Skip to content

Commit

Permalink
feat(NODE-5464): OIDC machine workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@durran
durran committed Feb 28, 2024
1 parent f26de76 commit 0542a48
Show file tree
Hide file tree
Showing 49 changed files with 1,214 additions and 1,950 deletions.
114 changes: 107 additions & 7 deletions .evergreen/config.in.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,10 +171,29 @@ functions:
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
OIDC_ATLAS_URI_SINGLE="${OIDC_ATLAS_URI_SINGLE}" \
OIDC_ATLAS_URI_MULTI="${OIDC_ATLAS_URI_MULTI}" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
"run oidc auth tests aws":
- command: shell.exec
type: test
params:
working_dir: "src"
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-auth-tests.sh
"run tests":
- command: shell.exec
type: test
Expand Down Expand Up @@ -1271,11 +1290,51 @@ tasks:
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
PROVIDER_NAME: azure
SCRIPT: run-oidc-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh

- name: "oidc-auth-test-azure-latest-auth"
commands:
- command: expansions.update
type: setup
params:
updates:
- { key: NPM_VERSION, value: "9" }
- func: "install dependencies"
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
PROVIDER_NAME: azure
SCRIPT: run-oidc-auth-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh

- name: "oidc-auth-test-gcp-latest"
commands:
- command: expansions.update
type: setup
params:
updates:
- { key: NPM_VERSION, value: "9" }
- func: "install dependencies"
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
PROVIDER_NAME: gcp
SCRIPT: run-oidc-tests.sh
args:
- .evergreen/run-oidc-tests-gcp.sh

- name: "test-aws-lambda-deployed"
commands:
- command: expansions.update
Expand Down Expand Up @@ -1427,14 +1486,9 @@ task_groups:
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
export AZUREOIDC_SECRET="${testazureoidc_secret}"
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_group:
teardown_task:
- command: shell.exec
params:
shell: bash
Expand All @@ -1446,6 +1500,52 @@ task_groups:
tasks:
- oidc-auth-test-azure-latest

- name: testazureoidcauth_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_task:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest-auth

- name: testgcpoidc_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export GCPOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/create-and-setup-instance.sh
teardown_task:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/delete-instance.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-gcp-latest

- name: test_atlas_task_group
setup_group:
- func: fetch source
Expand Down
156 changes: 149 additions & 7 deletions .evergreen/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,27 @@ functions:
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
OIDC_ATLAS_URI_SINGLE="${OIDC_ATLAS_URI_SINGLE}" \
OIDC_ATLAS_URI_MULTI="${OIDC_ATLAS_URI_MULTI}" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
run oidc auth tests aws:
- command: shell.exec
type: test
params:
working_dir: src
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-auth-tests.sh
run tests:
- command: shell.exec
type: test
Expand Down Expand Up @@ -1222,10 +1240,48 @@ tasks:
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
PROVIDER_NAME: azure
SCRIPT: run-oidc-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh
- name: oidc-auth-test-azure-latest-auth
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: NPM_VERSION, value: '9'}
- func: install dependencies
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
PROVIDER_NAME: azure
SCRIPT: run-oidc-auth-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh
- name: oidc-auth-test-gcp-latest
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: NPM_VERSION, value: '9'}
- func: install dependencies
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
PROVIDER_NAME: gcp
SCRIPT: run-oidc-tests.sh
args:
- .evergreen/run-oidc-tests-gcp.sh
- name: test-aws-lambda-deployed
commands:
- command: expansions.update
Expand Down Expand Up @@ -1837,6 +1893,25 @@ tasks:
- func: bootstrap mongo-orchestration
- func: setup oidc roles
- func: run oidc tests aws
- name: test-auth-oidc-aws
tags:
- latest
- replica_set
- oidc
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: VERSION, value: latest}
- {key: TOPOLOGY, value: replica_set}
- {key: AUTH, value: auth}
- {key: ORCHESTRATION_FILE, value: auth-oidc.json}
- func: install dependencies
- func: bootstrap oidc
- func: bootstrap mongo-orchestration
- func: setup oidc roles
- func: run oidc auth tests aws
- name: test-socks5
tags: []
commands:
Expand Down Expand Up @@ -3814,14 +3889,9 @@ task_groups:
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
export AZUREOIDC_SECRET="${testazureoidc_secret}"
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_group:
teardown_task:
- command: shell.exec
params:
shell: bash
Expand All @@ -3832,6 +3902,50 @@ task_groups:
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest
- name: testazureoidcauth_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_task:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest-auth
- name: testgcpoidc_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export GCPOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/create-and-setup-instance.sh
teardown_task:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/delete-instance.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-gcp-latest
- name: test_atlas_task_group
setup_group:
- func: fetch source
Expand Down Expand Up @@ -3947,6 +4061,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -3998,6 +4113,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4049,6 +4165,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4099,6 +4216,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4386,6 +4504,30 @@ buildvariants:
tasks:
- test_azurekms_task_group
- test-azurekms-fail-task
- name: ubuntu20-test-azure-oidc
display_name: Azure OIDC
run_on: ubuntu2004-small
expansions:
NODE_LTS_VERSION: 20
batchtime: 20160
tasks:
- testazureoidc_task_group
- name: ubuntu20-test-azure-oidc-auth
display_name: Azure OIDC Auth Tests
run_on: ubuntu2004-small
expansions:
NODE_LTS_VERSION: 20
batchtime: 20160
tasks:
- testazureoidcauth_task_group
- name: ubuntu20-test-gcp-oidc
display_name: GCP OIDC
expansions:
NODE_LTS_VERSION: 20
run_on: ubuntu2004-small
batchtime: 20160
tasks:
- testgcpoidc_task_group
- name: rhel8-test-atlas
display_name: Atlas Cluster Tests
run_on: rhel80-large
Expand Down

0 comments on commit 0542a48

Please sign in to comment.