diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 2d357c8229..72340b8a8a 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -206,7 +206,7 @@ functions: params: binary: bash include_expansions_in_env: [VERSION, TOPOLOGY, AUTH, SSL, ORCHESTRATION_FILE, LOAD_BALANCER, - STORAGE_ENGINE, REQUIRE_API_VERSION, DRIVERS_TOOLS, TEST_CRYPT_SHARED] + STORAGE_ENGINE, REQUIRE_API_VERSION, DRIVERS_TOOLS, TEST_CRYPT_SHARED, AUTH_AWS] args: - src/.evergreen/scripts/bootstrap-mongo-orchestration.sh - command: expansions.update @@ -295,100 +295,6 @@ functions: - .evergreen/scripts/run-with-env.sh - .evergreen/scripts/run-atlas-tests.sh - "get aws auth secrets": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] - binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_aws/setup-secrets.sh - - "run aws auth test with regular aws credentials": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["DRIVERS_TOOLS", "skip_EC2_auth_test"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - regular - - "run aws auth test with assume role credentials": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["DRIVERS_TOOLS", "skip_EC2_auth_test"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - assume-role - - "run aws auth test with aws EC2 credentials": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["DRIVERS_TOOLS", "skip_EC2_auth_test"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - ec2 - - "run aws auth test with aws web identity credentials": - - # Test with and without AWS_ROLE_SESSION_NAME set. - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["DRIVERS_TOOLS", "skip_EC2_auth_test"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - web-identity - - command: subprocess.exec - type: test - params: - include_expansions_in_env: [ "DRIVERS_TOOLS", "skip_EC2_auth_test" ] - binary: bash - working_dir: "src" - env: - AWS_ROLE_SESSION_NAME: test - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - web-identity - - "run aws auth test with aws credentials as environment variables": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["DRIVERS_TOOLS", "skip_EC2_auth_test"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - env-creds - - "run aws auth test with aws credentials and session token as environment variables": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["DRIVERS_TOOLS", "skip_EC2_auth_test"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-mongodb-aws-test.sh - - session-creds - "run oidc auth test with test credentials": - command: subprocess.exec type: test @@ -411,16 +317,6 @@ functions: args: - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh - "run aws ECS auth test": - - command: subprocess.exec - type: test - params: - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-aws-ecs-auth-test.sh - "cleanup": - command: subprocess.exec params: @@ -431,13 +327,6 @@ functions: - .evergreen/scripts/cleanup.sh "teardown system": - - command: subprocess.exec - params: - binary: bash - working_dir: "src" - args: - # Ensure the instance profile is reassigned for aws tests. - - ${DRIVERS_TOOLS}/.evergreen/auth_aws/teardown.sh - command: subprocess.exec params: binary: bash @@ -1159,132 +1048,6 @@ tasks: OCSP_ALGORITHM: "ecdsa" OCSP_TLS_SHOULD_SUCCEED: "false" - - name: "aws-auth-test-4.4" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "4.4" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - - name: "aws-auth-test-5.0" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "5.0" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - - name: "aws-auth-test-6.0" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "6.0" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - - name: "aws-auth-test-7.0" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "7.0" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - - name: "aws-auth-test-8.0" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "8.0" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - - name: "aws-auth-test-rapid" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "rapid" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - - name: "aws-auth-test-latest" - commands: - - func: "bootstrap mongo-orchestration" - vars: - AUTH: "auth" - ORCHESTRATION_FILE: "auth-aws.json" - TOPOLOGY: "server" - VERSION: "latest" - - func: "assume ec2 role" - - func: "get aws auth secrets" - - func: "run aws auth test with regular aws credentials" - - func: "run aws auth test with assume role credentials" - - func: "run aws auth test with aws credentials as environment variables" - - func: "run aws auth test with aws credentials and session token as environment variables" - - func: "run aws auth test with aws EC2 credentials" - - func: "run aws auth test with aws web identity credentials" - - func: "run aws ECS auth test" - - name: "oidc-auth-test" commands: - func: "run oidc auth test with test credentials" diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index b7aab80b30..56fdc1aa67 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -1,4 +1,685 @@ tasks: + # Aws tests + - name: test-auth-aws-4.4-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-4.4-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-4.4-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-4.4-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-4.4-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-4.4-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-4.4-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-4.4-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "4.4" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-5.0-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-5.0-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-5.0-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-5.0-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-5.0-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-5.0-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-5.0-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-5.0-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "5.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-6.0-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-6.0-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-6.0-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-6.0-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-6.0-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-6.0-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-6.0-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-6.0-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "6.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-7.0-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-7.0-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-7.0-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-7.0-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-7.0-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-7.0-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-7.0-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-7.0-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "7.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-8.0-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-8.0-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-8.0-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-8.0-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-8.0-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-8.0-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-8.0-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-8.0-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: "8.0" + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-rapid-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-rapid-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-rapid-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-rapid-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-rapid-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-rapid-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-rapid-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-rapid-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: rapid + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-latest-regular + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: regular + tags: [auth-aws, auth-aws-regular] + - name: test-auth-aws-latest-assume-role + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: assume-role + tags: [auth-aws, auth-aws-assume-role] + - name: test-auth-aws-latest-ec2 + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ec2 + tags: [auth-aws, auth-aws-ec2] + - name: test-auth-aws-latest-env-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: env-creds + tags: [auth-aws, auth-aws-env-creds] + - name: test-auth-aws-latest-session-creds + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: session-creds + tags: [auth-aws, auth-aws-session-creds] + - name: test-auth-aws-latest-web-identity + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + tags: [auth-aws, auth-aws-web-identity] + - name: test-auth-aws-latest-ecs + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: ecs + tags: [auth-aws, auth-aws-ecs] + - name: test-auth-aws-latest-web-identity-session-name + commands: + - func: bootstrap mongo-orchestration + vars: + AUTH_AWS: "1" + VERSION: latest + - func: assume ec2 role + - func: run tests + vars: + TEST_NAME: auth_aws + SUB_TEST_NAME: web-identity + AWS_ROLE_SESSION_NAME: test + tags: [auth-aws, auth-aws-web-identity] + # Kms tests - name: test-gcpkms commands: diff --git a/.evergreen/generated_configs/variants.yml b/.evergreen/generated_configs/variants.yml index 88c564909f..0126c779b4 100644 --- a/.evergreen/generated_configs/variants.yml +++ b/.evergreen/generated_configs/variants.yml @@ -107,13 +107,7 @@ buildvariants: # Aws auth tests - name: auth-aws-ubuntu-20-python3.9 tasks: - - name: aws-auth-test-4.4 - - name: aws-auth-test-5.0 - - name: aws-auth-test-6.0 - - name: aws-auth-test-7.0 - - name: aws-auth-test-8.0 - - name: aws-auth-test-rapid - - name: aws-auth-test-latest + - name: .auth-aws display_name: Auth AWS Ubuntu-20 Python3.9 run_on: - ubuntu2004-small @@ -121,13 +115,7 @@ buildvariants: PYTHON_BINARY: /opt/python/3.9/bin/python3 - name: auth-aws-ubuntu-20-python3.13 tasks: - - name: aws-auth-test-4.4 - - name: aws-auth-test-5.0 - - name: aws-auth-test-6.0 - - name: aws-auth-test-7.0 - - name: aws-auth-test-8.0 - - name: aws-auth-test-rapid - - name: aws-auth-test-latest + - name: .auth-aws display_name: Auth AWS Ubuntu-20 Python3.13 run_on: - ubuntu2004-small @@ -135,67 +123,35 @@ buildvariants: PYTHON_BINARY: /opt/python/3.13/bin/python3 - name: auth-aws-win64-python3.9 tasks: - - name: aws-auth-test-4.4 - - name: aws-auth-test-5.0 - - name: aws-auth-test-6.0 - - name: aws-auth-test-7.0 - - name: aws-auth-test-8.0 - - name: aws-auth-test-rapid - - name: aws-auth-test-latest + - name: .auth-aws !.auth-aws-ecs display_name: Auth AWS Win64 Python3.9 run_on: - windows-64-vsMulti-small expansions: - skip_ECS_auth_test: "true" PYTHON_BINARY: C:/python/Python39/python.exe - name: auth-aws-win64-python3.13 tasks: - - name: aws-auth-test-4.4 - - name: aws-auth-test-5.0 - - name: aws-auth-test-6.0 - - name: aws-auth-test-7.0 - - name: aws-auth-test-8.0 - - name: aws-auth-test-rapid - - name: aws-auth-test-latest + - name: .auth-aws !.auth-aws-ecs display_name: Auth AWS Win64 Python3.13 run_on: - windows-64-vsMulti-small expansions: - skip_ECS_auth_test: "true" PYTHON_BINARY: C:/python/Python313/python.exe - name: auth-aws-macos-python3.9 tasks: - - name: aws-auth-test-4.4 - - name: aws-auth-test-5.0 - - name: aws-auth-test-6.0 - - name: aws-auth-test-7.0 - - name: aws-auth-test-8.0 - - name: aws-auth-test-rapid - - name: aws-auth-test-latest + - name: .auth-aws !.auth-aws-web-identity !.auth-aws-ecs !.auth-aws-ec2 display_name: Auth AWS macOS Python3.9 run_on: - macos-14 expansions: - skip_ECS_auth_test: "true" - skip_EC2_auth_test: "true" - skip_web_identity_auth_test: "true" PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.9/bin/python3 - name: auth-aws-macos-python3.13 tasks: - - name: aws-auth-test-4.4 - - name: aws-auth-test-5.0 - - name: aws-auth-test-6.0 - - name: aws-auth-test-7.0 - - name: aws-auth-test-8.0 - - name: aws-auth-test-rapid - - name: aws-auth-test-latest + - name: .auth-aws !.auth-aws-web-identity !.auth-aws-ecs !.auth-aws-ec2 display_name: Auth AWS macOS Python3.13 run_on: - macos-14 expansions: - skip_ECS_auth_test: "true" - skip_EC2_auth_test: "true" - skip_web_identity_auth_test: "true" PYTHON_BINARY: /Library/Frameworks/Python.Framework/Versions/3.13/bin/python3 # Compression tests diff --git a/.evergreen/run-mongodb-aws-ecs-test.sh b/.evergreen/run-mongodb-aws-ecs-test.sh index ef7e0ba333..09fa571959 100755 --- a/.evergreen/run-mongodb-aws-ecs-test.sh +++ b/.evergreen/run-mongodb-aws-ecs-test.sh @@ -30,5 +30,5 @@ export SET_XTRACE_ON=1 cd src rm -rf .venv rm -f .evergreen/scripts/test-env.sh || true -bash ./.evergreen/just.sh setup-tests auth_aws ecs +bash ./.evergreen/just.sh setup-tests auth_aws ecs-remote bash .evergreen/just.sh run-tests diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 4d4d29c6dd..9943f491fb 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -734,23 +734,14 @@ def create_atlas_connect_variants(): def create_aws_auth_variants(): variants = [] - tasks = [ - "aws-auth-test-4.4", - "aws-auth-test-5.0", - "aws-auth-test-6.0", - "aws-auth-test-7.0", - "aws-auth-test-8.0", - "aws-auth-test-rapid", - "aws-auth-test-latest", - ] for host_name, python in product(["ubuntu20", "win64", "macos"], MIN_MAX_PYTHON): expansions = dict() - if host_name != "ubuntu20": - expansions["skip_ECS_auth_test"] = "true" + tasks = [".auth-aws"] if host_name == "macos": - expansions["skip_EC2_auth_test"] = "true" - expansions["skip_web_identity_auth_test"] = "true" + tasks = [".auth-aws !.auth-aws-web-identity !.auth-aws-ecs !.auth-aws-ec2"] + elif host_name == "win64": + tasks = [".auth-aws !.auth-aws-ecs"] host = HOSTS[host_name] variant = create_variant( tasks, @@ -854,6 +845,43 @@ def create_kms_tasks(): return tasks +def create_aws_tasks(): + tasks = [] + aws_test_types = [ + "regular", + "assume-role", + "ec2", + "env-creds", + "session-creds", + "web-identity", + "ecs", + ] + for version in get_versions_from("4.4"): + base_name = f"test-auth-aws-{version}" + base_tags = ["auth-aws"] + bootstrap_vars = dict(AUTH_AWS="1", VERSION=version) + bootstrap_func = FunctionCall(func="bootstrap mongo-orchestration", vars=bootstrap_vars) + assume_func = FunctionCall(func="assume ec2 role") + for test_type in aws_test_types: + tags = [*base_tags, f"auth-aws-{test_type}"] + name = f"{base_name}-{test_type}" + test_vars = dict(TEST_NAME="auth_aws", SUB_TEST_NAME=test_type) + test_func = FunctionCall(func="run tests", vars=test_vars) + funcs = [bootstrap_func, assume_func, test_func] + tasks.append(EvgTask(name=name, tags=tags, commands=funcs)) + + tags = [*base_tags, "auth-aws-web-identity"] + name = f"{base_name}-web-identity-session-name" + test_vars = dict( + TEST_NAME="auth_aws", SUB_TEST_NAME="web-identity", AWS_ROLE_SESSION_NAME="test" + ) + test_func = FunctionCall(func="run tests", vars=test_vars) + funcs = [bootstrap_func, assume_func, test_func] + tasks.append(EvgTask(name=name, tags=tags, commands=funcs)) + + return tasks + + ################## # Generate Config ################## diff --git a/.evergreen/scripts/run-aws-ecs-auth-test.sh b/.evergreen/scripts/run-aws-ecs-auth-test.sh deleted file mode 100755 index b8197c4da5..0000000000 --- a/.evergreen/scripts/run-aws-ecs-auth-test.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC2154 -if [ "${skip_ECS_auth_test}" = "true" ]; then - echo "This platform does not support the ECS auth test, skipping..." - exit 0 -fi -set -ex -cd "$DRIVERS_TOOLS"/.evergreen/auth_aws -. ./activate-authawsvenv.sh -. aws_setup.sh ecs -cd - diff --git a/.evergreen/scripts/run-mongodb-aws-test.sh b/.evergreen/scripts/run-mongodb-aws-test.sh deleted file mode 100755 index fd38574db8..0000000000 --- a/.evergreen/scripts/run-mongodb-aws-test.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -o xtrace -set -o errexit # Exit the script with error if any of the commands fail - -############################################ -# Main Program # -############################################ - -# Supported/used environment variables: -# MONGODB_URI Set the URI, including an optional username/password to use -# to connect to the server via MONGODB-AWS authentication -# mechanism. -# PYTHON_BINARY The Python version to use. - -# shellcheck disable=SC2154 -if [ "${skip_EC2_auth_test:-}" = "true" ] && { [ "$1" = "ec2" ] || [ "$1" = "web-identity" ]; }; then - echo "This platform does not support the EC2 auth test, skipping..." - exit 0 -fi - -echo "Running MONGODB-AWS authentication tests for $1" - -# Handle credentials and environment setup. -. "$DRIVERS_TOOLS"/.evergreen/auth_aws/aws_setup.sh "$1" - -bash ./.evergreen/just.sh setup-tests auth_aws $1 -bash ./.evergreen/just.sh run-tests diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index 830f5190e0..cd781ccd70 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -9,7 +9,7 @@ from datetime import datetime import pytest -from utils import LOGGER, ROOT +from utils import DRIVERS_TOOLS, LOGGER, ROOT, run_command AUTH = os.environ.get("AUTH", "noauth") SSL = os.environ.get("SSL", "nossl") @@ -107,11 +107,18 @@ def run() -> None: test_kms_remote(SUB_TEST_NAME) return + # Run remote ecs tests. + if TEST_NAME == "auth_aws" and SUB_TEST_NAME == "ecs": + run_command(f"{DRIVERS_TOOLS}/.evergreen/auth_aws/aws_setup.sh ecs") + return + if os.environ.get("DEBUG_LOG"): TEST_ARGS.extend(f"-o log_cli_level={logging.DEBUG} -o log_cli=1".split()) # Run local tests. - pytest.main(TEST_ARGS + sys.argv[1:]) + ret = pytest.main(TEST_ARGS + sys.argv[1:]) + if ret != 0: + sys.exit(ret) # Handle perf test post actions. if TEST_PERF: diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index c874263a5d..eff7bed773 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -368,8 +368,18 @@ def handle_test_env() -> None: write_env("CA_FILE", os.environ["CA_FILE"]) write_env("OCSP_TLS_SHOULD_SUCCEED", os.environ["OCSP_TLS_SHOULD_SUCCEED"]) - if test_name == "auth_aws": - write_env("MONGODB_URI", os.environ["MONGODB_URI"]) + if test_name == "auth_aws" and sub_test_name != "ecs-remote": + auth_aws_dir = f"{DRIVERS_TOOLS}/.evergreen/auth_aws" + if "AWS_ROLE_SESSION_NAME" in os.environ: + write_env("AWS_ROLE_SESSION_NAME") + if sub_test_name != "ecs": + aws_setup = f"{auth_aws_dir}/aws_setup.sh" + run_command(f"bash {aws_setup} {sub_test_name}") + creds = read_env(f"{auth_aws_dir}/test-env.sh") + for name, value in creds.items(): + write_env(name, value) + else: + run_command(f"bash {auth_aws_dir}/setup-secrets.sh") if test_name == "perf": # PYTHON-4769 Run perf_test.py directly otherwise pytest's test collection negatively diff --git a/.evergreen/scripts/teardown-tests.sh b/.evergreen/scripts/teardown-tests.sh index cd705c6b35..f9e76a20cf 100755 --- a/.evergreen/scripts/teardown-tests.sh +++ b/.evergreen/scripts/teardown-tests.sh @@ -2,10 +2,6 @@ set -eu SCRIPT_DIR=$(dirname ${BASH_SOURCE:-$0}) -SCRIPT_DIR="$( cd -- "$SCRIPT_DIR" > /dev/null 2>&1 && pwd )" -ROOT_DIR="$(dirname $SCRIPT_DIR)" - -pushd $ROOT_DIR > /dev/null # Try to source the env file. if [ -f $SCRIPT_DIR/env.sh ]; then @@ -25,5 +21,3 @@ fi # Teardown the test runner. uv run $SCRIPT_DIR/teardown_tests.py - -popd > /dev/null diff --git a/.evergreen/scripts/teardown_tests.py b/.evergreen/scripts/teardown_tests.py index fc1a937de0..824fc2c9bb 100644 --- a/.evergreen/scripts/teardown_tests.py +++ b/.evergreen/scripts/teardown_tests.py @@ -1,6 +1,7 @@ from __future__ import annotations import os +import sys from utils import DRIVERS_TOOLS, LOGGER, run_command @@ -9,7 +10,7 @@ LOGGER.info(f"Tearing down tests of type '{TEST_NAME}'...") -# Shut down csfle servers if applicable +# Shut down csfle servers if applicable. if TEST_NAME == "encryption": run_command(f"bash {DRIVERS_TOOLS}/.evergreen/csfle/stop-servers.sh") @@ -23,4 +24,10 @@ teardown_kms(SUB_TEST_NAME) +# Tear down auth_aws if applicable. +# We do not run web-identity hosts on macos, because the hosts lack permissions, +# so there is no reason to run the teardown, which would error with a 401. +elif TEST_NAME == "auth_aws" and sys.platform != "darwin": + run_command(f"bash {DRIVERS_TOOLS}/.evergreen/auth_aws/teardown.sh") + LOGGER.info(f"Tearing down tests of type '{TEST_NAME}'... done.") diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 4f9ed398ad..c8ecb80091 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -53,6 +53,7 @@ jobs: # supercharge/mongodb-github-action requires containers so we don't test other platforms runs-on: ${{ matrix.os }} strategy: + fail-fast: false matrix: os: [ubuntu-latest] python-version: ["3.9", "pypy-3.10", "3.13", "3.13t"] diff --git a/pyproject.toml b/pyproject.toml index c898169895..ca76cfa2c0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -118,7 +118,7 @@ filterwarnings = [ # https://github.com/eventlet/eventlet/issues/818 "module:please use dns.resolver.Resolver.resolve:DeprecationWarning", # https://github.com/dateutil/dateutil/issues/1314 - "module:datetime.datetime.utc:DeprecationWarning:dateutil", + "module:datetime.datetime.utc:DeprecationWarning", ] markers = [ "auth_aws: tests that rely on pymongo-auth-aws",