
-          set -ex
-          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
-          . ./activate-authawsvenv.sh
-          python aws_tester.py web-identity
-          cd -
-          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
-            export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
-            export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
-            export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
-          EOF
-    - command: shell.exec
+        role_arn: ${OIDC_AWS_ROLE_ARN}
+    - command: subprocess.exec
       type: test
       params:
+        include_expansions_in_env:
+          - MONGODB_URI
+          - DRIVERS_TOOLS
+          - MONGODB_AWS_SDK
         env:
-          MONGODB_AWS_SDK: ${MONGODB_AWS_SDK}
+          AWS_CREDENTIAL_TYPE: web-identity
         working_dir: "src"
-        script: |
-          ${PREPARE_SHELL}
-          ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
+        binary: bash
+        args: 
+          - .evergreen/run-mongodb-aws-test-copy.sh
 
   "run aws ECS auth test":
     - command: shell.exec

.evergreen/config.yml

@@ -536,60 +536,40 @@ functions:
         args:
           - .evergreen/run-mongodb-aws-test-copy.sh
   run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set:
-    - command: shell.exec
-      type: test
+    - command: ec2.assume_role
       params:
-        working_dir: src
-        silent: true
-        shell: bash
-        script: |
-          set -ex
-          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
-          . ./activate-authawsvenv.sh
-          python aws_tester.py web-identity
-          cd -
-          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
-            export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
-            export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
-            export AWS_ROLE_SESSION_NAME='test'
-            export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
-          EOF
-    - command: shell.exec
+        role_arn: ${OIDC_AWS_ROLE_ARN}
+    - command: subprocess.exec
       type: test
       params:
+        include_expansions_in_env:
+          - MONGODB_URI
+          - DRIVERS_TOOLS
+          - MONGODB_AWS_SDK
         env:
-          MONGODB_AWS_SDK: ${MONGODB_AWS_SDK}
+          AWS_CREDENTIAL_TYPE: web-identity
+          AWS_ROLE_SESSION_NAME: test
         working_dir: src
-        script: |
-          ${PREPARE_SHELL}
-          ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
+        binary: bash
+        args:
+          - .evergreen/run-mongodb-aws-test-copy.sh
   run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset:
-    - command: shell.exec
-      type: test
+    - command: ec2.assume_role
       params:
-        working_dir: src
-        silent: true
-        shell: bash
-        script: |
-          set -ex
-          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
-          . ./activate-authawsvenv.sh
-          python aws_tester.py web-identity
-          cd -
-          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
-            export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
-            export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
-            export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
-          EOF
-    - command: shell.exec
+        role_arn: ${OIDC_AWS_ROLE_ARN}
+    - command: subprocess.exec
       type: test
       params:
+        include_expansions_in_env:
+          - MONGODB_URI
+          - DRIVERS_TOOLS
+          - MONGODB_AWS_SDK
         env:
-          MONGODB_AWS_SDK: ${MONGODB_AWS_SDK}
+          AWS_CREDENTIAL_TYPE: web-identity
         working_dir: src
-        script: |
-          ${PREPARE_SHELL}
-          ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
+        binary: bash
+        args:
+          - .evergreen/run-mongodb-aws-test-copy.sh
   run aws ECS auth test:
     - command: shell.exec
       type: test

.evergreen/generate_evergreen_tasks.js

@@ -344,11 +344,11 @@ for (const VERSION of AWS_AUTH_VERSIONS) {
     { func: 'run aws auth test with aws credentials and session token as environment variables' },  // done
     { func: 'run aws ECS auth test' },
     {
-      func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset',
+      func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset', // done
       onlySdk: true
     },
     {
-      func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set',
+      func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set', // done
       onlySdk: true
     }
   ];

test/integration/auth/mongodb_aws.test.ts

@@ -24,6 +24,7 @@ import {
 
 const isMongoDBAWSAuthEnvironment = (process.env.MONGODB_URI ?? '').includes('MONGODB-AWS');
 
+console.error(`IS THIS SET?: ${'AWS_ROLE_SESSION_NAME' in process.env}`)
 describe('MONGODB-AWS', function () {
   let awsSdkPresent;
   let client: MongoClient;