Skip to content

Commit

Permalink
feat(NODE-5464): OIDC machine workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@durran
durran committed Feb 20, 2024
1 parent 38742c2 commit 4b8ca02
Show file tree
Hide file tree
Showing 44 changed files with 885 additions and 1,756 deletions.
71 changes: 64 additions & 7 deletions .evergreen/config.in.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,10 +171,29 @@ functions:
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
OIDC_ATLAS_URI_SINGLE="${OIDC_ATLAS_URI_SINGLE}" \
OIDC_ATLAS_URI_MULTI="${OIDC_ATLAS_URI_MULTI}" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
"run oidc auth tests aws":
- command: shell.exec
type: test
params:
working_dir: "src"
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-auth-tests.sh
"run tests":
- command: shell.exec
type: test
Expand Down Expand Up @@ -1271,8 +1290,28 @@ tasks:
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
PROVIDER_NAME: azure
SCRIPT: run-oidc-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh

- name: "oidc-auth-test-azure-latest-auth"
commands:
- command: expansions.update
type: setup
params:
updates:
- { key: NPM_VERSION, value: "9" }
- func: "install dependencies"
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
PROVIDER_NAME: azure
SCRIPT: run-oidc-auth-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh

Expand Down Expand Up @@ -1427,14 +1466,9 @@ task_groups:
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
export AZUREOIDC_SECRET="${testazureoidc_secret}"
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_group:
teardown_task:
- command: shell.exec
params:
shell: bash
Expand All @@ -1446,6 +1480,29 @@ task_groups:
tasks:
- oidc-auth-test-azure-latest

- name: testazureoidcauth_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_task:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest-auth

- name: test_atlas_task_group
setup_group:
- func: fetch source
Expand Down
103 changes: 96 additions & 7 deletions .evergreen/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,27 @@ functions:
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
OIDC_ATLAS_URI_SINGLE="${OIDC_ATLAS_URI_SINGLE}" \
OIDC_ATLAS_URI_MULTI="${OIDC_ATLAS_URI_MULTI}" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
run oidc auth tests aws:
- command: shell.exec
type: test
params:
working_dir: src
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}
OIDC_TOKEN_DIR="/tmp/tokens" \
PROVIDER_NAME="aws" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-auth-tests.sh
run tests:
- command: shell.exec
type: test
Expand Down Expand Up @@ -1222,8 +1240,27 @@ tasks:
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
PROVIDER_NAME: azure
SCRIPT: run-oidc-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh
- name: oidc-auth-test-azure-latest-auth
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: NPM_VERSION, value: '9'}
- func: install dependencies
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
PROVIDER_NAME: azure
SCRIPT: run-oidc-auth-tests.sh
args:
- .evergreen/run-oidc-tests-azure.sh
- name: test-aws-lambda-deployed
Expand Down Expand Up @@ -1837,6 +1874,25 @@ tasks:
- func: bootstrap mongo-orchestration
- func: setup oidc roles
- func: run oidc tests aws
- name: test-auth-oidc-aws
tags:
- latest
- replica_set
- oidc
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: VERSION, value: latest}
- {key: TOPOLOGY, value: replica_set}
- {key: AUTH, value: auth}
- {key: ORCHESTRATION_FILE, value: auth-oidc.json}
- func: install dependencies
- func: bootstrap oidc
- func: bootstrap mongo-orchestration
- func: setup oidc roles
- func: run oidc auth tests aws
- name: test-socks5
tags: []
commands:
Expand Down Expand Up @@ -3814,14 +3870,9 @@ task_groups:
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
export AZUREOIDC_SECRET="${testazureoidc_secret}"
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_group:
teardown_task:
- command: shell.exec
params:
shell: bash
Expand All @@ -3832,6 +3883,28 @@ task_groups:
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest
- name: testazureoidcauth_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_task:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest-auth
- name: test_atlas_task_group
setup_group:
- func: fetch source
Expand Down Expand Up @@ -3947,6 +4020,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -3998,6 +4072,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4049,6 +4124,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4099,6 +4175,7 @@ buildvariants:
- test-auth-kerberos
- test-auth-ldap
- test-auth-oidc
- test-auth-oidc-aws
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4386,6 +4463,18 @@ buildvariants:
tasks:
- test_azurekms_task_group
- test-azurekms-fail-task
- name: ubuntu20-test-azure-oidc
display_name: Azure OIDC
run_on: ubuntu2004-small
batchtime: 20160
tasks:
- testazureoidc_task_group
- name: ubuntu20-test-azure-oidc-auth
display_name: Azure OIDC Auth Tests
run_on: ubuntu2004-small
batchtime: 20160
tasks:
- testazureoidcauth_task_group
- name: rhel8-test-atlas
display_name: Atlas Cluster Tests
run_on: rhel80-large
Expand Down
42 changes: 32 additions & 10 deletions .evergreen/generate_evergreen_tasks.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,23 @@ TASKS.push(
{ func: 'run oidc tests aws' }
]
},
{
name: 'test-auth-oidc-aws',
tags: ['latest', 'replica_set', 'oidc'],
commands: [
updateExpansions({
VERSION: 'latest',
TOPOLOGY: 'replica_set',
AUTH: 'auth',
ORCHESTRATION_FILE: 'auth-oidc.json'
}),
{ func: 'install dependencies' },
{ func: 'bootstrap oidc' },
{ func: 'bootstrap mongo-orchestration' },
{ func: 'setup oidc roles' },
{ func: 'run oidc auth tests aws' }
]
},
{
name: 'test-socks5',
tags: [],
Expand Down Expand Up @@ -710,16 +727,21 @@ BUILD_VARIANTS.push({
tasks: ['test_azurekms_task_group', 'test-azurekms-fail-task']
});

// TODO(DRIVERS-2416/NODE-4929) - Azure credentials are expired, a new drivers ticket
// should be created but at the moment for our test failures we will reference the
// open DRIVERS ticket and completed NODE ticket.
// BUILD_VARIANTS.push({
// name: 'ubuntu20-test-azure-oidc',
// display_name: 'Azure OIDC',
// run_on: UBUNTU_20_OS,
// batchtime: 20160,
// tasks: ['testazureoidc_task_group']
// });
BUILD_VARIANTS.push({
name: 'ubuntu20-test-azure-oidc',
display_name: 'Azure OIDC',
run_on: UBUNTU_20_OS,
batchtime: 20160,
tasks: ['testazureoidc_task_group']
});

BUILD_VARIANTS.push({
name: 'ubuntu20-test-azure-oidc-auth',
display_name: 'Azure OIDC Auth Tests',
run_on: UBUNTU_20_OS,
batchtime: 20160,
tasks: ['testazureoidcauth_task_group']
});

BUILD_VARIANTS.push({
name: 'rhel8-test-atlas',
Expand Down
38 changes: 38 additions & 0 deletions .evergreen/run-oidc-auth-tests.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#!/bin/bash
set -o errexit # Exit the script with error if any of the commands fail
set -o xtrace # Write all commands first to stderr

PROVIDER_NAME=${PROVIDER_NAME:-"aws"}
PROJECT_DIRECTORY=${PROJECT_DIRECTORY:-"."}
source "${PROJECT_DIRECTORY}/.evergreen/init-node-and-npm-env.sh"

MONGODB_URI=${MONGODB_URI:-"mongodb://127.0.0.1:27017"}

export OIDC_TOKEN_DIR=${OIDC_TOKEN_DIR}

export MONGODB_URI=${MONGODB_URI:-"mongodb://localhost"}

if [ "$PROVIDER_NAME" = "azure" ]; then
if [ -z "${AZUREOIDC_CLIENTID}" ]; then
echo "Must specify an AZUREOIDC_CLIENTID"
exit 1
fi

export UTIL_CLIENT_USER=$AZUREOIDC_USERNAME
export UTIL_CLIENT_PASSWORD="pwd123"
MONGODB_URI="${MONGODB_URI}/?authMechanism=MONGODB-OIDC"
MONGODB_URI="${MONGODB_URI}&authMechanismProperties=PROVIDER_NAME:azure"
MONGODB_URI="${MONGODB_URI},TOKEN_AUDIENCE:api%3A%2F%2F${AZUREOIDC_CLIENTID}"
export MONGODB_URI="${MONGODB_URI},TOKEN_CLIENT_ID:${AZUREOIDC_TOKENCLIENT}"
else
if [ -z "${OIDC_TOKEN_DIR}" ]; then
echo "Must specify OIDC_TOKEN_DIR"
exit 1
fi

export UTIL_CLIENT_USER="bob"
export UTIL_CLIENT_PASSWORD="pwd123"
export MONGODB_URI="${MONGODB_URI}/test?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:aws"
fi

npm run check:oidc-auth
3 changes: 1 addition & 2 deletions .evergreen/run-oidc-tests-azure.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ set -o errexit # Exit the script with error if any of the commands fail

export AZUREOIDC_DRIVERS_TAR_FILE=/tmp/node-mongodb-native.tgz
tar czf $AZUREOIDC_DRIVERS_TAR_FILE .
export AZUREOIDC_TEST_CMD="source ./env.sh && PROVIDER_NAME=azure ./.evergreen/run-oidc-tests.sh"
export AZUREOIDC_CLIENTID=$AZUREOIDC_CLIENTID
export AZUREOIDC_TEST_CMD="source ./env.sh && PROVIDER_NAME=azure ./.evergreen/${SCRIPT}"
export PROJECT_DIRECTORY=$PROJECT_DIRECTORY
export PROVIDER_NAME=$PROVIDER_NAME
bash $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/run-driver-test.sh

0 comments on commit 4b8ca02

Please sign in to comment.