wip

Oleksandr Poliakov · Oleksandr Poliakov · commit 34628a447e6d · 2024-03-06T15:59:06.000-08:00
diff --git a/build.cake b/build.cake
@@ -257,6 +257,18 @@ Task("TestGssapiNetStandard20").IsDependentOn("TestGssapi");
 Task("TestGssapiNetStandard21").IsDependentOn("TestGssapi");
 Task("TestGssapiNet60").IsDependentOn("TestGssapi");
 
+Task("TestMongoDbOidc")
+    .IsDependentOn("Build")
+    .DoesForEach(
+        items: GetFiles("./**/MongoDB.Driver.Tests.csproj"),
+        action: (BuildConfig buildConfig, Path testProject) =>
+            RunTests(buildConfig, testProject, filter: "Category=\"MongoDbOidc\""));
+
+Task("TestMongoDbOidcNet472").IsDependentOn("TestMongoDbOidc");
+Task("TestMongoDbOidcNetStandard20").IsDependentOn("TestMongoDbOidc");
+Task("TestMongoDbOidcNetStandard21").IsDependentOn("TestMongoDbOidc");
+Task("TestMongoDbOidcNet60").IsDependentOn("TestMongoDbOidc");
+
 Task("TestServerless")
     .IsDependentOn("Build")
     .DoesForEach(
@@ -692,7 +704,7 @@ public class BuildConfig
 string[] CreateLoggers(string projectName)
 {
     var testResultsFile = outputDirectory.Combine("test-results").Combine($"TEST-{projectName}-{target.ToLowerInvariant()}-{DateTimeOffset.UtcNow.ToUnixTimeMilliseconds()}.xml");
-    
+
     // Evergreen CI server requires JUnit output format to display test results
     var junitLogger = $"junit;LogFilePath={testResultsFile};FailureBodyFormat=Verbose";
     var consoleLogger = "console;verbosity=detailed";
diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml
@@ -451,6 +451,11 @@ functions:
       params:
         file: mongo-csharp-driver/benchmarks/MongoDB.Driver.Benchmarks/Benchmark.Artifacts/results/evergreen-results.json
 
+  assume-ec2-role:
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
+
   add-aws-auth-variables-to-file:
     - command: ec2.assume_role
       params:
@@ -706,6 +711,26 @@ functions:
             -v \
             --fault revoked
 
+  run-mongodb-oidc-tests:
+    - command: subprocess.exec
+      type: test
+      params:
+        working_dir: mongo-csharp-driver
+        binary: bash
+        include_expansions_in_env:
+          - "DRIVERS_TOOLS"
+          - "AWS_ACCESS_KEY_ID"
+          - "AWS_SECRET_ACCESS_KEY"
+          - "AWS_SESSION_TOKEN"
+          - "OS"
+          - "FRAMEWORK"
+        env:
+          ADMIN_USER: ${OIDC_ALTAS_USER}
+          ADMIN_PASSWORD: ${OIDC_ATLAS_PASSWORD}
+          MONGODB_URI: ${OIDC_ATLAS_URI_SINGLE}
+        args:
+          - evergreen/run-mongodb-oidc-test.sh
+
   run-serverless-tests:
     - command: shell.exec
       type: test
@@ -1237,6 +1262,11 @@ tasks:
       commands:
         - func: run-atlas-search-index-helpers-test
 
+    - name: test-oidc-auth-aws
+      commands:
+        - func: assume-ec2-role
+        - func: run-mongodb-oidc-tests
+
     - name: test-serverless
       exec_timeout_secs: 2700 # 45 minutes: 15 for setup + 30 for tests
       commands:
diff --git a/evergreen/run-mongodb-oidc-tests.sh b/evergreen/run-mongodb-oidc-tests.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# Don't trace since the URI contains a password that shouldn't show up in the logs
+set -o errexit # Exit the script with error if any of the commands fail
+
+# Supported/used environment variables:
+#   FRAMEWORK                           Used in build.cake task, must be set
+#   OS                                  Operating system, must be set
+#   ADMIN_USER                          Admin user, must be set
+#   ADMIN_PASSWORD                      Admin password, must be set
+#   MONGODB_URI                         Single atlas proxy serverless uri, must be set
+#   OIDC_TOKEN_DIR                      Directory to store aws credentials
+# Modified/exported environment variables:
+#   MONGODB_URI                         MONGODB_URI with embedded admin credentials
+#   AWS_WEB_IDENTITY_TOKEN_FILE         Path to the aws credentials file
+#   OIDC_TESTS_ENABLED                  Flag to run Oidc tests
+#   OIDC_PROVIDER_NAME                  OIDC provider name to be used in tests
+
+############################################
+#            Main Program                  #
+############################################
+
+if [ -z "$FRAMEWORK" ]; then
+  echo "FRAMEWORK should be specified"
+  exit 1
+fi
+
+if [ -z "$ADMIN_USER" ]; then
+  echo "ADMIN_USER should be specified"
+  exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+  echo "ADMIN_PASSWORD should be specified"
+  exit 1
+fi
+
+if [ -z "$MONGODB_URI" ]; then
+  echo "MONGODB_URI should be specified"
+  exit 1
+fi
+
+if [ -z "$OIDC_TOKEN_DIR" ]; then
+  echo "OIDC_TOKEN_DIR should be specified"
+  exit 1
+fi
+
+if [ "$OS" = "Windows_NT" ]; then
+  for var in TMP TEMP NUGET_PACKAGES NUGET_HTTP_CACHE_PATH APPDATA; do
+    setx $var z:\\data\\tmp
+    export $var=z:\\data\\tmp
+  done
+else
+  for var in TMP TEMP NUGET_PACKAGES NUGET_HTTP_CACHE_PATH APPDATA; do
+    export $var=/data/tmp;
+  done
+fi
+
+# Make sure DRIVERS_TOOLS is set.
+if [ -z "$DRIVERS_TOOLS" ]; then
+  echo "Must specify DRIVERS_TOOLS"
+  exit 1
+fi
+
+# Make the OIDC tokens.
+set -x
+pushd ${DRIVERS_TOOLS}/.evergreen/auth_oidc
+. ./oidc_get_tokens.sh
+popd
+
+# Assume "mongodb+srv" protocol
+export MONGODB_URI="mongodb+srv://${ADMIN_USER}:${ADMIN_PASSWORD}@${MONGODB_URI}?authSource=admin"
+export AWS_WEB_IDENTITY_TOKEN_FILE="$OIDC_TOKEN_DIR/test_user1"
+export OIDC_PROVIDER_NAME="aws"
+export OIDC_TESTS_ENABLED="true"
+
+if [ "Windows_NT" = "$OS" ]; then
+  powershell.exe .\\build.ps1 --target "TestMongoDbOidc${FRAMEWORK}"
+else
+  ./build.sh --target="TestServerless${FRAMEWORK}"
+fi
diff --git a/tests/MongoDB.Driver.Tests/Specifications/UnifiedTestSpecRunner.cs b/tests/MongoDB.Driver.Tests/Specifications/UnifiedTestSpecRunner.cs
@@ -37,7 +37,7 @@ public UnifiedTestSpecRunner(ITestOutputHelper testOutputHelper)
         {
         }
 
-        [Category("Authentication", "MONGODB-OIDC")]
+        [Category("Authentication", "MongoDbOidc")]
         [UnifiedTestsTheory("auth.tests.unified")]
         public void Auth(JsonDrivenTestCase testCase) => Run(testCase);
 
diff --git a/tests/MongoDB.Driver.Tests/Specifications/auth/OidcAuthenticationProseTests.cs b/tests/MongoDB.Driver.Tests/Specifications/auth/OidcAuthenticationProseTests.cs
@@ -36,7 +36,7 @@
 
 namespace MongoDB.Driver.Tests.Specifications.auth
 {
-    [Category("Authentication", "OidcMechanism")]
+    [Category("Authentication", "MongoDbOidc")]
     public class OidcAuthenticationProseTests : LoggableTestClass
     {
         // some auth configuration may support only this name
@@ -89,7 +89,7 @@ await ThreadingUtilities.ExecuteTasksOnNewThreads(10, async t =>
                         ? await collection.FindAsync(Builders<BsonDocument>.Filter.Empty)
                         : collection.FindSync(Builders<BsonDocument>.Filter.Empty);
                 }
-            });
+            }, (int)TimeSpan.FromSeconds(20).TotalMilliseconds);
 
             VerifyCallbackUsage(callbackMock, async, Times.Once());
         }

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public UnifiedTestSpecRunner(ITestOutputHelper testOutputHelper)`
`37`	`37`	`{`
`38`	`38`	`}`
`39`	`39`
`40`		`- [Category("Authentication", "MONGODB-OIDC")]`
	`40`	`+ [Category("Authentication", "MongoDbOidc")]`
`41`	`41`	`[UnifiedTestsTheory("auth.tests.unified")]`
`42`	`42`	`public void Auth(JsonDrivenTestCase testCase) => Run(testCase);`
`43`	`43`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@`
`36`	`36`
`37`	`37`	`namespace MongoDB.Driver.Tests.Specifications.auth`
`38`	`38`	`{`
`39`		`- [Category("Authentication", "OidcMechanism")]`
	`39`	`+ [Category("Authentication", "MongoDbOidc")]`
`40`	`40`	`public class OidcAuthenticationProseTests : LoggableTestClass`
`41`	`41`	`{`
`42`	`42`	`// some auth configuration may support only this name`
`@@ -89,7 +89,7 @@ await ThreadingUtilities.ExecuteTasksOnNewThreads(10, async t =>`
`89`	`89`	`? await collection.FindAsync(Builders<BsonDocument>.Filter.Empty)`
`90`	`90`	`: collection.FindSync(Builders<BsonDocument>.Filter.Empty);`
`91`	`91`	`}`
`92`		`- });`
	`92`	`+ }, (int)TimeSpan.FromSeconds(20).TotalMilliseconds);`
`93`	`93`
`94`	`94`	`VerifyCallbackUsage(callbackMock, async, Times.Once());`
`95`	`95`	`}`