DRIVERS-2585 Use AWS Secrets Manager for AWS-Related Test Secrets

Author: NoahStapp

.evergreen/config.yml

@@ -792,6 +792,29 @@ functions:
           python oidc_write_orchestration.py
           python oidc_get_tokens.py
 
+  "bootstrap aws-secrets":
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
+    - command: shell.exec
+      type: test
+      params:
+        shell: bash
+        script: |
+          ${PREPARE_SHELL}
+          if [ "${skip_EC2_auth_test}" = "true" ]; then
+             echo "This platform does not support aws secrets, skipping..."
+             exit 0
+          fi
+
+          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
+          python setup_secrets.py
+
+    - command: expansions.update
+      params:
+        file: secrets-expansion.yml
+
+
   "run oidc auth test with aws credentials":
     - command: shell.exec
       type: test

.evergreen/run-mongodb-oidc-test.sh

@@ -15,7 +15,7 @@ set -o errexit  # Exit the script with error if any of the commands fail
 
 echo "Running MONGODB-OIDC authentication tests"
 # ensure no secrets are printed in log files
-set +x
+#set +x
 
 # load the script
 shopt -s expand_aliases # needed for `urlencode` alias
@@ -49,11 +49,11 @@ fi
 set -x
 
 # Workaround macOS python 3.9 incompatibility with system virtualenv.
-if [ "$(uname -s)" = "Darwin" ]; then
-    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
-else
+#if [ "$(uname -s)" = "Darwin" ]; then
+#    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
+#else
     VIRTUALENV=$(command -v virtualenv)
-fi
+#fi
 
 authtest () {
     if [ "Windows_NT" = "$OS" ]; then
@@ -71,7 +71,7 @@ authtest () {
     fi
     python -m pip install -U pip setuptools
     python -m pip install '.[aws]'
-    python test/auth_aws/test_auth_oidc.py -v
+    pytest -v test/auth_aws/test_auth_oidc.py
     deactivate
     rm -rf venvoidc
 }

tox.ini

@@ -144,12 +144,17 @@ commands =
     sphinx-build -E -b linkcheck doc ./doc/_build/linkcheck
 
 [testenv:test-atlas]
-description = run atlas connection tests
 deps =
-     {[testenv:test]deps}
+    PyYAML
+    boto3
+    pytest>=7
 passenv = *
+allowlist_externals =
+    bash
 commands =
-    python -m pytest -v {posargs} ./test/atlas/test_connection.py
+    bash -c 'git -C drivers-evergreen-tools pull origin DRIVERS-2585 || git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git'
+    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
+    bash -c 'source ./secrets-export.sh; python -m pytest -v {posargs} ./test/atlas/test_connection.py'
 
 [testenv:test-mockupdb]
 description = run mockupdb tests
@@ -159,3 +164,34 @@ deps =
 passenv = *
 commands =
     python -m pytest -v {posargs} ./test/mockupdb
+
+[testenv:test-aws-secrets]
+deps =
+    PyYAML
+    boto3
+    pyjwkest
+    pyop~=3.4.0
+    azure-identity
+    azure-keyvault-secrets
+    pytest
+passenv = *
+setenv =
+    OIDC_TOKEN_DIR=/tmp/tokens
+    PYTHON_BINARY=python
+    MONGODB_URI=mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net
+    MONGODB_URI_SINGLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net/?authMechanism=MONGODB-OIDC"
+    MONGODB_URI_MULTIPLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net:27018/?authMechanism=MONGODB-OIDC&directConnection=true"
+allowlist_externals =
+    bash
+    source
+    echo
+commands =
+;    git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git
+    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
+    bash ./secrets-export.sh
+
+    bash ./drivers-evergreen-tools/.evergreen/auth_oidc/activate-authoidcvenv.sh
+    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_write_orchestration.py
+    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_get_tokens.py
+
+    bash .evergreen/run-mongodb-oidc-test.sh