diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 9041647e934..d28c00109f2 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -456,300 +456,135 @@ functions: bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh - "add aws auth variables to file": - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - script: | - cat < ${DRIVERS_TOOLS}/.evergreen/auth_aws/aws_e2e_setup.json - { - "iam_auth_ecs_account" : "${iam_auth_ecs_account}", - "iam_auth_ecs_secret_access_key" : "${iam_auth_ecs_secret_access_key}", - "iam_auth_ecs_account_arn": "arn:aws:iam::557821124784:user/authtest_fargate_user", - "iam_auth_ecs_cluster": "${iam_auth_ecs_cluster}", - "iam_auth_ecs_task_definition": "${iam_auth_ecs_task_definition_ubuntu2004}", - "iam_auth_ecs_subnet_a": "${iam_auth_ecs_subnet_a}", - "iam_auth_ecs_subnet_b": "${iam_auth_ecs_subnet_b}", - "iam_auth_ecs_security_group": "${iam_auth_ecs_security_group}", - "iam_auth_assume_aws_account" : "${iam_auth_assume_aws_account}", - "iam_auth_assume_aws_secret_access_key" : "${iam_auth_assume_aws_secret_access_key}", - "iam_auth_assume_role_name" : "${iam_auth_assume_role_name}", - "iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}", - "iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}", - "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}", - "iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}", - "iam_web_identity_issuer": "${iam_web_identity_issuer}", - "iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}", - "iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}", - "iam_web_identity_token_file": "${iam_web_identity_token_file}" - } - EOF - - "setup aws env": - - command: shell.exec - type: test + "assume secrets manager rule": + - command: ec2.assume_role params: - working_dir: "src" - shell: bash - script: | - ${PREPARE_SHELL} - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - cd - + role_arn: ${OIDC_AWS_ROLE_ARN} "run aws auth test with regular aws credentials": - - command: shell.exec - type: test - params: - working_dir: "src" - shell: bash - script: | - ${PREPARE_SHELL} - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py regular - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - script: | - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias urlencode='python3 -c "import sys, urllib.parse as ulp; sys.stdout.write(ulp.quote_plus(sys.argv[1]))"' - USER=$(urlencode ${iam_auth_ecs_account}) - PASS=$(urlencode ${iam_auth_ecs_secret_access_key}) - export MONGODB_URI="mongodb://$USER:$PASS@localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: regular working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws auth test with assume role credentials": - - command: shell.exec - type: test - params: - working_dir: "src" - shell: bash - script: | - ${PREPARE_SHELL} - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py assume-role - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - script: | - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias urlencode='python3 -c "import sys, urllib.parse as ulp; sys.stdout.write(ulp.quote_plus(sys.argv[1]))"' - alias jsonkey='python3 -c "import json,sys;sys.stdout.write(json.load(sys.stdin)[sys.argv[1]])" < ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json' - USER=$(jsonkey AccessKeyId) - USER=$(urlencode $USER) - PASS=$(jsonkey SecretAccessKey) - PASS=$(urlencode $PASS) - SESSION_TOKEN=$(jsonkey SessionToken) - SESSION_TOKEN=$(urlencode $SESSION_TOKEN) - export MONGODB_URI="mongodb://$USER:$PASS@localhost:27017/aws?authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:$SESSION_TOKEN" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: assume-role working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws auth test with aws EC2 credentials": - - command: shell.exec - type: test - params: - working_dir: "src" - shell: bash - script: | - ${PREPARE_SHELL} - # Write an empty prepare_mongodb_aws so no auth environment variables - # are set. - echo "" > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py ec2 - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} - working_dir: "src" - script: | - ${PREPARE_SHELL} - export IS_EC2=true - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + AWS_CREDENTIAL_TYPE: ec2 + IS_EC2: 'true' + working_dir: src + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws auth test with aws credentials as environment variables": - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py regular - cd - - cat < "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=${iam_auth_ecs_account} - export AWS_SECRET_ACCESS_KEY=${iam_auth_ecs_secret_access_key} - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: env-creds working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws auth test with aws credentials and session token as environment variables": - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py assume-role - cd - - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=$(jq -r '.AccessKeyId' ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json) - export AWS_SECRET_ACCESS_KEY=$(jq -r '.SecretAccessKey' ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json) - export AWS_SESSION_TOKEN=$(jq -r '.SessionToken' ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json) - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: - add_expansions_to_env: true + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK + env: + AWS_CREDENTIAL_TYPE: session-creds working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set": - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py web-identity - cd - - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} - export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} - export AWS_ROLE_SESSION_NAME='test' - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: web-identity + AWS_ROLE_SESSION_NAME: test working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset": - - command: shell.exec - type: test - params: - working_dir: "src" - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py web-identity - cd - - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} - export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: web-identity working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh "run aws ECS auth test": - - command: shell.exec + - command: subprocess.exec type: test params: - working_dir: src + include_expansions_in_env: + - DRIVERS_TOOLS + - MONGODB_AWS_SDK + - PROJECT_DIRECTORY + - MONGODB_BINARIES env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} - shell: bash - script: | - ${PREPARE_SHELL} - AUTH_AWS_DIR=${DRIVERS_TOOLS}/.evergreen/auth_aws - ECS_SRC_DIR=$AUTH_AWS_DIR/src - - # pack up project directory to ssh it to the container - mkdir -p $ECS_SRC_DIR/.evergreen - - set -ex - - echo "export MONGODB_AWS_SDK=$MONGODB_AWS_SDK" >> $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh - echo "if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi" >> $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh - echo "npm run check:aws" >> $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh - - cp $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh $ECS_SRC_DIR/.evergreen - - cd .. - tar -czf src.tgz src drivers-tools - mv src.tgz $ECS_SRC_DIR/src.tgz - - - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - export MONGODB_BINARIES="${MONGODB_BINARIES}"; - export PROJECT_DIRECTORY=$ECS_SRC_DIR; - python aws_tester.py ecs - + AWS_CREDENTIAL_TYPE: web-identity + working_dir: "src" + binary: bash + args: + - .evergreen/prepare-mongodb-aws-ecs-auth.sh + "run custom csfle tests": - - command: ec2.assume_role - params: - role_arn: ${OIDC_AWS_ROLE_ARN} - command: subprocess.exec type: test params: @@ -773,30 +608,19 @@ functions: - "${PROJECT_DIRECTORY}/.evergreen/run-lambda-tests.sh" "run lambda handler example tests with aws auth": - - command: shell.exec - type: test - params: - working_dir: src - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py regular - cd - - cat < "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=${iam_auth_ecs_account} - export AWS_SECRET_ACCESS_KEY=${iam_auth_ecs_secret_access_key} - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + env: + AWS_CREDENTIAL_TYPE: env-creds + MONGODB_AWS_SDK: 'true' working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-lambda-aws-tests.sh + binary: bash + args: + - .evergreen/run-lambda-aws-tests.sh "upload test results": # Upload the xunit-format test results. diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 413e833e4db..5537e9b1c64 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -401,308 +401,126 @@ functions: export MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh - add aws auth variables to file: - - command: shell.exec - type: test - params: - working_dir: src - silent: true - script: | - cat < ${DRIVERS_TOOLS}/.evergreen/auth_aws/aws_e2e_setup.json - { - "iam_auth_ecs_account" : "${iam_auth_ecs_account}", - "iam_auth_ecs_secret_access_key" : "${iam_auth_ecs_secret_access_key}", - "iam_auth_ecs_account_arn": "arn:aws:iam::557821124784:user/authtest_fargate_user", - "iam_auth_ecs_cluster": "${iam_auth_ecs_cluster}", - "iam_auth_ecs_task_definition": "${iam_auth_ecs_task_definition_ubuntu2004}", - "iam_auth_ecs_subnet_a": "${iam_auth_ecs_subnet_a}", - "iam_auth_ecs_subnet_b": "${iam_auth_ecs_subnet_b}", - "iam_auth_ecs_security_group": "${iam_auth_ecs_security_group}", - "iam_auth_assume_aws_account" : "${iam_auth_assume_aws_account}", - "iam_auth_assume_aws_secret_access_key" : "${iam_auth_assume_aws_secret_access_key}", - "iam_auth_assume_role_name" : "${iam_auth_assume_role_name}", - "iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}", - "iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}", - "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}", - "iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}", - "iam_web_identity_issuer": "${iam_web_identity_issuer}", - "iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}", - "iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}", - "iam_web_identity_token_file": "${iam_web_identity_token_file}" - } - EOF - setup aws env: - - command: shell.exec - type: test + assume secrets manager rule: + - command: ec2.assume_role params: - working_dir: src - shell: bash - script: | - ${PREPARE_SHELL} - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - cd - + role_arn: ${OIDC_AWS_ROLE_ARN} run aws auth test with regular aws credentials: - - command: shell.exec - type: test - params: - working_dir: src - shell: bash - script: | - ${PREPARE_SHELL} - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py regular - - command: shell.exec - type: test - params: - working_dir: src - silent: true - script: | - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias urlencode='python3 -c "import sys, urllib.parse as ulp; sys.stdout.write(ulp.quote_plus(sys.argv[1]))"' - USER=$(urlencode ${iam_auth_ecs_account}) - PASS=$(urlencode ${iam_auth_ecs_secret_access_key}) - export MONGODB_URI="mongodb://$USER:$PASS@localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: regular working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws auth test with assume role credentials: - - command: shell.exec - type: test - params: - working_dir: src - shell: bash - script: | - ${PREPARE_SHELL} - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py assume-role - - command: shell.exec - type: test - params: - working_dir: src - silent: true - script: | - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias urlencode='python3 -c "import sys, urllib.parse as ulp; sys.stdout.write(ulp.quote_plus(sys.argv[1]))"' - alias jsonkey='python3 -c "import json,sys;sys.stdout.write(json.load(sys.stdin)[sys.argv[1]])" < ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json' - USER=$(jsonkey AccessKeyId) - USER=$(urlencode $USER) - PASS=$(jsonkey SecretAccessKey) - PASS=$(urlencode $PASS) - SESSION_TOKEN=$(jsonkey SessionToken) - SESSION_TOKEN=$(urlencode $SESSION_TOKEN) - export MONGODB_URI="mongodb://$USER:$PASS@localhost:27017/aws?authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:$SESSION_TOKEN" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: assume-role working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws auth test with aws EC2 credentials: - - command: shell.exec - type: test - params: - working_dir: src - shell: bash - script: | - ${PREPARE_SHELL} - # Write an empty prepare_mongodb_aws so no auth environment variables - # are set. - echo "" > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py ec2 - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: ec2 + IS_EC2: 'true' working_dir: src - script: | - ${PREPARE_SHELL} - export IS_EC2=true - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws auth test with aws credentials as environment variables: - - command: shell.exec - type: test - params: - working_dir: src - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py regular - cd - - cat < "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=${iam_auth_ecs_account} - export AWS_SECRET_ACCESS_KEY=${iam_auth_ecs_secret_access_key} - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: env-creds working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws auth test with aws credentials and session token as environment variables: - - command: shell.exec - type: test - params: - working_dir: src - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py assume-role - cd - - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=$(jq -r '.AccessKeyId' ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json) - export AWS_SECRET_ACCESS_KEY=$(jq -r '.SecretAccessKey' ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json) - export AWS_SESSION_TOKEN=$(jq -r '.SessionToken' ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json) - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: - add_expansions_to_env: true + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK + env: + AWS_CREDENTIAL_TYPE: session-creds working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set: - - command: shell.exec - type: test - params: - working_dir: src - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py web-identity - cd - - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} - export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} - export AWS_ROLE_SESSION_NAME='test' - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: web-identity + AWS_ROLE_SESSION_NAME: test working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset: - - command: shell.exec - type: test - params: - working_dir: src - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py web-identity - cd - - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} - export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + - MONGODB_AWS_SDK env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} + AWS_CREDENTIAL_TYPE: web-identity working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + binary: bash + args: + - .evergreen/run-mongodb-aws-test.sh run aws ECS auth test: - - command: shell.exec + - command: subprocess.exec type: test params: - working_dir: src + include_expansions_in_env: + - DRIVERS_TOOLS + - MONGODB_AWS_SDK + - PROJECT_DIRECTORY + - MONGODB_BINARIES env: - MONGODB_AWS_SDK: ${MONGODB_AWS_SDK} - shell: bash - script: > - ${PREPARE_SHELL} - - AUTH_AWS_DIR=${DRIVERS_TOOLS}/.evergreen/auth_aws - - ECS_SRC_DIR=$AUTH_AWS_DIR/src - - - # pack up project directory to ssh it to the container - - mkdir -p $ECS_SRC_DIR/.evergreen - - - set -ex - - - echo "export MONGODB_AWS_SDK=$MONGODB_AWS_SDK" >> $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh - - echo "if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi" >> - $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh - - echo "npm run check:aws" >> $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh - - - cp $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh $ECS_SRC_DIR/.evergreen - - - cd .. - - tar -czf src.tgz src drivers-tools - - mv src.tgz $ECS_SRC_DIR/src.tgz - - - - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - - . ./activate-authawsvenv.sh - - export MONGODB_BINARIES="${MONGODB_BINARIES}"; - - export PROJECT_DIRECTORY=$ECS_SRC_DIR; - - python aws_tester.py ecs + AWS_CREDENTIAL_TYPE: web-identity + working_dir: src + binary: bash + args: + - .evergreen/prepare-mongodb-aws-ecs-auth.sh run custom csfle tests: - - command: ec2.assume_role - params: - role_arn: ${OIDC_AWS_ROLE_ARN} - command: subprocess.exec type: test params: @@ -724,30 +542,19 @@ functions: args: - ${PROJECT_DIRECTORY}/.evergreen/run-lambda-tests.sh run lambda handler example tests with aws auth: - - command: shell.exec - type: test - params: - working_dir: src - silent: true - shell: bash - script: | - set -ex - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - python aws_tester.py regular - cd - - cat < "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=${iam_auth_ecs_account} - export AWS_SECRET_ACCESS_KEY=${iam_auth_ecs_secret_access_key} - export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - EOF - - command: shell.exec + - command: subprocess.exec type: test params: + include_expansions_in_env: + - MONGODB_URI + - DRIVERS_TOOLS + env: + AWS_CREDENTIAL_TYPE: env-creds + MONGODB_AWS_SDK: 'true' working_dir: src - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-lambda-aws-tests.sh + binary: bash + args: + - .evergreen/run-lambda-aws-tests.sh upload test results: - command: attach.xunit_results params: @@ -1943,8 +1750,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -1959,8 +1765,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -1975,8 +1780,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws EC2 credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -1991,8 +1795,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -2007,8 +1810,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-latest-auth-test-run-aws-ECS-auth-test commands: @@ -2023,8 +1825,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -2039,8 +1840,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -2055,8 +1855,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-latest-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -2071,9 +1870,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -2088,9 +1885,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -2105,9 +1900,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: >- aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -2123,9 +1916,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-latest-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -2140,9 +1931,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-8.0-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: @@ -2157,8 +1946,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-8.0-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -2173,8 +1961,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-8.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -2189,8 +1976,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws EC2 credentials - name: aws-8.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -2205,8 +1991,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: aws-8.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -2221,8 +2006,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-8.0-auth-test-run-aws-ECS-auth-test commands: @@ -2237,8 +2021,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-8.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -2253,8 +2036,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-8.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -2269,8 +2051,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-8.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -2285,9 +2066,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-8.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -2302,9 +2081,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-8.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -2319,9 +2096,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: >- aws-8.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -2337,9 +2112,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-8.0-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -2354,9 +2127,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-7.0-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: @@ -2371,8 +2142,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-7.0-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -2387,8 +2157,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-7.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -2403,8 +2172,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws EC2 credentials - name: aws-7.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -2419,8 +2187,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: aws-7.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -2435,8 +2202,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-7.0-auth-test-run-aws-ECS-auth-test commands: @@ -2451,8 +2217,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-7.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -2467,8 +2232,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-7.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -2483,8 +2247,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-7.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -2499,9 +2262,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-7.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -2516,9 +2277,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-7.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -2533,9 +2292,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: >- aws-7.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -2551,9 +2308,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-7.0-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -2568,9 +2323,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-6.0-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: @@ -2585,8 +2338,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -2601,8 +2353,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -2617,8 +2368,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws EC2 credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -2633,8 +2383,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -2649,8 +2398,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-6.0-auth-test-run-aws-ECS-auth-test commands: @@ -2665,8 +2413,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -2681,8 +2428,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -2697,8 +2443,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-6.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -2713,9 +2458,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -2730,9 +2473,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -2747,9 +2488,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: >- aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -2765,9 +2504,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-6.0-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -2782,9 +2519,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-5.0-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: @@ -2799,8 +2534,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -2815,8 +2549,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -2831,8 +2564,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws EC2 credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -2847,8 +2579,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -2863,8 +2594,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-5.0-auth-test-run-aws-ECS-auth-test commands: @@ -2879,8 +2609,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -2895,8 +2624,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -2911,8 +2639,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-5.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -2927,9 +2654,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -2944,9 +2669,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -2961,9 +2684,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: >- aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -2979,9 +2700,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-5.0-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -2996,9 +2715,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-4.4-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: @@ -3013,8 +2730,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -3029,8 +2745,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -3045,8 +2760,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws EC2 credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -3061,8 +2775,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -3077,8 +2790,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-4.4-auth-test-run-aws-ECS-auth-test commands: @@ -3093,8 +2805,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws ECS auth test - name: aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -3109,8 +2820,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -3125,8 +2835,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-4.4-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -3141,9 +2850,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with regular aws credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -3158,9 +2865,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with assume role credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -3175,9 +2880,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials as environment variables - name: >- aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -3193,9 +2896,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws auth test with aws credentials and session token as environment variables - name: aws-4.4-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -3210,9 +2911,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env - - func: remove aws-credential-providers + - func: assume secrets manager rule - func: run aws ECS auth test - name: run-spec-benchmark-tests-node-server tags: @@ -3551,6 +3250,7 @@ tasks: - func: bootstrap mongo-orchestration - func: bootstrap kms servers - func: install mongodb-client-encryption + - func: assume secrets manager rule - func: run custom csfle tests - name: run-custom-csfle-tests-rapid tags: @@ -3569,6 +3269,7 @@ tasks: - func: bootstrap mongo-orchestration - func: bootstrap kms servers - func: install mongodb-client-encryption + - func: assume secrets manager rule - func: run custom csfle tests - name: run-custom-csfle-tests-latest tags: @@ -3587,6 +3288,7 @@ tasks: - func: bootstrap mongo-orchestration - func: bootstrap kms servers - func: install mongodb-client-encryption + - func: assume secrets manager rule - func: run custom csfle tests - name: test-latest-driver-mongodb-client-encryption-6.0.0 tags: @@ -4098,8 +3800,7 @@ tasks: - {key: TOPOLOGY, value: server} - func: install dependencies - func: bootstrap mongo-orchestration - - func: add aws auth variables to file - - func: setup aws env + - func: assume secrets manager rule - func: run lambda handler example tests with aws auth - name: test-latest-csfle-mongocryptd tags: diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index da6be83adf3..85118f7e9be 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -307,8 +307,7 @@ AWS_LAMBDA_HANDLER_TASKS.push({ }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'add aws auth variables to file' }, - { func: 'setup aws env' }, + { func: 'assume secrets manager rule' }, { func: 'run lambda handler example tests with aws auth' } ] }); @@ -365,8 +364,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) { }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'add aws auth variables to file' }, - { func: 'setup aws env' }, + { func: 'assume secrets manager rule' }, { func: fn.func } ] })); @@ -385,9 +383,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) { }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'add aws auth variables to file' }, - { func: 'setup aws env' }, - { func: 'remove aws-credential-providers' }, + { func: 'assume secrets manager rule' }, { func: fn.func } ] })); @@ -684,6 +680,7 @@ for (const version of ['5.0', 'rapid', 'latest']) { { func: 'bootstrap mongo-orchestration' }, { func: 'bootstrap kms servers' }, { func: 'install mongodb-client-encryption' }, + { func: 'assume secrets manager rule' }, { func: 'run custom csfle tests' } ] }); diff --git a/.evergreen/prepare-mongodb-aws-ecs-auth.sh b/.evergreen/prepare-mongodb-aws-ecs-auth.sh new file mode 100755 index 00000000000..4940b94db88 --- /dev/null +++ b/.evergreen/prepare-mongodb-aws-ecs-auth.sh @@ -0,0 +1,31 @@ +#! /usr/bin/env bash + +AUTH_AWS_DIR=${DRIVERS_TOOLS}/.evergreen/auth_aws +ECS_SRC_DIR=$AUTH_AWS_DIR/src + +bash $DRIVERS_TOOLS/.evergreen/auth_aws/setup-secrets.sh + +# pack up project directory to ssh it to the container +mkdir -p $ECS_SRC_DIR/.evergreen +set -ex + +# write test file +echo "export MONGODB_AWS_SDK=$MONGODB_AWS_SDK" >>$PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh +echo "if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi" >>$PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh +echo "npm run check:aws" >>$PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh + +# copy test file to AWS ecs test directory +cp $PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh $ECS_SRC_DIR/.evergreen/ + +cat $ECS_SRC_DIR/.evergreen/run-mongodb-aws-ecs-test.sh + +# tar the file and drivers tools and do the same +cd .. +tar -czf src.tgz src drivers-tools +mv src.tgz $ECS_SRC_DIR/src.tgz + +export MONGODB_BINARIES="${MONGODB_BINARIES}" + +export PROJECT_DIRECTORY=$ECS_SRC_DIR + +bash $AUTH_AWS_DIR/aws_setup.sh ecs diff --git a/.evergreen/run-lambda-aws-tests.sh b/.evergreen/run-lambda-aws-tests.sh index bf9ec2cdfb1..9e4a3e8e4b2 100644 --- a/.evergreen/run-lambda-aws-tests.sh +++ b/.evergreen/run-lambda-aws-tests.sh @@ -1,24 +1,13 @@ #!/bin/bash # set -o xtrace # Write all commands first to stderr -set -o errexit # Exit the script with error if any of the commands fail - -MONGODB_URI=${MONGODB_URI:-} - -# ensure no secrets are printed in log files -set +x - -# load node.js environment -source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh +set -o errexit # Exit the script with error if any of the commands fail # the default connection string, may be overridden by the environment script export MONGODB_URI="mongodb://localhost:27017/aws" -# load the script -shopt -s expand_aliases # needed for `urlencode` alias -[ -s "$PROJECT_DIRECTORY/prepare_mongodb_aws.sh" ] && source "$PROJECT_DIRECTORY/prepare_mongodb_aws.sh" +source .evergreen/setup-mongodb-aws-auth-tests.sh -# revert to show test output -set -x +# load node.js environment +source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh -npm install aws4 npm run check:lambda:aws diff --git a/.evergreen/run-mongodb-aws-test.sh b/.evergreen/run-mongodb-aws-test.sh index 65614a9d35f..900f56be8ce 100755 --- a/.evergreen/run-mongodb-aws-test.sh +++ b/.evergreen/run-mongodb-aws-test.sh @@ -1,25 +1,12 @@ #!/bin/bash # set -o xtrace # Write all commands first to stderr -set -o errexit # Exit the script with error if any of the commands fail +set -o errexit # Exit the script with error if any of the commands fail MONGODB_URI=${MONGODB_URI:-} -# ensure no secrets are printed in log files -set +x +source .evergreen/setup-mongodb-aws-auth-tests.sh # load node.js environment source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh -# the default connection string, may be overridden by the environment script -export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" - -# load the script -shopt -s expand_aliases # needed for `urlencode` alias -[ -s "$PROJECT_DIRECTORY/prepare_mongodb_aws.sh" ] && source "$PROJECT_DIRECTORY/prepare_mongodb_aws.sh" - -# revert to show test output -set -x - -npm install aws4 -if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi npm run check:aws diff --git a/.evergreen/setup-mongodb-aws-auth-tests.sh b/.evergreen/setup-mongodb-aws-auth-tests.sh new file mode 100644 index 00000000000..79ab66e55bc --- /dev/null +++ b/.evergreen/setup-mongodb-aws-auth-tests.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# set -o xtrace # Write all commands first to stderr +set -o errexit # Exit the script with error if any of the commands fail + +# ensure no secrets are printed in log files +set +x + +if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi +if [ -z ${DRIVERS_TOOLS+omitted} ]; then echo "DRIVERS_TOOLS is unset" && exit 1; fi +if [ -z ${AWS_CREDENTIAL_TYPE+omitted} ]; then echo "AWS_CREDENTIAL_TYPE is unset" && exit 1; fi +if [ -z ${MONGODB_AWS_SDK+omitted} ]; then echo "MONGODB_AWS_SDK is unset" && exit 1; fi + +bash $DRIVERS_TOOLS/.evergreen/auth_aws/setup-secrets.sh + +BEFORE=$(pwd) + +cd $DRIVERS_TOOLS/.evergreen/auth_aws + +# Create a python virtual environment. +. ./activate-authawsvenv.sh +# Source the environment variables. Configure the environment and the server. +. aws_setup.sh $AWS_CREDENTIAL_TYPE + +cd $BEFORE + +npm install --no-save aws4 + +if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi + +# revert to show test output +set -x diff --git a/test/readme.md b/test/readme.md index 3ebbea4a9b4..5673fa02854 100644 --- a/test/readme.md +++ b/test/readme.md @@ -39,6 +39,7 @@ about the types of tests and how to run them. - [Search Indexes](#search-indexes) - [Deployed Lambda Tests](#deployed-lambda-tests) - [Kerberos Tests](#kerberos-tests) + - [AWS Authentication tests](#aws-authentication-tests) - [TODO Special Env Sections](#todo-special-env-sections) - [Testing driver changes with mongosh](#testing-driver-changes-with-mongosh) - [Point mongosh to the driver](#point-mongosh-to-the-driver) @@ -617,11 +618,38 @@ TODO(NODE-6698): Update deployed lambda test section. ### Kerberos Tests +You must be in an office or connected to the VPN to run these tests. + Run `.evergreen/run-kerberos-tests.sh`. +### AWS Authentication tests + +> [!NOTE] +> AWS ECS tests have a different set up process. Don't even bother running these locally, just pray to the CI gods that things work and you never have to touch these tests. + +AWS tests require a cluster configured with MONGODB_AWS auth enabled. This is easy to set up using drivers-evergreen-tools +by specifying the `aws-auth.json` orchestration file (this is what CI does). + +1. Set up your cluster and export the URI of your cluster as MONGODB_URI. +2. Choose your configuration and set the relevant environment variables. + +Do you want the AWS SDK to be installed while running auth? If not, set MONGODB_AWS_SDK to false. + +Choose your AWS authentication credential type and export the `AWS_CREDENTIAL_TYPE` type with the chosen value: + +| AWS Credential Type | Explanation | +| ------------------- | ----------------------------------------------------------------------------------------------- | +| regular | The AWS credentials are present in the URI as username:password | +| env-creds | AWS credentials are loaded into the environment as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY | +| assume-role | The machine assumes a particular authentication role, associated with the machine | +| ec2 | The driver authenticates against a local endpoint (on an AWS ec2 instance) | +| web-identity | Credentials are sourced from an AssumeRoleWithWebIdentity | +| session-creds | Similar to env-creds, but the credentials are temporary and include a session token | + +1. Run the `bash .evergreen/run-mongodb-aws-tests.sh`. + ### TODO Special Env Sections -- AWS Authentication - TLS - Atlas Data Lake - LDAP