From f6323f65734975a1b9747ea7e9fa87eeaf219d1f Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Thu, 3 Aug 2023 13:29:12 -0700
Subject: [PATCH 01/17] DRIVERS-2585 Use AWS Secrets Manager for AWS-Related
 Test Secrets

---
 .evergreen/config.yml               | 23 ++++++++++++++++
 .evergreen/run-mongodb-oidc-test.sh | 12 ++++-----
 tox.ini                             | 42 ++++++++++++++++++++++++++---
 3 files changed, 68 insertions(+), 9 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 5447439ca8..fdbbdfed80 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -792,6 +792,29 @@ functions:
           python oidc_write_orchestration.py
           python oidc_get_tokens.py
 
+  "bootstrap aws-secrets":
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
+    - command: shell.exec
+      type: test
+      params:
+        shell: bash
+        script: |
+          ${PREPARE_SHELL}
+          if [ "${skip_EC2_auth_test}" = "true" ]; then
+             echo "This platform does not support aws secrets, skipping..."
+             exit 0
+          fi
+
+          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
+          python setup_secrets.py
+
+    - command: expansions.update
+      params:
+        file: secrets-expansion.yml
+
+
   "run oidc auth test with aws credentials":
     - command: shell.exec
       type: test
diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh
index 46bb779578..48055b32bd 100755
--- a/.evergreen/run-mongodb-oidc-test.sh
+++ b/.evergreen/run-mongodb-oidc-test.sh
@@ -15,7 +15,7 @@ set -o errexit  # Exit the script with error if any of the commands fail
 
 echo "Running MONGODB-OIDC authentication tests"
 # ensure no secrets are printed in log files
-set +x
+#set +x
 
 # load the script
 shopt -s expand_aliases # needed for `urlencode` alias
@@ -49,11 +49,11 @@ fi
 set -x
 
 # Workaround macOS python 3.9 incompatibility with system virtualenv.
-if [ "$(uname -s)" = "Darwin" ]; then
-    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
-else
+#if [ "$(uname -s)" = "Darwin" ]; then
+#    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
+#else
     VIRTUALENV=$(command -v virtualenv)
-fi
+#fi
 
 authtest () {
     if [ "Windows_NT" = "$OS" ]; then
@@ -71,7 +71,7 @@ authtest () {
     fi
     python -m pip install -U pip setuptools
     python -m pip install '.[aws]'
-    python test/auth_aws/test_auth_oidc.py -v
+    pytest -v test/auth_aws/test_auth_oidc.py
     deactivate
     rm -rf venvoidc
 }
diff --git a/tox.ini b/tox.ini
index c268fd1f4c..03fb59e434 100644
--- a/tox.ini
+++ b/tox.ini
@@ -144,12 +144,17 @@ commands =
     sphinx-build -E -b linkcheck doc ./doc/_build/linkcheck
 
 [testenv:test-atlas]
-description = run atlas connection tests
 deps =
-     {[testenv:test]deps}
+    PyYAML
+    boto3
+    pytest>=7
 passenv = *
+allowlist_externals =
+    bash
 commands =
-    python -m pytest -v {posargs} ./test/atlas/test_connection.py
+    bash -c 'git -C drivers-evergreen-tools pull origin DRIVERS-2585 || git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git'
+    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
+    bash -c 'source ./secrets-export.sh; python -m pytest -v {posargs} ./test/atlas/test_connection.py'
 
 [testenv:test-mockupdb]
 description = run mockupdb tests
@@ -159,3 +164,34 @@ deps =
 passenv = *
 commands =
     python -m pytest -v {posargs} ./test/mockupdb
+
+[testenv:test-aws-secrets]
+deps =
+    PyYAML
+    boto3
+    pyjwkest
+    pyop~=3.4.0
+    azure-identity
+    azure-keyvault-secrets
+    pytest
+passenv = *
+setenv =
+    OIDC_TOKEN_DIR=/tmp/tokens
+    PYTHON_BINARY=python
+    MONGODB_URI=mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net
+    MONGODB_URI_SINGLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net/?authMechanism=MONGODB-OIDC"
+    MONGODB_URI_MULTIPLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net:27018/?authMechanism=MONGODB-OIDC&directConnection=true"
+allowlist_externals =
+    bash
+    source
+    echo
+commands =
+;    git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git
+    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
+    bash ./secrets-export.sh
+
+    bash ./drivers-evergreen-tools/.evergreen/auth_oidc/activate-authoidcvenv.sh
+    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_write_orchestration.py
+    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_get_tokens.py
+
+    bash .evergreen/run-mongodb-oidc-test.sh

From c3069fea8318ee119593e84645fe59756bc122fd Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Thu, 3 Aug 2023 14:04:16 -0700
Subject: [PATCH 02/17] Test on EG with atlas-tests

Test again

Use correct DET

Use tox properly

Correct utils.sh path

debug

prepare shell

Use correct working dir
---
 .evergreen/config.yml | 39 ++++++---------------------------------
 tox.ini               | 14 ++++++++++----
 2 files changed, 16 insertions(+), 37 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index fdbbdfed80..181fd1ba6e 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -98,7 +98,7 @@ functions:
             # If this was a patch build, doing a fresh clone would not actually test the patch
             cp -R ${PROJECT_DIRECTORY}/ $DRIVERS_TOOLS
           else
-            git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git $DRIVERS_TOOLS
+            git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git $DRIVERS_TOOLS
           fi
           echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config
 
@@ -534,40 +534,18 @@ functions:
           PYTHON_BINARY=${PYTHON_BINARY} PROJECT_DIRECTORY=${PROJECT_DIRECTORY} bash ${PROJECT_DIRECTORY}/.evergreen/run-enterprise-auth-tests.sh
 
   "run atlas tests":
-    - command: shell.exec
-      type: test
-      params:
-        silent: true
-        working_dir: "src"
-        script: |
-          cat <<EOT > prepare_atlas_connectivity.sh
-          export ATLAS_FREE='${atlas_free}'
-          export ATLAS_REPL='${atlas_repl}'
-          export ATLAS_SHRD='${atlas_shrd}'
-          export ATLAS_TLS11='${atlas_tls11}'
-          export ATLAS_TLS12='${atlas_tls12}'
-          export ATLAS_SERVERLESS='${atlas_serverless}'
-          export ATLAS_SRV_FREE='${atlas_srv_free}'
-          export ATLAS_SRV_REPL='${atlas_srv_repl}'
-          export ATLAS_SRV_SHRD='${atlas_srv_shrd}'
-          export ATLAS_SRV_TLS11='${atlas_srv_tls11}'
-          export ATLAS_SRV_TLS12='${atlas_srv_tls12}'
-          export ATLAS_SRV_SERVERLESS='${atlas_srv_serverless}'
-          EOT
     - command: shell.exec
       type: test
       params:
         working_dir: "src"
         script: |
+          ${PREPARE_SHELL}
           # Disable xtrace for security reasons (just in case it was accidentally set).
           set +x
 
-          . ./prepare_atlas_connectivity.sh
-          rm -f ./prepare_atlas_connectivity.sh
-
           set -o errexit
           set -o xtrace
-          ${PYTHON_BINARY} -m tox -m test-atlas
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m test-atlas
 
   "add aws auth variables to file":
     - command: shell.exec
@@ -799,22 +777,16 @@ functions:
     - command: shell.exec
       type: test
       params:
+        working_dir: "src"
         shell: bash
         script: |
           ${PREPARE_SHELL}
-          if [ "${skip_EC2_auth_test}" = "true" ]; then
-             echo "This platform does not support aws secrets, skipping..."
-             exit 0
-          fi
-
-          cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
-          python setup_secrets.py
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets
 
     - command: expansions.update
       params:
         file: secrets-expansion.yml
 
-
   "run oidc auth test with aws credentials":
     - command: shell.exec
       type: test
@@ -1739,6 +1711,7 @@ tasks:
     - name: "atlas-connect"
       tags: ["atlas-connect"]
       commands:
+        - func: "bootstrap aws-secrets"
         - func: "run atlas tests"
 
     - name: atlas-data-lake-tests
diff --git a/tox.ini b/tox.ini
index 03fb59e434..2999a9a9f9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -145,15 +145,11 @@ commands =
 
 [testenv:test-atlas]
 deps =
-    PyYAML
-    boto3
     pytest>=7
 passenv = *
 allowlist_externals =
     bash
 commands =
-    bash -c 'git -C drivers-evergreen-tools pull origin DRIVERS-2585 || git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git'
-    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
     bash -c 'source ./secrets-export.sh; python -m pytest -v {posargs} ./test/atlas/test_connection.py'
 
 [testenv:test-mockupdb]
@@ -165,6 +161,16 @@ passenv = *
 commands =
     python -m pytest -v {posargs} ./test/mockupdb
 
+[testenv:aws-secrets]
+deps =
+    PyYAML
+    boto3
+passenv = *
+allowlist_externals =
+    bash
+commands =
+    python {env:DRIVERS_TOOLS}/.evergreen/auth_aws/setup_secrets.py drivers/test
+
 [testenv:test-aws-secrets]
 deps =
     PyYAML

From e2286cc8ea76283769ae38b92dc54bf0437abb8e Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Thu, 3 Aug 2023 14:56:42 -0700
Subject: [PATCH 03/17] Add aws-secrets label

---
 tox.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tox.ini b/tox.ini
index 2999a9a9f9..1a8bef81a2 100644
--- a/tox.ini
+++ b/tox.ini
@@ -40,6 +40,7 @@ labels = # Use labels and -m instead of -e so that tox -m <label> fails instantl
     linkcheck = linkcheck
     test-atlas = test-atlas
     test-mockupdb = test-mockupdb
+    aws-secrets = aws-secrets
 
 [testenv:test]
 description = run base set of unit tests with no extra functionality

From 34fb128e58e785f3c6c734012abd6dbe33c928c2 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Thu, 3 Aug 2023 15:10:39 -0700
Subject: [PATCH 04/17] Set AWS_ROLE_ARN

More AWS cred testing

More AWS cred testing

More AWS cred testing

testing

testing

More cleanup

Debugging

Debugging again

deubg 3.7

deubg 3.7

Security cleanup
---
 .evergreen/config.yml | 19 +++++++++++++++++--
 tox.ini               |  6 ++----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 181fd1ba6e..0b59f72546 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -545,6 +545,8 @@ functions:
 
           set -o errexit
           set -o xtrace
+          
+          source ./secrets-export.sh
           bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m test-atlas
 
   "add aws auth variables to file":
@@ -774,6 +776,16 @@ functions:
     - command: ec2.assume_role
       params:
         role_arn: ${aws_test_secrets_role}
+    - command: shell.exec
+      type: test
+      params:
+        working_dir: "src"
+        silent: true
+        script: |
+          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
+          export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+          export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+          export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
     - command: shell.exec
       type: test
       params:
@@ -781,11 +793,14 @@ functions:
         shell: bash
         script: |
           ${PREPARE_SHELL}
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets
+
+          # This is required for pypy3.7 UTF encoding
+          export LC_ALL=en_US.UTF-8
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets -- drivers/test
 
     - command: expansions.update
       params:
-        file: secrets-expansion.yml
+        file: src/secrets-expansion.yml
 
   "run oidc auth test with aws credentials":
     - command: shell.exec
diff --git a/tox.ini b/tox.ini
index 1a8bef81a2..cdaa6b323f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -148,10 +148,8 @@ commands =
 deps =
     pytest>=7
 passenv = *
-allowlist_externals =
-    bash
 commands =
-    bash -c 'source ./secrets-export.sh; python -m pytest -v {posargs} ./test/atlas/test_connection.py'
+    python -m pytest -v {posargs} ./test/atlas/test_connection.py
 
 [testenv:test-mockupdb]
 description = run mockupdb tests
@@ -170,7 +168,7 @@ passenv = *
 allowlist_externals =
     bash
 commands =
-    python {env:DRIVERS_TOOLS}/.evergreen/auth_aws/setup_secrets.py drivers/test
+    python {env:DRIVERS_TOOLS}/.evergreen/auth_aws/setup_secrets.py {posargs}
 
 [testenv:test-aws-secrets]
 deps =

From 5ecb2415b3618c07470459dbabc6da025dfa7fd9 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Fri, 4 Aug 2023 11:52:32 -0700
Subject: [PATCH 05/17] Security cleanup

Cleanup

Use add_expansions_to_env

Use add_expansions_to_env
---
 .evergreen/config.yml               | 23 +++++++++++---------
 .evergreen/run-mongodb-oidc-test.sh | 12 +++++------
 tox.ini                             | 33 +----------------------------
 3 files changed, 20 insertions(+), 48 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 0b59f72546..612c17e402 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -776,16 +776,19 @@ functions:
     - command: ec2.assume_role
       params:
         role_arn: ${aws_test_secrets_role}
-    - command: shell.exec
-      type: test
-      params:
-        working_dir: "src"
-        silent: true
-        script: |
-          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
-          export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-          export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-          export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
+        add_expansions_to_env: true
+#    - command: shell.exec
+#      type: test
+#      params:
+#        working_dir: "src"
+#        silent: true
+#        script: |
+#          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
+#          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_aws_connection.sh"
+#            export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+#            export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+#            export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
+#          EOF
     - command: shell.exec
       type: test
       params:
diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh
index 48055b32bd..b6792386da 100755
--- a/.evergreen/run-mongodb-oidc-test.sh
+++ b/.evergreen/run-mongodb-oidc-test.sh
@@ -48,12 +48,12 @@ fi
 # show test output
 set -x
 
-# Workaround macOS python 3.9 incompatibility with system virtualenv.
-#if [ "$(uname -s)" = "Darwin" ]; then
-#    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
-#else
+ Workaround macOS python 3.9 incompatibility with system virtualenv.
+if [ "$(uname -s)" = "Darwin" ]; then
+    VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
+else
     VIRTUALENV=$(command -v virtualenv)
-#fi
+fi
 
 authtest () {
     if [ "Windows_NT" = "$OS" ]; then
@@ -71,7 +71,7 @@ authtest () {
     fi
     python -m pip install -U pip setuptools
     python -m pip install '.[aws]'
-    pytest -v test/auth_aws/test_auth_oidc.py
+    python test/auth_aws/test_auth_oidc.py -v
     deactivate
     rm -rf venvoidc
 }
diff --git a/tox.ini b/tox.ini
index cdaa6b323f..17e9454e4d 100644
--- a/tox.ini
+++ b/tox.ini
@@ -146,7 +146,7 @@ commands =
 
 [testenv:test-atlas]
 deps =
-    pytest>=7
+    {[testenv:test]deps}
 passenv = *
 commands =
     python -m pytest -v {posargs} ./test/atlas/test_connection.py
@@ -169,34 +169,3 @@ allowlist_externals =
     bash
 commands =
     python {env:DRIVERS_TOOLS}/.evergreen/auth_aws/setup_secrets.py {posargs}
-
-[testenv:test-aws-secrets]
-deps =
-    PyYAML
-    boto3
-    pyjwkest
-    pyop~=3.4.0
-    azure-identity
-    azure-keyvault-secrets
-    pytest
-passenv = *
-setenv =
-    OIDC_TOKEN_DIR=/tmp/tokens
-    PYTHON_BINARY=python
-    MONGODB_URI=mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net
-    MONGODB_URI_SINGLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net/?authMechanism=MONGODB-OIDC"
-    MONGODB_URI_MULTIPLE="mongodb+srv://oidc-rapid.oztdp.mongodb-dev.net:27018/?authMechanism=MONGODB-OIDC&directConnection=true"
-allowlist_externals =
-    bash
-    source
-    echo
-commands =
-;    git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git
-    python ./drivers-evergreen-tools/.evergreen/auth_aws/setup_secrets.py drivers/test
-    bash ./secrets-export.sh
-
-    bash ./drivers-evergreen-tools/.evergreen/auth_oidc/activate-authoidcvenv.sh
-    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_write_orchestration.py
-    python ./drivers-evergreen-tools/.evergreen/auth_oidc/oidc_get_tokens.py
-
-    bash .evergreen/run-mongodb-oidc-test.sh

From 45789f936d60afb16dfbd5d4840a97c44b30642f Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Mon, 7 Aug 2023 10:43:39 -0700
Subject: [PATCH 06/17] Use add_expansions_to_env

---
 .evergreen/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 612c17e402..635492e07e 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -776,7 +776,6 @@ functions:
     - command: ec2.assume_role
       params:
         role_arn: ${aws_test_secrets_role}
-        add_expansions_to_env: true
 #    - command: shell.exec
 #      type: test
 #      params:
@@ -792,6 +791,7 @@ functions:
     - command: shell.exec
       type: test
       params:
+        add_expansions_to_env: true
         working_dir: "src"
         shell: bash
         script: |

From 11bbf355e786e3a1c913c0e2ee170778dc8d97b5 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Mon, 7 Aug 2023 10:50:16 -0700
Subject: [PATCH 07/17] Cleanup

---
 .evergreen/config.yml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 635492e07e..069b6ed4ed 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -776,18 +776,6 @@ functions:
     - command: ec2.assume_role
       params:
         role_arn: ${aws_test_secrets_role}
-#    - command: shell.exec
-#      type: test
-#      params:
-#        working_dir: "src"
-#        silent: true
-#        script: |
-#          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
-#          cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_aws_connection.sh"
-#            export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-#            export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-#            export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
-#          EOF
     - command: shell.exec
       type: test
       params:
@@ -797,8 +785,6 @@ functions:
         script: |
           ${PREPARE_SHELL}
 
-          # This is required for pypy3.7 UTF encoding
-          export LC_ALL=en_US.UTF-8
           bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets -- drivers/test
 
     - command: expansions.update

From 4eaba1ecadce28a5ff5622a0a26846a0922efc19 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Mon, 7 Aug 2023 15:35:49 -0700
Subject: [PATCH 08/17] Locally working test-atlas + consolodation

---
 .evergreen/config.yml | 14 +++++++-------
 .gitignore            |  2 ++
 tox.ini               |  7 ++++---
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 069b6ed4ed..ab3c77863c 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -534,20 +534,21 @@ functions:
           PYTHON_BINARY=${PYTHON_BINARY} PROJECT_DIRECTORY=${PROJECT_DIRECTORY} bash ${PROJECT_DIRECTORY}/.evergreen/run-enterprise-auth-tests.sh
 
   "run atlas tests":
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
     - command: shell.exec
       type: test
       params:
+        add_expansions_to_env: true
         working_dir: "src"
         script: |
-          ${PREPARE_SHELL}
           # Disable xtrace for security reasons (just in case it was accidentally set).
           set +x
-
           set -o errexit
           set -o xtrace
-          
-          source ./secrets-export.sh
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m test-atlas
+
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m test-atlas -- "" drivers/test
 
   "add aws auth variables to file":
     - command: shell.exec
@@ -785,7 +786,7 @@ functions:
         script: |
           ${PREPARE_SHELL}
 
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets -- drivers/test
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets -- "" drivers/test
 
     - command: expansions.update
       params:
@@ -1715,7 +1716,6 @@ tasks:
     - name: "atlas-connect"
       tags: ["atlas-connect"]
       commands:
-        - func: "bootstrap aws-secrets"
         - func: "run atlas tests"
 
     - name: atlas-data-lake-tests
diff --git a/.gitignore b/.gitignore
index 269a7e7081..2dd87c9a96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,5 @@ mongocryptd.pid
 .idea/
 .nova/
 venv/
+secrets-expansion.yml
+secrets-export.sh
diff --git a/tox.ini b/tox.ini
index 17e9454e4d..f317bb43f5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -146,10 +146,13 @@ commands =
 
 [testenv:test-atlas]
 deps =
+    {[testenv:aws-secrets]deps}
     {[testenv:test]deps}
 passenv = *
+allowlist_externals = bash
 commands =
-    python -m pytest -v {posargs} ./test/atlas/test_connection.py
+    {[testenv:aws-secrets]commands}
+    bash -c "source ./secrets-export.sh; python -m pytest -v ./test/atlas/test_connection.py"
 
 [testenv:test-mockupdb]
 description = run mockupdb tests
@@ -165,7 +168,5 @@ deps =
     PyYAML
     boto3
 passenv = *
-allowlist_externals =
-    bash
 commands =
     python {env:DRIVERS_TOOLS}/.evergreen/auth_aws/setup_secrets.py {posargs}

From 8ef33075c74f275d3875413f0072096684f2b610 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Mon, 7 Aug 2023 15:46:05 -0700
Subject: [PATCH 09/17] Fix tox.sh

---
 .evergreen/tox.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.evergreen/tox.sh b/.evergreen/tox.sh
index 0c56ea7e8a..8d723dfd83 100644
--- a/.evergreen/tox.sh
+++ b/.evergreen/tox.sh
@@ -28,4 +28,4 @@ else # No toolchain present, set up virtualenv before installing tox
     }
 fi
 
-run_tox "${@:1}"
+run_tox "${@:2}"

From 3dc7ed209a58578349e6f769ec90afc1c3febae9 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Mon, 7 Aug 2023 16:17:40 -0700
Subject: [PATCH 10/17] Fix tox.sh again

---
 .evergreen/config.yml | 2 +-
 .evergreen/tox.sh     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index ab3c77863c..da135c051f 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -548,7 +548,7 @@ functions:
           set -o errexit
           set -o xtrace
 
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m test-atlas -- "" drivers/test
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-atlas -- "" drivers/test
 
   "add aws auth variables to file":
     - command: shell.exec
diff --git a/.evergreen/tox.sh b/.evergreen/tox.sh
index 8d723dfd83..0c56ea7e8a 100644
--- a/.evergreen/tox.sh
+++ b/.evergreen/tox.sh
@@ -28,4 +28,4 @@ else # No toolchain present, set up virtualenv before installing tox
     }
 fi
 
-run_tox "${@:2}"
+run_tox "${@:1}"

From c0dc93fa19ac2ffd087789e822e6b26fe5393012 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 8 Aug 2023 09:49:41 -0700
Subject: [PATCH 11/17] Use updated setup_secrets

---
 .evergreen/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index da135c051f..4ebf6fad80 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -548,7 +548,7 @@ functions:
           set -o errexit
           set -o xtrace
 
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-atlas -- "" drivers/test
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-atlas -- -r us-west-2 drivers/test
 
   "add aws auth variables to file":
     - command: shell.exec

From aeafdf12b1baf8e76b39b3b0ce1dda680dc5bfe0 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 8 Aug 2023 14:20:08 -0700
Subject: [PATCH 12/17] Cleanup, remove bootstrap aws-secrets

---
 .evergreen/config.yml               | 19 -------------------
 .evergreen/run-mongodb-oidc-test.sh |  2 +-
 2 files changed, 1 insertion(+), 20 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 4ebf6fad80..6f01dfea10 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -773,25 +773,6 @@ functions:
           python oidc_write_orchestration.py
           python oidc_get_tokens.py
 
-  "bootstrap aws-secrets":
-    - command: ec2.assume_role
-      params:
-        role_arn: ${aws_test_secrets_role}
-    - command: shell.exec
-      type: test
-      params:
-        add_expansions_to_env: true
-        working_dir: "src"
-        shell: bash
-        script: |
-          ${PREPARE_SHELL}
-
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh ${PYTHON_BINARY} -m aws-secrets -- "" drivers/test
-
-    - command: expansions.update
-      params:
-        file: src/secrets-expansion.yml
-
   "run oidc auth test with aws credentials":
     - command: shell.exec
       type: test
diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh
index b6792386da..fc0a880b75 100755
--- a/.evergreen/run-mongodb-oidc-test.sh
+++ b/.evergreen/run-mongodb-oidc-test.sh
@@ -15,7 +15,7 @@ set -o errexit  # Exit the script with error if any of the commands fail
 
 echo "Running MONGODB-OIDC authentication tests"
 # ensure no secrets are printed in log files
-#set +x
+set +x
 
 # load the script
 shopt -s expand_aliases # needed for `urlencode` alias

From 0c2506515fe5b92b3bbc342c34e8e299066bb932 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 8 Aug 2023 16:01:20 -0700
Subject: [PATCH 13/17] Revert clone change for testing

---
 .evergreen/config.yml               | 2 +-
 .evergreen/run-mongodb-oidc-test.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 6f01dfea10..a22b9988f8 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -98,7 +98,7 @@ functions:
             # If this was a patch build, doing a fresh clone would not actually test the patch
             cp -R ${PROJECT_DIRECTORY}/ $DRIVERS_TOOLS
           else
-            git clone -b DRIVERS-2585 https://github.com/NoahStapp/drivers-evergreen-tools.git $DRIVERS_TOOLS
+            git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git $DRIVERS_TOOLS
           fi
           echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config
 
diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh
index fc0a880b75..46bb779578 100755
--- a/.evergreen/run-mongodb-oidc-test.sh
+++ b/.evergreen/run-mongodb-oidc-test.sh
@@ -48,7 +48,7 @@ fi
 # show test output
 set -x
 
- Workaround macOS python 3.9 incompatibility with system virtualenv.
+# Workaround macOS python 3.9 incompatibility with system virtualenv.
 if [ "$(uname -s)" = "Darwin" ]; then
     VIRTUALENV="/Library/Frameworks/Python.framework/Versions/3.9/bin/python3 -m virtualenv"
 else

From 9a7cb184513f3715983590f5abad01ddac4095ad Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 8 Aug 2023 16:08:49 -0700
Subject: [PATCH 14/17] Update secret vault

---
 .evergreen/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index a22b9988f8..d3e24d2d67 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -548,7 +548,7 @@ functions:
           set -o errexit
           set -o xtrace
 
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-atlas -- -r us-west-2 drivers/test
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-atlas -- drivers/atlas_connect
 
   "add aws auth variables to file":
     - command: shell.exec

From d69f11bf54b01dbca64a146b49dacb30b658f5af Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Mon, 14 Aug 2023 11:36:05 -0700
Subject: [PATCH 15/17] Use test-eg for test-atlas

---
 .evergreen/run-tests.sh | 8 +++++++-
 tox.ini                 | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
index 474421c4aa..ef579c954b 100755
--- a/.evergreen/run-tests.sh
+++ b/.evergreen/run-tests.sh
@@ -21,6 +21,7 @@ set -o errexit  # Exit the script with error if any of the commands fail
 #  TEST_FLE_GCP_AUTO    If non-empy, test auto FLE on GCP
 #  TEST_PYOPENSSL       If non-empy, test with PyOpenSSL
 #  TEST_ENCRYPTION_PYOPENSSL    If non-empy, test encryption with PyOpenSSL
+#  TEST_ATLAS   If non-empty, test Atlas connections
 
 if [ -n "${SET_XTRACE_ON}" ]; then
     set -o xtrace
@@ -168,6 +169,11 @@ if [ -n "$TEST_DATA_LAKE" ] && [ -z "$TEST_ARGS" ]; then
     TEST_ARGS="test/test_data_lake.py"
 fi
 
+if [ -n "$TEST_ATLAS" ]; then
+    TEST_ARGS="test/atlas/test_connection.py"
+fi
+
+
 echo "Running $AUTH tests over $SSL with python $PYTHON"
 python -c 'import sys; print(sys.version)'
 
@@ -190,7 +196,7 @@ if [ -z "$GREEN_FRAMEWORK" ]; then
         python -c "from bson import _cbson; from pymongo import _cmessage"
     fi
 
-    python -m pytest $TEST_ARGS
+    python -m pytest -v $TEST_ARGS
 else
     python -m pip install $GREEN_FRAMEWORK
     python green_framework_test.py $GREEN_FRAMEWORK
diff --git a/tox.ini b/tox.ini
index f317bb43f5..13c866f603 100644
--- a/tox.ini
+++ b/tox.ini
@@ -152,7 +152,7 @@ passenv = *
 allowlist_externals = bash
 commands =
     {[testenv:aws-secrets]commands}
-    bash -c "source ./secrets-export.sh; python -m pytest -v ./test/atlas/test_connection.py"
+    bash -c "source ./secrets-export.sh; TEST_ATLAS=1 tox -m test-eg"
 
 [testenv:test-mockupdb]
 description = run mockupdb tests

From 9d02350721868de943ce0f232f1c9188f427caca Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 15 Aug 2023 09:40:59 -0700
Subject: [PATCH 16/17] Remove test-atlas, source secret-exports.sh in
 run_tests.sh

---
 .evergreen/config.yml   | 3 ++-
 .evergreen/run-tests.sh | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 3a82b27a75..a1ea000098 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -557,7 +557,8 @@ functions:
           set -o errexit
           set -o xtrace
 
-          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-atlas -- drivers/atlas_connect
+          bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m aws-secrets -- drivers/atlas_connect
+          TEST_ATLAS=1 bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-eg
 
   "add aws auth variables to file":
     - command: shell.exec
diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
index f9ec11b725..daeb9b1dcd 100755
--- a/.evergreen/run-tests.sh
+++ b/.evergreen/run-tests.sh
@@ -234,6 +234,11 @@ fi
 echo "Running $AUTH tests over $SSL with python $PYTHON"
 python -c 'import sys; print(sys.version)'
 
+# Try to source exported AWS Secrets
+if [ -f ./secrets-export.sh ]; then
+  source ./secrets-export.sh
+fi
+
 # Run the tests, and store the results in Evergreen compatible XUnit XML
 # files in the xunit-results/ directory.
 

From bc6dc4cb7971adc5695967fc30698f7679bba267 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 15 Aug 2023 10:17:30 -0700
Subject: [PATCH 17/17] Remove test-atlas from tox

---
 tox.ini | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/tox.ini b/tox.ini
index ada47949f3..55545c54f0 100644
--- a/tox.ini
+++ b/tox.ini
@@ -38,7 +38,6 @@ labels = # Use labels and -m instead of -e so that tox -m <label> fails instantl
     doc = doc
     doc-test = doc-test
     linkcheck = linkcheck
-    test-atlas = test-atlas
     test-mockupdb = test-mockupdb
     aws-secrets = aws-secrets
 
@@ -144,16 +143,6 @@ deps =
 commands =
     sphinx-build -E -b linkcheck doc ./doc/_build/linkcheck
 
-[testenv:test-atlas]
-deps =
-    {[testenv:aws-secrets]deps}
-    {[testenv:test]deps}
-passenv = *
-allowlist_externals = bash
-commands =
-    {[testenv:aws-secrets]commands}
-    bash -c "source ./secrets-export.sh; TEST_ATLAS=1 tox -m test-eg"
-
 [testenv:test-mockupdb]
 description = run mockupdb tests
 deps =