diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a1ea000098..a8b87b7853 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -511,31 +511,23 @@ functions: bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-eg "run enterprise auth tests": - - command: shell.exec - type: test + - command: ec2.assume_role params: - silent: true - working_dir: "src" - script: | - cat < prepare_enterprise_auth.sh - export SASL_HOST='${sasl_host}' - export SASL_PORT='${sasl_port}' - export SASL_USER='${sasl_user}' - export SASL_PASS='${sasl_pass}' - export SASL_DB='${sasl_db}' - export PRINCIPAL='${principal}' - export GSSAPI_DB='${gssapi_db}' - export KEYTAB_BASE64='${keytab_base64}' - EOT + role_arn: ${aws_test_secrets_role} - command: shell.exec type: test params: working_dir: "src" script: | - # Disable xtrace (just in case it was accidentally set). + # Disable xtrace for security reasons (just in case it was accidentally set). set +x - . ./prepare_enterprise_auth.sh - rm -f ./prepare_enterprise_auth.sh + + DRIVERS_TOOLS="${DRIVERS_TOOLS}" \ + AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \ + AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \ + AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" \ + bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m aws-secrets -- drivers/enterprise_auth + PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \ PYTHON_BINARY="${PYTHON_BINARY}" \ TEST_ENTERPRISE_AUTH=1 \ @@ -549,16 +541,21 @@ functions: - command: shell.exec type: test params: - add_expansions_to_env: true working_dir: "src" script: | # Disable xtrace for security reasons (just in case it was accidentally set). set +x - set -o errexit - set -o xtrace - bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m aws-secrets -- drivers/atlas_connect - TEST_ATLAS=1 bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-eg + DRIVERS_TOOLS="${DRIVERS_TOOLS}" \ + AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \ + AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \ + AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" \ + bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m aws-secrets -- drivers/atlas_connect + + PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \ + PYTHON_BINARY="${PYTHON_BINARY}" \ + TEST_ATLAS=1 \ + bash ${PROJECT_DIRECTORY}/.evergreen/tox.sh -m test-eg "add aws auth variables to file": - command: shell.exec diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index daeb9b1dcd..5db4640401 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -41,6 +41,11 @@ PYTHON=$(which python) python -c "import sys; sys.exit(sys.prefix == sys.base_prefix)" || (echo "Not inside a virtual env!"; exit 1) +# Try to source exported AWS Secrets +if [ -f ./secrets-export.sh ]; then + source ./secrets-export.sh +fi + if [ "$AUTH" != "noauth" ]; then if [ ! -z "$TEST_DATA_LAKE" ]; then export DB_USER="mhuser" @@ -234,10 +239,6 @@ fi echo "Running $AUTH tests over $SSL with python $PYTHON" python -c 'import sys; print(sys.version)' -# Try to source exported AWS Secrets -if [ -f ./secrets-export.sh ]; then - source ./secrets-export.sh -fi # Run the tests, and store the results in Evergreen compatible XUnit XML # files in the xunit-results/ directory. diff --git a/.gitignore b/.gitignore index 2663e31757..77483d26b2 100644 --- a/.gitignore +++ b/.gitignore @@ -17,7 +17,6 @@ mongocryptd.pid .idea/ .nova/ venv/ -secrets-expansion.yml secrets-export.sh # Lambda temp files diff --git a/test/test_client.py b/test/test_client.py index 24f4603b27..5d5208043d 100644 --- a/test/test_client.py +++ b/test/test_client.py @@ -1758,6 +1758,9 @@ def _test_handshake(self, env_vars, expected_env): metadata = copy.deepcopy(_METADATA) if expected_env is not None: metadata["env"] = expected_env + + if "AWS_REGION" not in env_vars: + os.environ["AWS_REGION"] = "" with rs_or_single_client(serverSelectionTimeoutMS=10000) as client: client.admin.command("ping") options = client._MongoClient__options