Skip to content

Commit 0542a48

Browse files
durrandurran
committed
feat(NODE-5464): OIDC machine workflow
1 parent f26de76 commit 0542a48

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

49 files changed

+1214
-1950
lines changed

.evergreen/config.in.yml

+107-7
Original file line numberDiff line numberDiff line change
@@ -171,10 +171,29 @@ functions:
171171
${PREPARE_SHELL}
172172
173173
OIDC_TOKEN_DIR="/tmp/tokens" \
174+
PROVIDER_NAME="aws" \
174175
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
176+
OIDC_ATLAS_URI_SINGLE="${OIDC_ATLAS_URI_SINGLE}" \
177+
OIDC_ATLAS_URI_MULTI="${OIDC_ATLAS_URI_MULTI}" \
175178
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
176179
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
177180
181+
"run oidc auth tests aws":
182+
- command: shell.exec
183+
type: test
184+
params:
185+
working_dir: "src"
186+
timeout_secs: 300
187+
shell: bash
188+
script: |
189+
${PREPARE_SHELL}
190+
191+
OIDC_TOKEN_DIR="/tmp/tokens" \
192+
PROVIDER_NAME="aws" \
193+
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
194+
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
195+
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-auth-tests.sh
196+
178197
"run tests":
179198
- command: shell.exec
180199
type: test
@@ -1271,11 +1290,51 @@ tasks:
12711290
env:
12721291
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
12731292
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
1274-
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
12751293
PROVIDER_NAME: azure
1294+
SCRIPT: run-oidc-tests.sh
12761295
args:
12771296
- .evergreen/run-oidc-tests-azure.sh
12781297

1298+
- name: "oidc-auth-test-azure-latest-auth"
1299+
commands:
1300+
- command: expansions.update
1301+
type: setup
1302+
params:
1303+
updates:
1304+
- { key: NPM_VERSION, value: "9" }
1305+
- func: "install dependencies"
1306+
- command: subprocess.exec
1307+
params:
1308+
working_dir: src
1309+
binary: bash
1310+
env:
1311+
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
1312+
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
1313+
PROVIDER_NAME: azure
1314+
SCRIPT: run-oidc-auth-tests.sh
1315+
args:
1316+
- .evergreen/run-oidc-tests-azure.sh
1317+
1318+
- name: "oidc-auth-test-gcp-latest"
1319+
commands:
1320+
- command: expansions.update
1321+
type: setup
1322+
params:
1323+
updates:
1324+
- { key: NPM_VERSION, value: "9" }
1325+
- func: "install dependencies"
1326+
- command: subprocess.exec
1327+
params:
1328+
working_dir: src
1329+
binary: bash
1330+
env:
1331+
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
1332+
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
1333+
PROVIDER_NAME: gcp
1334+
SCRIPT: run-oidc-tests.sh
1335+
args:
1336+
- .evergreen/run-oidc-tests-gcp.sh
1337+
12791338
- name: "test-aws-lambda-deployed"
12801339
commands:
12811340
- command: expansions.update
@@ -1427,14 +1486,9 @@ task_groups:
14271486
script: |-
14281487
set -o errexit
14291488
${PREPARE_SHELL}
1430-
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
1431-
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
1432-
export AZUREOIDC_SECRET="${testazureoidc_secret}"
1433-
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
1434-
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
14351489
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
14361490
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
1437-
teardown_group:
1491+
teardown_task:
14381492
- command: shell.exec
14391493
params:
14401494
shell: bash
@@ -1446,6 +1500,52 @@ task_groups:
14461500
tasks:
14471501
- oidc-auth-test-azure-latest
14481502

1503+
- name: testazureoidcauth_task_group
1504+
setup_group:
1505+
- func: fetch source
1506+
- command: shell.exec
1507+
params:
1508+
shell: bash
1509+
script: |-
1510+
set -o errexit
1511+
${PREPARE_SHELL}
1512+
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
1513+
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
1514+
teardown_task:
1515+
- command: shell.exec
1516+
params:
1517+
shell: bash
1518+
script: |-
1519+
${PREPARE_SHELL}
1520+
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
1521+
setup_group_can_fail_task: true
1522+
setup_group_timeout_secs: 1800
1523+
tasks:
1524+
- oidc-auth-test-azure-latest-auth
1525+
1526+
- name: testgcpoidc_task_group
1527+
setup_group:
1528+
- func: fetch source
1529+
- command: shell.exec
1530+
params:
1531+
shell: bash
1532+
script: |-
1533+
set -o errexit
1534+
${PREPARE_SHELL}
1535+
export GCPOIDC_VMNAME_PREFIX="NODE_DRIVER"
1536+
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/create-and-setup-instance.sh
1537+
teardown_task:
1538+
- command: shell.exec
1539+
params:
1540+
shell: bash
1541+
script: |-
1542+
${PREPARE_SHELL}
1543+
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/delete-instance.sh
1544+
setup_group_can_fail_task: true
1545+
setup_group_timeout_secs: 1800
1546+
tasks:
1547+
- oidc-auth-test-gcp-latest
1548+
14491549
- name: test_atlas_task_group
14501550
setup_group:
14511551
- func: fetch source

.evergreen/config.yml

+149-7
Original file line numberDiff line numberDiff line change
@@ -142,9 +142,27 @@ functions:
142142
${PREPARE_SHELL}
143143
144144
OIDC_TOKEN_DIR="/tmp/tokens" \
145+
PROVIDER_NAME="aws" \
145146
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
147+
OIDC_ATLAS_URI_SINGLE="${OIDC_ATLAS_URI_SINGLE}" \
148+
OIDC_ATLAS_URI_MULTI="${OIDC_ATLAS_URI_MULTI}" \
146149
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
147150
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
151+
run oidc auth tests aws:
152+
- command: shell.exec
153+
type: test
154+
params:
155+
working_dir: src
156+
timeout_secs: 300
157+
shell: bash
158+
script: |
159+
${PREPARE_SHELL}
160+
161+
OIDC_TOKEN_DIR="/tmp/tokens" \
162+
PROVIDER_NAME="aws" \
163+
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
164+
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
165+
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-auth-tests.sh
148166
run tests:
149167
- command: shell.exec
150168
type: test
@@ -1222,10 +1240,48 @@ tasks:
12221240
env:
12231241
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
12241242
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
1225-
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
12261243
PROVIDER_NAME: azure
1244+
SCRIPT: run-oidc-tests.sh
1245+
args:
1246+
- .evergreen/run-oidc-tests-azure.sh
1247+
- name: oidc-auth-test-azure-latest-auth
1248+
commands:
1249+
- command: expansions.update
1250+
type: setup
1251+
params:
1252+
updates:
1253+
- {key: NPM_VERSION, value: '9'}
1254+
- func: install dependencies
1255+
- command: subprocess.exec
1256+
params:
1257+
working_dir: src
1258+
binary: bash
1259+
env:
1260+
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
1261+
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
1262+
PROVIDER_NAME: azure
1263+
SCRIPT: run-oidc-auth-tests.sh
12271264
args:
12281265
- .evergreen/run-oidc-tests-azure.sh
1266+
- name: oidc-auth-test-gcp-latest
1267+
commands:
1268+
- command: expansions.update
1269+
type: setup
1270+
params:
1271+
updates:
1272+
- {key: NPM_VERSION, value: '9'}
1273+
- func: install dependencies
1274+
- command: subprocess.exec
1275+
params:
1276+
working_dir: src
1277+
binary: bash
1278+
env:
1279+
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
1280+
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
1281+
PROVIDER_NAME: gcp
1282+
SCRIPT: run-oidc-tests.sh
1283+
args:
1284+
- .evergreen/run-oidc-tests-gcp.sh
12291285
- name: test-aws-lambda-deployed
12301286
commands:
12311287
- command: expansions.update
@@ -1837,6 +1893,25 @@ tasks:
18371893
- func: bootstrap mongo-orchestration
18381894
- func: setup oidc roles
18391895
- func: run oidc tests aws
1896+
- name: test-auth-oidc-aws
1897+
tags:
1898+
- latest
1899+
- replica_set
1900+
- oidc
1901+
commands:
1902+
- command: expansions.update
1903+
type: setup
1904+
params:
1905+
updates:
1906+
- {key: VERSION, value: latest}
1907+
- {key: TOPOLOGY, value: replica_set}
1908+
- {key: AUTH, value: auth}
1909+
- {key: ORCHESTRATION_FILE, value: auth-oidc.json}
1910+
- func: install dependencies
1911+
- func: bootstrap oidc
1912+
- func: bootstrap mongo-orchestration
1913+
- func: setup oidc roles
1914+
- func: run oidc auth tests aws
18401915
- name: test-socks5
18411916
tags: []
18421917
commands:
@@ -3814,14 +3889,9 @@ task_groups:
38143889
script: |-
38153890
set -o errexit
38163891
${PREPARE_SHELL}
3817-
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
3818-
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
3819-
export AZUREOIDC_SECRET="${testazureoidc_secret}"
3820-
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
3821-
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
38223892
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
38233893
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
3824-
teardown_group:
3894+
teardown_task:
38253895
- command: shell.exec
38263896
params:
38273897
shell: bash
@@ -3832,6 +3902,50 @@ task_groups:
38323902
setup_group_timeout_secs: 1800
38333903
tasks:
38343904
- oidc-auth-test-azure-latest
3905+
- name: testazureoidcauth_task_group
3906+
setup_group:
3907+
- func: fetch source
3908+
- command: shell.exec
3909+
params:
3910+
shell: bash
3911+
script: |-
3912+
set -o errexit
3913+
${PREPARE_SHELL}
3914+
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
3915+
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
3916+
teardown_task:
3917+
- command: shell.exec
3918+
params:
3919+
shell: bash
3920+
script: |-
3921+
${PREPARE_SHELL}
3922+
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
3923+
setup_group_can_fail_task: true
3924+
setup_group_timeout_secs: 1800
3925+
tasks:
3926+
- oidc-auth-test-azure-latest-auth
3927+
- name: testgcpoidc_task_group
3928+
setup_group:
3929+
- func: fetch source
3930+
- command: shell.exec
3931+
params:
3932+
shell: bash
3933+
script: |-
3934+
set -o errexit
3935+
${PREPARE_SHELL}
3936+
export GCPOIDC_VMNAME_PREFIX="NODE_DRIVER"
3937+
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/create-and-setup-instance.sh
3938+
teardown_task:
3939+
- command: shell.exec
3940+
params:
3941+
shell: bash
3942+
script: |-
3943+
${PREPARE_SHELL}
3944+
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/delete-instance.sh
3945+
setup_group_can_fail_task: true
3946+
setup_group_timeout_secs: 1800
3947+
tasks:
3948+
- oidc-auth-test-gcp-latest
38353949
- name: test_atlas_task_group
38363950
setup_group:
38373951
- func: fetch source
@@ -3947,6 +4061,7 @@ buildvariants:
39474061
- test-auth-kerberos
39484062
- test-auth-ldap
39494063
- test-auth-oidc
4064+
- test-auth-oidc-aws
39504065
- test-socks5
39514066
- test-socks5-csfle
39524067
- test-socks5-tls
@@ -3998,6 +4113,7 @@ buildvariants:
39984113
- test-auth-kerberos
39994114
- test-auth-ldap
40004115
- test-auth-oidc
4116+
- test-auth-oidc-aws
40014117
- test-socks5
40024118
- test-socks5-csfle
40034119
- test-socks5-tls
@@ -4049,6 +4165,7 @@ buildvariants:
40494165
- test-auth-kerberos
40504166
- test-auth-ldap
40514167
- test-auth-oidc
4168+
- test-auth-oidc-aws
40524169
- test-socks5
40534170
- test-socks5-csfle
40544171
- test-socks5-tls
@@ -4099,6 +4216,7 @@ buildvariants:
40994216
- test-auth-kerberos
41004217
- test-auth-ldap
41014218
- test-auth-oidc
4219+
- test-auth-oidc-aws
41024220
- test-socks5
41034221
- test-socks5-csfle
41044222
- test-socks5-tls
@@ -4386,6 +4504,30 @@ buildvariants:
43864504
tasks:
43874505
- test_azurekms_task_group
43884506
- test-azurekms-fail-task
4507+
- name: ubuntu20-test-azure-oidc
4508+
display_name: Azure OIDC
4509+
run_on: ubuntu2004-small
4510+
expansions:
4511+
NODE_LTS_VERSION: 20
4512+
batchtime: 20160
4513+
tasks:
4514+
- testazureoidc_task_group
4515+
- name: ubuntu20-test-azure-oidc-auth
4516+
display_name: Azure OIDC Auth Tests
4517+
run_on: ubuntu2004-small
4518+
expansions:
4519+
NODE_LTS_VERSION: 20
4520+
batchtime: 20160
4521+
tasks:
4522+
- testazureoidcauth_task_group
4523+
- name: ubuntu20-test-gcp-oidc
4524+
display_name: GCP OIDC
4525+
expansions:
4526+
NODE_LTS_VERSION: 20
4527+
run_on: ubuntu2004-small
4528+
batchtime: 20160
4529+
tasks:
4530+
- testgcpoidc_task_group
43894531
- name: rhel8-test-atlas
43904532
display_name: Atlas Cluster Tests
43914533
run_on: rhel80-large

0 commit comments

Comments
 (0)