From 86f1aa65053cc0684bd6277c3456c2d9d9dc156d Mon Sep 17 00:00:00 2001 From: bailey Date: Tue, 27 May 2025 11:53:16 -0600 Subject: [PATCH 1/7] use function where possible --- .evergreen/config.in.yml | 50 ++++++++++++++++++++++++++++++---------- .evergreen/config.yml | 50 ++++++++++++++++++++++++++++++---------- 2 files changed, 76 insertions(+), 24 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index e1977a6873..00c2e74ad8 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -78,8 +78,12 @@ functions: bash ${DRIVERS_TOOLS}/.evergreen/stop-orchestration.sh "bootstrap mongohoused": + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} - command: shell.exec params: + add_expansions_to_env: true script: | ${PREPARE_SHELL} DRIVERS_TOOLS="${DRIVERS_TOOLS}" bash ${DRIVERS_TOOLS}/.evergreen/atlas_data_lake/pull-mongohouse-image.sh @@ -354,6 +358,9 @@ functions: rm -rf ./node_modules/@aws-sdk/credential-providers "run atlas tests": + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} # This creates secrets-export.sh, which is later sourced by run-tests.sh - command: subprocess.exec params: @@ -361,6 +368,7 @@ functions: binary: bash env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} + add_expansions_to_env: true args: - -c - ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect @@ -623,6 +631,9 @@ functions: include_expansions_in_env: - MONGODB_URI - DRIVERS_TOOLS + - AWS_SECRET_ACCESS_KEY + - AWS_ACCESS_KEY_ID + - AWS_SESSION_TOKEN env: AWS_CREDENTIAL_TYPE: env-creds MONGODB_AWS_SDK: "true" @@ -742,6 +753,9 @@ functions: - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh "build and test alpine FLE": + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} - command: subprocess.exec type: test params: @@ -753,6 +767,7 @@ functions: NODE_VERSION: ${NODE_VERSION} MONGODB_URI: ${MONGODB_URI} binary: bash + add_expansions_to_env: true args: - .evergreen/docker/alpine.sh @@ -777,12 +792,14 @@ tasks: params: updates: - { key: NPM_VERSION, value: "9" } + - func: assume secrets manager rule - func: "install dependencies" # Upload node driver to a GCP instance - command: subprocess.exec type: setup params: binary: bash + add_expansions_to_env: true env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} args: @@ -813,6 +830,7 @@ tasks: - name: "test-azurekms-task" commands: + - func: assume secrets manager rule - command: expansions.update type: setup params: @@ -825,6 +843,7 @@ tasks: binary: bash env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} + add_expansions_to_env: true args: - src/.evergreen/run-deployed-azure-kms-tests.sh @@ -1051,10 +1070,12 @@ task_groups: setup_group_timeout_secs: 1800 # 30 minutes setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: "src" binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh @@ -1073,12 +1094,14 @@ task_groups: setup_group_timeout_secs: 1800 # 30 minutes setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: "src" binary: bash env: AZUREKMS_VMNAME_PREFIX: "NODE_DRIVER" + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh @@ -1099,12 +1122,11 @@ task_groups: - name: testk8soidc_task_group_eks setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh teardown_group: @@ -1122,12 +1144,11 @@ task_groups: - name: testk8soidc_task_group_gke setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh teardown_group: @@ -1145,12 +1166,11 @@ task_groups: - name: testk8soidc_task_group_aks setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh teardown_group: @@ -1168,9 +1188,7 @@ task_groups: - name: testtestoidc_task_group setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash @@ -1190,9 +1208,11 @@ task_groups: - name: testazureoidc_task_group setup_group: - func: fetch source + - func: assume secrets manager rule - command: shell.exec params: shell: bash + add_expansions_to_env: true script: |- set -o errexit ${PREPARE_SHELL} @@ -1214,9 +1234,11 @@ task_groups: - name: testgcpoidc_task_group setup_group: - func: fetch source + - func: assume secrets manager rule - command: shell.exec params: shell: bash + add_expansions_to_env: true script: |- set -o errexit ${PREPARE_SHELL} @@ -1238,10 +1260,12 @@ task_groups: - name: test_atlas_task_group setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: src binary: bash + add_expansions_to_env: true env: MONGODB_VERSION: "7.0" LAMBDA_STACK_NAME: dbx-node-lambda @@ -1268,6 +1292,7 @@ task_groups: - name: test_atlas_task_group_search_indexes setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: src @@ -1275,6 +1300,7 @@ task_groups: env: MONGODB_VERSION: "7.0" CLUSTER_PREFIX: dbx-node-search + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh - command: expansions.update diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 08c63ff972..760273d10d 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -52,8 +52,12 @@ functions: script: | bash ${DRIVERS_TOOLS}/.evergreen/stop-orchestration.sh bootstrap mongohoused: + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} - command: shell.exec params: + add_expansions_to_env: true script: | ${PREPARE_SHELL} DRIVERS_TOOLS="${DRIVERS_TOOLS}" bash ${DRIVERS_TOOLS}/.evergreen/atlas_data_lake/pull-mongohouse-image.sh @@ -305,12 +309,16 @@ functions: source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh rm -rf ./node_modules/@aws-sdk/credential-providers run atlas tests: + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} - command: subprocess.exec params: working_dir: src binary: bash env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} + add_expansions_to_env: true args: - '-c' - ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect @@ -556,6 +564,9 @@ functions: include_expansions_in_env: - MONGODB_URI - DRIVERS_TOOLS + - AWS_SECRET_ACCESS_KEY + - AWS_ACCESS_KEY_ID + - AWS_SESSION_TOKEN env: AWS_CREDENTIAL_TYPE: env-creds MONGODB_AWS_SDK: 'true' @@ -664,6 +675,9 @@ functions: args: - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh build and test alpine FLE: + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} - command: subprocess.exec type: test params: @@ -675,6 +689,7 @@ functions: NODE_VERSION: ${NODE_VERSION} MONGODB_URI: ${MONGODB_URI} binary: bash + add_expansions_to_env: true args: - .evergreen/docker/alpine.sh tasks: @@ -699,11 +714,13 @@ tasks: params: updates: - {key: NPM_VERSION, value: '9'} + - func: assume secrets manager rule - func: install dependencies - command: subprocess.exec type: setup params: binary: bash + add_expansions_to_env: true env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} args: @@ -730,6 +747,7 @@ tasks: - src/.evergreen/run-gcp-kms-tests.sh - name: test-azurekms-task commands: + - func: assume secrets manager rule - command: expansions.update type: setup params: @@ -742,6 +760,7 @@ tasks: binary: bash env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} + add_expansions_to_env: true args: - src/.evergreen/run-deployed-azure-kms-tests.sh - name: test-azurekms-fail-task @@ -2799,10 +2818,12 @@ task_groups: setup_group_timeout_secs: 1800 setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: src binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh teardown_group: @@ -2819,12 +2840,14 @@ task_groups: setup_group_timeout_secs: 1800 setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: src binary: bash env: AZUREKMS_VMNAME_PREFIX: NODE_DRIVER + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh teardown_group: @@ -2842,12 +2865,11 @@ task_groups: - name: testk8soidc_task_group_eks setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh teardown_group: @@ -2864,12 +2886,11 @@ task_groups: - name: testk8soidc_task_group_gke setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh teardown_group: @@ -2886,12 +2907,11 @@ task_groups: - name: testk8soidc_task_group_aks setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh teardown_group: @@ -2908,9 +2928,7 @@ task_groups: - name: testtestoidc_task_group setup_group: - func: fetch source - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - func: assume secrets manager rule - command: subprocess.exec params: binary: bash @@ -2931,9 +2949,11 @@ task_groups: - name: testazureoidc_task_group setup_group: - func: fetch source + - func: assume secrets manager rule - command: shell.exec params: shell: bash + add_expansions_to_env: true script: |- set -o errexit ${PREPARE_SHELL} @@ -2954,9 +2974,11 @@ task_groups: - name: testgcpoidc_task_group setup_group: - func: fetch source + - func: assume secrets manager rule - command: shell.exec params: shell: bash + add_expansions_to_env: true script: |- set -o errexit ${PREPARE_SHELL} @@ -2977,10 +2999,12 @@ task_groups: - name: test_atlas_task_group setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: src binary: bash + add_expansions_to_env: true env: MONGODB_VERSION: '7.0' LAMBDA_STACK_NAME: dbx-node-lambda @@ -3006,6 +3030,7 @@ task_groups: - name: test_atlas_task_group_search_indexes setup_group: - func: fetch source + - func: assume secrets manager rule - command: subprocess.exec params: working_dir: src @@ -3013,6 +3038,7 @@ task_groups: env: MONGODB_VERSION: '7.0' CLUSTER_PREFIX: dbx-node-search + add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh - command: expansions.update From caf308457184e8502da1eeb74c3b54e5a77f03e9 Mon Sep 17 00:00:00 2001 From: bailey Date: Tue, 27 May 2025 12:33:41 -0600 Subject: [PATCH 2/7] fix typo --- .evergreen/config.in.yml | 26 +++++++++++++------------- .evergreen/config.yml | 26 +++++++++++++------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 00c2e74ad8..084a75a0da 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -449,7 +449,7 @@ functions: bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh - "assume secrets manager rule": + "assume secrets manager role": - command: ec2.assume_role params: role_arn: ${DRIVERS_SECRETS_ARN} @@ -792,7 +792,7 @@ tasks: params: updates: - { key: NPM_VERSION, value: "9" } - - func: assume secrets manager rule + - func: assume secrets manager role - func: "install dependencies" # Upload node driver to a GCP instance - command: subprocess.exec @@ -830,7 +830,7 @@ tasks: - name: "test-azurekms-task" commands: - - func: assume secrets manager rule + - func: assume secrets manager role - command: expansions.update type: setup params: @@ -1070,7 +1070,7 @@ task_groups: setup_group_timeout_secs: 1800 # 30 minutes setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: "src" @@ -1094,7 +1094,7 @@ task_groups: setup_group_timeout_secs: 1800 # 30 minutes setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: "src" @@ -1122,7 +1122,7 @@ task_groups: - name: testk8soidc_task_group_eks setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -1144,7 +1144,7 @@ task_groups: - name: testk8soidc_task_group_gke setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -1166,7 +1166,7 @@ task_groups: - name: testk8soidc_task_group_aks setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -1188,7 +1188,7 @@ task_groups: - name: testtestoidc_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -1208,7 +1208,7 @@ task_groups: - name: testazureoidc_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: shell.exec params: shell: bash @@ -1234,7 +1234,7 @@ task_groups: - name: testgcpoidc_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: shell.exec params: shell: bash @@ -1260,7 +1260,7 @@ task_groups: - name: test_atlas_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: src @@ -1292,7 +1292,7 @@ task_groups: - name: test_atlas_task_group_search_indexes setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: src diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 760273d10d..cdbc226c12 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -393,7 +393,7 @@ functions: export MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh - assume secrets manager rule: + assume secrets manager role: - command: ec2.assume_role params: role_arn: ${DRIVERS_SECRETS_ARN} @@ -714,7 +714,7 @@ tasks: params: updates: - {key: NPM_VERSION, value: '9'} - - func: assume secrets manager rule + - func: assume secrets manager role - func: install dependencies - command: subprocess.exec type: setup @@ -747,7 +747,7 @@ tasks: - src/.evergreen/run-gcp-kms-tests.sh - name: test-azurekms-task commands: - - func: assume secrets manager rule + - func: assume secrets manager role - command: expansions.update type: setup params: @@ -2818,7 +2818,7 @@ task_groups: setup_group_timeout_secs: 1800 setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: src @@ -2840,7 +2840,7 @@ task_groups: setup_group_timeout_secs: 1800 setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: src @@ -2865,7 +2865,7 @@ task_groups: - name: testk8soidc_task_group_eks setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -2886,7 +2886,7 @@ task_groups: - name: testk8soidc_task_group_gke setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -2907,7 +2907,7 @@ task_groups: - name: testk8soidc_task_group_aks setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -2928,7 +2928,7 @@ task_groups: - name: testtestoidc_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: binary: bash @@ -2949,7 +2949,7 @@ task_groups: - name: testazureoidc_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: shell.exec params: shell: bash @@ -2974,7 +2974,7 @@ task_groups: - name: testgcpoidc_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: shell.exec params: shell: bash @@ -2999,7 +2999,7 @@ task_groups: - name: test_atlas_task_group setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: src @@ -3030,7 +3030,7 @@ task_groups: - name: test_atlas_task_group_search_indexes setup_group: - func: fetch source - - func: assume secrets manager rule + - func: assume secrets manager role - command: subprocess.exec params: working_dir: src From 6a47bd8fe48b47195f35d5238dd71e62191ab6e1 Mon Sep 17 00:00:00 2001 From: bailey Date: Tue, 27 May 2025 12:35:33 -0600 Subject: [PATCH 3/7] fix the rest of the typo --- .evergreen/config.yml | 36 +++++++++++++------------- .evergreen/generate_evergreen_tasks.js | 10 +++---- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index cdbc226c12..b11138e68a 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1687,7 +1687,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with regular aws credentials - name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials commands: @@ -1702,7 +1702,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with assume role credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: @@ -1717,7 +1717,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with aws EC2 credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: @@ -1732,7 +1732,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with aws credentials as environment variables - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: @@ -1747,7 +1747,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with aws credentials and session token as environment variables - name: aws-latest-auth-test-run-aws-ECS-auth-test commands: @@ -1762,7 +1762,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws ECS auth test - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset commands: @@ -1777,7 +1777,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set commands: @@ -1792,7 +1792,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-latest-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies commands: @@ -1807,7 +1807,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with regular aws credentials - name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies commands: @@ -1822,7 +1822,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with assume role credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies commands: @@ -1837,7 +1837,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with aws credentials as environment variables - name: >- aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies @@ -1853,7 +1853,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws auth test with aws credentials and session token as environment variables - name: aws-latest-auth-test-run-aws-ECS-auth-test-no-peer-dependencies commands: @@ -1868,7 +1868,7 @@ tasks: - {key: MONGODB_AWS_SDK, value: 'false'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run aws ECS auth test - name: run-spec-benchmark-tests-node-server tags: @@ -2177,7 +2177,7 @@ tasks: - func: install dependencies - func: bootstrap mongo-orchestration - func: install mongodb-client-encryption - - func: assume secrets manager rule + - func: assume secrets manager role - func: run custom csfle tests - name: run-custom-csfle-tests-rapid tags: @@ -2195,7 +2195,7 @@ tasks: - func: install dependencies - func: bootstrap mongo-orchestration - func: install mongodb-client-encryption - - func: assume secrets manager rule + - func: assume secrets manager role - func: run custom csfle tests - name: run-custom-csfle-tests-latest tags: @@ -2213,7 +2213,7 @@ tasks: - func: install dependencies - func: bootstrap mongo-orchestration - func: install mongodb-client-encryption - - func: assume secrets manager rule + - func: assume secrets manager role - func: run custom csfle tests - name: test-latest-driver-mongodb-client-encryption-6.0.0 tags: @@ -2250,7 +2250,7 @@ tasks: - {key: MONGODB_BINARIES, value: '${PROJECT_DIRECTORY}/mongodb/bin'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: build and test alpine FLE - name: test-latest-server-noauth tags: @@ -2667,7 +2667,7 @@ tasks: - {key: TOPOLOGY, value: server} - func: install dependencies - func: bootstrap mongo-orchestration - - func: assume secrets manager rule + - func: assume secrets manager role - func: run lambda handler example tests with aws auth - name: test-latest-csfle-mongocryptd tags: diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 1d3029177d..2cbccb13c2 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -310,7 +310,7 @@ AWS_LAMBDA_HANDLER_TASKS.push({ }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'assume secrets manager rule' }, + { func: 'assume secrets manager role' }, { func: 'run lambda handler example tests with aws auth' } ] }); @@ -367,7 +367,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) { }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'assume secrets manager rule' }, + { func: 'assume secrets manager role' }, { func: fn.func } ] })); @@ -386,7 +386,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) { }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'assume secrets manager rule' }, + { func: 'assume secrets manager role' }, { func: fn.func } ] })); @@ -677,7 +677,7 @@ for (const version of ['5.0', 'rapid', 'latest']) { { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, { func: 'install mongodb-client-encryption' }, - { func: 'assume secrets manager rule' }, + { func: 'assume secrets manager role' }, { func: 'run custom csfle tests' } ] }); @@ -741,7 +741,7 @@ SINGLETON_TASKS.push({ }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'assume secrets manager rule' }, + { func: 'assume secrets manager role' }, { func: 'build and test alpine FLE' } ] }); From 89d067ad094491f8d0b1eaf91af3b3893b7bb9d3 Mon Sep 17 00:00:00 2001 From: bailey Date: Wed, 28 May 2025 09:51:38 -0600 Subject: [PATCH 4/7] think that is it --- .evergreen/config.in.yml | 25 ++++----------------- .evergreen/config.yml | 31 ++++++-------------------- .evergreen/generate_evergreen_tasks.js | 8 +++---- 3 files changed, 15 insertions(+), 49 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 084a75a0da..ae47543807 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -366,8 +366,6 @@ functions: params: working_dir: "src" binary: bash - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} add_expansions_to_env: true args: - -c @@ -377,9 +375,7 @@ functions: params: working_dir: "src" binary: bash - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} - NODE_LTS_VERSION: ${NODE_LTS_VERSION} + add_expansions_to_env: true args: - .evergreen/run-atlas-tests.sh @@ -739,15 +735,12 @@ functions: args: - ${PROJECT_DIRECTORY}/.evergreen/run-x509-tests.sh - install mongodb-client-encryption: + install mongodb-client-encryption from source: - command: subprocess.exec type: setup params: working_dir: "src" - env: - INSTALL_DIR: mongodb-client-encryption - PROJECT_DIRECTORY: ${PROJECT_DIRECTORY} - DRIVERS_TOOLS: ${DRIVERS_TOOLS} + add_expansions_to_env: true binary: bash args: - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh @@ -760,12 +753,6 @@ functions: type: test params: working_dir: "src" - env: - INSTALL_DIR: mongodb-client-encryption - PROJECT_DIRECTORY: ${PROJECT_DIRECTORY} - DRIVERS_TOOLS: ${DRIVERS_TOOLS} - NODE_VERSION: ${NODE_VERSION} - MONGODB_URI: ${MONGODB_URI} binary: bash add_expansions_to_env: true args: @@ -800,8 +787,6 @@ tasks: params: binary: bash add_expansions_to_env: true - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} args: - src/.evergreen/run-deployed-gcp-kms-tests.sh @@ -830,19 +815,17 @@ tasks: - name: "test-azurekms-task" commands: - - func: assume secrets manager role - command: expansions.update type: setup params: updates: - { key: NPM_VERSION, value: "9" } - func: "install dependencies" + - func: assume secrets manager role - command: subprocess.exec type: setup params: binary: bash - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} add_expansions_to_env: true args: - src/.evergreen/run-deployed-azure-kms-tests.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index b11138e68a..30acaab3fe 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -316,8 +316,6 @@ functions: params: working_dir: src binary: bash - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} add_expansions_to_env: true args: - '-c' @@ -327,9 +325,7 @@ functions: params: working_dir: src binary: bash - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} - NODE_LTS_VERSION: ${NODE_LTS_VERSION} + add_expansions_to_env: true args: - .evergreen/run-atlas-tests.sh run socks5 tests: @@ -662,15 +658,12 @@ functions: binary: bash args: - ${PROJECT_DIRECTORY}/.evergreen/run-x509-tests.sh - install mongodb-client-encryption: + install mongodb-client-encryption from source: - command: subprocess.exec type: setup params: working_dir: src - env: - INSTALL_DIR: mongodb-client-encryption - PROJECT_DIRECTORY: ${PROJECT_DIRECTORY} - DRIVERS_TOOLS: ${DRIVERS_TOOLS} + add_expansions_to_env: true binary: bash args: - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh @@ -682,12 +675,6 @@ functions: type: test params: working_dir: src - env: - INSTALL_DIR: mongodb-client-encryption - PROJECT_DIRECTORY: ${PROJECT_DIRECTORY} - DRIVERS_TOOLS: ${DRIVERS_TOOLS} - NODE_VERSION: ${NODE_VERSION} - MONGODB_URI: ${MONGODB_URI} binary: bash add_expansions_to_env: true args: @@ -721,8 +708,6 @@ tasks: params: binary: bash add_expansions_to_env: true - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} args: - src/.evergreen/run-deployed-gcp-kms-tests.sh - name: test-gcpkms-fail-task @@ -747,19 +732,17 @@ tasks: - src/.evergreen/run-gcp-kms-tests.sh - name: test-azurekms-task commands: - - func: assume secrets manager role - command: expansions.update type: setup params: updates: - {key: NPM_VERSION, value: '9'} - func: install dependencies + - func: assume secrets manager role - command: subprocess.exec type: setup params: binary: bash - env: - DRIVERS_TOOLS: ${DRIVERS_TOOLS} add_expansions_to_env: true args: - src/.evergreen/run-deployed-azure-kms-tests.sh @@ -2176,7 +2159,7 @@ tasks: - {key: CLIENT_ENCRYPTION, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: install mongodb-client-encryption + - func: install mongodb-client-encryption from source - func: assume secrets manager role - func: run custom csfle tests - name: run-custom-csfle-tests-rapid @@ -2194,7 +2177,7 @@ tasks: - {key: CLIENT_ENCRYPTION, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: install mongodb-client-encryption + - func: install mongodb-client-encryption from source - func: assume secrets manager role - func: run custom csfle tests - name: run-custom-csfle-tests-latest @@ -2212,7 +2195,7 @@ tasks: - {key: CLIENT_ENCRYPTION, value: 'true'} - func: install dependencies - func: bootstrap mongo-orchestration - - func: install mongodb-client-encryption + - func: install mongodb-client-encryption from source - func: assume secrets manager role - func: run custom csfle tests - name: test-latest-driver-mongodb-client-encryption-6.0.0 diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 2cbccb13c2..30d6466b49 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -662,21 +662,21 @@ BUILD_VARIANTS.push({ const customDependencyTests = []; -for (const version of ['5.0', 'rapid', 'latest']) { +for (const serverVersion of ['5.0', 'rapid', 'latest']) { customDependencyTests.push({ - name: `run-custom-csfle-tests-${version}`, + name: `run-custom-csfle-tests-${serverVersion}`, tags: ['run-custom-dependency-tests'], commands: [ updateExpansions({ NODE_LTS_VERSION: LOWEST_LTS, NPM_VERSION: 9, - VERSION: version, + VERSION: serverVersion, TOPOLOGY: 'replica_set', CLIENT_ENCRYPTION: true }), { func: 'install dependencies' }, { func: 'bootstrap mongo-orchestration' }, - { func: 'install mongodb-client-encryption' }, + { func: 'install mongodb-client-encryption from source' }, { func: 'assume secrets manager role' }, { func: 'run custom csfle tests' } ] From 0677f9b9724ec0e6079651a7c0b30359c4223457 Mon Sep 17 00:00:00 2001 From: bailey Date: Wed, 28 May 2025 09:55:33 -0600 Subject: [PATCH 5/7] use yaml anchor --- .evergreen/config.in.yml | 38 ++++++++++++-------------------------- .evergreen/config.yml | 8 ++++---- 2 files changed, 16 insertions(+), 30 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index ae47543807..b4195722d5 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -22,6 +22,11 @@ timeout: - "-la" functions: + "assume secrets manager role": &assume_secrets_manager_role + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} + "fetch source": # Executes git clone and applies the submitted patch, if any - command: git.get_project @@ -78,9 +83,7 @@ functions: bash ${DRIVERS_TOOLS}/.evergreen/stop-orchestration.sh "bootstrap mongohoused": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role - command: shell.exec params: add_expansions_to_env: true @@ -97,9 +100,7 @@ functions: docker ps "run tests": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role - command: subprocess.exec type: test params: @@ -137,9 +138,7 @@ functions: - command: timeout.update params: exec_timeout_secs: 1800 - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role - command: subprocess.exec type: test params: @@ -358,9 +357,7 @@ functions: rm -rf ./node_modules/@aws-sdk/credential-providers "run atlas tests": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role # This creates secrets-export.sh, which is later sourced by run-tests.sh - command: subprocess.exec params: @@ -380,9 +377,7 @@ functions: - .evergreen/run-atlas-tests.sh "run socks5 tests": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role - command: subprocess.exec type: test params: @@ -404,9 +399,7 @@ functions: - .evergreen/run-kerberos-tests.sh "run ldap tests": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role - command: subprocess.exec type: test params: @@ -445,11 +438,6 @@ functions: bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh - "assume secrets manager role": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} - "run aws auth test with regular aws credentials": - command: subprocess.exec type: test @@ -746,9 +734,7 @@ functions: - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh "build and test alpine FLE": - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} + - <<: *assume_secrets_manager_role - command: subprocess.exec type: test params: diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 30acaab3fe..2a8e95f06c 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -8,6 +8,10 @@ timeout: args: - '-la' functions: + assume secrets manager role: + - command: ec2.assume_role + params: + role_arn: ${DRIVERS_SECRETS_ARN} fetch source: - command: git.get_project params: @@ -389,10 +393,6 @@ functions: export MONGODB_URI="${MONGODB_URI}" bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh - assume secrets manager role: - - command: ec2.assume_role - params: - role_arn: ${DRIVERS_SECRETS_ARN} run aws auth test with regular aws credentials: - command: subprocess.exec type: test From 225736ec970e551b1aede6d95c4c6fd10b631fc1 Mon Sep 17 00:00:00 2001 From: bailey Date: Wed, 28 May 2025 10:43:21 -0600 Subject: [PATCH 6/7] use expansions instead of env --- .evergreen/config.in.yml | 20 +++++++++++++------- .evergreen/config.yml | 20 +++++++++++++------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index b4195722d5..12ec0f42e4 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -1229,16 +1229,19 @@ task_groups: - name: test_atlas_task_group setup_group: - func: fetch source + - command: expansions.update + type: 'setup' + params: + updates: + - { key: MONGODB_VERSION, value: "7.0" } + - { key: LAMBDA_STACK_NAME, value: "dbx-node-lambda" } + - { key: CLUSTER_PREFIX, value: "dbx-node-lambda" } - func: assume secrets manager role - command: subprocess.exec params: working_dir: src binary: bash add_expansions_to_env: true - env: - MONGODB_VERSION: "7.0" - LAMBDA_STACK_NAME: dbx-node-lambda - CLUSTER_PREFIX: dbx-node-lambda args: - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh - atlas @@ -1261,14 +1264,17 @@ task_groups: - name: test_atlas_task_group_search_indexes setup_group: - func: fetch source + - command: expansions.update + type: 'setup' + params: + updates: + - { key: MONGODB_VERSION, value: "7.0" } + - { key: CLUSTER_PREFIX, value: "dbx-node-lambda" } - func: assume secrets manager role - command: subprocess.exec params: working_dir: src binary: bash - env: - MONGODB_VERSION: "7.0" - CLUSTER_PREFIX: dbx-node-search add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 2a8e95f06c..d1703ae3b4 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -2982,16 +2982,19 @@ task_groups: - name: test_atlas_task_group setup_group: - func: fetch source + - command: expansions.update + type: setup + params: + updates: + - {key: MONGODB_VERSION, value: '7.0'} + - {key: LAMBDA_STACK_NAME, value: dbx-node-lambda} + - {key: CLUSTER_PREFIX, value: dbx-node-lambda} - func: assume secrets manager role - command: subprocess.exec params: working_dir: src binary: bash add_expansions_to_env: true - env: - MONGODB_VERSION: '7.0' - LAMBDA_STACK_NAME: dbx-node-lambda - CLUSTER_PREFIX: dbx-node-lambda args: - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh - atlas @@ -3013,14 +3016,17 @@ task_groups: - name: test_atlas_task_group_search_indexes setup_group: - func: fetch source + - command: expansions.update + type: setup + params: + updates: + - {key: MONGODB_VERSION, value: '7.0'} + - {key: CLUSTER_PREFIX, value: dbx-node-lambda} - func: assume secrets manager role - command: subprocess.exec params: working_dir: src binary: bash - env: - MONGODB_VERSION: '7.0' - CLUSTER_PREFIX: dbx-node-search add_expansions_to_env: true args: - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh From 3865f1140a93ae4a70fff135c3bad24abf484f9c Mon Sep 17 00:00:00 2001 From: bailey Date: Wed, 28 May 2025 11:10:17 -0600 Subject: [PATCH 7/7] fix lint --- .evergreen/config.in.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 12ec0f42e4..b6200dd9c1 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -1230,7 +1230,7 @@ task_groups: setup_group: - func: fetch source - command: expansions.update - type: 'setup' + type: "setup" params: updates: - { key: MONGODB_VERSION, value: "7.0" } @@ -1265,7 +1265,7 @@ task_groups: setup_group: - func: fetch source - command: expansions.update - type: 'setup' + type: "setup" params: updates: - { key: MONGODB_VERSION, value: "7.0" }