Security cleanup

Cleanup

Use add_expansions_to_env

Use add_expansions_to_env

Author: NoahStapp

.evergreen/config.yml

@@ -776,16 +776,19 @@ functions:
     - command: ec2.assume_role
       params:
         role_arn: ${aws_test_secrets_role}
-    - command: shell.exec
-      type: test
-      params:
-        working_dir: "src"
-        silent: true
-        script: |
-          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
-          export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-          export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-          export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
+        add_expansions_to_env: true
+#    - command: shell.exec
+#      type: test
+#      params:
+#        working_dir: "src"
+#        silent: true
+#        script: |
+#          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
+#          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_aws_connection.sh"
+#            export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+#            export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+#            export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
+#          EOF
     - command: shell.exec
       type: test
       params:

.evergreen/run-mongodb-oidc-test.sh

@@ -48,12 +48,12 @@ fi
 # show test output
 set -x
 
-# Workaround macOS python 3.9 incompatibility with system virtualenv.
-#if [ "$(uname -s)" = "Darwin" ]; then
-#    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
-#else
+ Workaround macOS python 3.9 incompatibility with system virtualenv.
+if [ "$(uname -s)" = "Darwin" ]; then
+    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
+else
     VIRTUALENV=$(command -v virtualenv)
-#fi
+fi
 
 authtest () {
     if [ "Windows_NT" = "$OS" ]; then
@@ -71,7 +71,7 @@ authtest () {
     fi
     python -m pip install -U pip setuptools
     python -m pip install '.[aws]'
-    pytest -v test/auth_aws/test_auth_oidc.py
+    python test/auth_aws/test_auth_oidc.py -v
     deactivate
     rm -rf venvoidc
 }

tox.ini

@@ -146,7 +146,7 @@ commands =
 
 [testenv:test-atlas]
 deps =
-    pytest>=7
+    {[testenv:test]deps}
 passenv = *
 commands =
     python -m pytest -v {posargs} ./test/atlas/test_connection.py
@@ -169,34 +169,3 @@ allowlist_externals =
     bash
 commands =
     python {env:DRIVERS_TOOLS}/.evergreen/auth_aws/setup_secrets.py {posargs}
-
-[testenv:test-aws-secrets]
-deps =
-    PyYAML
-    boto3
-    pyjwkest
-    pyop~=3.4.0
-    azure-identity
-    azure-keyvault-secrets
-    pytest
-passenv = *
-setenv =
-    OIDC_TOKEN_DIR=/tmp/tokens
-    PYTHON_BINARY=python
-    MONGODB_URI=mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net
-    MONGODB_URI_SINGLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net/?authMechanism=MONGODB-OIDC"
-    MONGODB_URI_MULTIPLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net:27018/?authMechanism=MONGODB-OIDC&directConnection=true"
-allowlist_externals =
-    bash
-    source
-    echo
-commands =
-;    git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git
-    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
-    bash ./secrets-export.sh
-
-    bash ./drivers-evergreen-tools/.evergreen/auth_oidc/activate-authoidcvenv.sh
-    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_write_orchestration.py
-    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_get_tokens.py
-
-    bash .evergreen/run-mongodb-oidc-test.sh