From 134d166085107bfdf873b3832f6ec7f319405ac6 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 09:00:26 -0500 Subject: [PATCH 01/27] PYTHON-5196 Convert OIDC tests to use new test scripts --- .evergreen/config.yml | 153 -------------------------- .evergreen/scripts/generate_config.py | 6 + .evergreen/scripts/run_server.py | 5 + .evergreen/scripts/run_tests.py | 7 ++ .evergreen/scripts/setup_tests.py | 3 + .evergreen/scripts/utils.py | 2 +- justfile | 8 ++ 7 files changed, 30 insertions(+), 154 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 3f498ba3fa..0305d73b1e 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -288,28 +288,6 @@ functions: - .evergreen/scripts/run-with-env.sh - .evergreen/scripts/run-atlas-tests.sh - "run oidc auth test with test credentials": - - command: subprocess.exec - type: test - params: - working_dir: "src" - binary: bash - include_expansions_in_env: ["DRIVERS_TOOLS", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] - args: - - .evergreen/run-mongodb-oidc-test.sh - - "run oidc k8s auth test": - - command: subprocess.exec - type: test - params: - binary: bash - working_dir: src - env: - OIDC_ENV: k8s - include_expansions_in_env: ["DRIVERS_TOOLS", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "K8S_VARIANT"] - args: - - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh - "cleanup": - command: subprocess.exec params: @@ -442,96 +420,6 @@ task_groups: tasks: - ".serverless" - - name: testazureoidc_task_group - setup_group: - - func: fetch source - - func: setup system - - command: subprocess.exec - params: - binary: bash - env: - AZUREOIDC_VMNAME_PREFIX: "PYTHON_DRIVER" - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/create-and-setup-vm.sh - teardown_task: - - command: subprocess.exec - params: - binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/delete-vm.sh - setup_group_can_fail_task: true - setup_group_timeout_secs: 1800 - tasks: - - oidc-auth-test-azure - - - name: testgcpoidc_task_group - setup_group: - - func: fetch source - - func: setup system - - command: subprocess.exec - params: - binary: bash - env: - GCPOIDC_VMNAME_PREFIX: "PYTHON_DRIVER" - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/setup.sh - teardown_task: - - command: subprocess.exec - params: - binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/teardown.sh - setup_group_can_fail_task: true - setup_group_timeout_secs: 1800 - tasks: - - oidc-auth-test-gcp - - - name: testk8soidc_task_group - setup_group: - - func: fetch source - - func: setup system - - command: ec2.assume_role - params: - role_arn: ${aws_test_secrets_role} - duration_seconds: 1800 - - command: subprocess.exec - params: - binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh - teardown_task: - - command: subprocess.exec - params: - binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/teardown.sh - setup_group_can_fail_task: true - setup_group_timeout_secs: 1800 - tasks: - - oidc-auth-test-k8s - - - name: testoidc_task_group - setup_group: - - func: fetch source - - func: setup system - - func: "assume ec2 role" - - command: subprocess.exec - params: - binary: bash - include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/setup.sh - teardown_task: - - command: subprocess.exec - params: - binary: bash - args: - - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/teardown.sh - setup_group_can_fail_task: true - setup_group_timeout_secs: 1800 - tasks: - - oidc-auth-test - - name: test_aws_lambda_task_group setup_group: - func: fetch source @@ -1028,47 +916,6 @@ tasks: OCSP_ALGORITHM: "ecdsa" OCSP_TLS_SHOULD_SUCCEED: "false" - - name: "oidc-auth-test" - commands: - - func: "run oidc auth test with test credentials" - - - name: "oidc-auth-test-azure" - commands: - - command: subprocess.exec - type: test - params: - binary: bash - working_dir: src - env: - OIDC_ENV: azure - include_expansions_in_env: ["DRIVERS_TOOLS"] - args: - - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh - - - name: "oidc-auth-test-gcp" - commands: - - command: subprocess.exec - type: test - params: - binary: bash - working_dir: src - env: - OIDC_ENV: gcp - include_expansions_in_env: ["DRIVERS_TOOLS"] - args: - - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh - - - name: "oidc-auth-test-k8s" - commands: - - func: "run oidc k8s auth test" - vars: - K8S_VARIANT: eks - - func: "run oidc k8s auth test" - vars: - K8S_VARIANT: gke - - func: "run oidc k8s auth test" - vars: - K8S_VARIANT: aks # }}} - name: "coverage-report" tags: ["coverage"] diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 03b4619899..9c1ba84857 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -884,6 +884,12 @@ def create_aws_tasks(): return tasks +def create_oidc_tasks(): + tasks = [] + tasks.append([]) + return tasks + + ################## # Generate Config ################## diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index 51fe8a67f1..40f6a38f0e 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -32,6 +32,11 @@ def start_server(): elif test_name == "load_balancer": set_env("LOAD_BALANCER") + elif test_name == "auth_oidc": + cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/auth_oidc/start-local-server.sh"] + run_command(cmd, cwd=DRIVERS_TOOLS) + return + if not os.environ.get("TEST_CRYPT_SHARED"): set_env("SKIP_CRYPT_SHARED") diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index cd781ccd70..bd266947fd 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -112,6 +112,13 @@ def run() -> None: run_command(f"{DRIVERS_TOOLS}/.evergreen/auth_aws/aws_setup.sh ecs") return + # Run remote oidc tests. + if TEST_NAME == "auth_oidc" and SUB_TEST_NAME in [""]: + from oidc_tester import test_oidc_remote + + test_oidc_remote(SUB_TEST_NAME) + return + if os.environ.get("DEBUG_LOG"): TEST_ARGS.extend(f"-o log_cli_level={logging.DEBUG} -o log_cli=1".split()) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 2fa5e69cbc..7c3ab87a33 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -239,6 +239,9 @@ def handle_test_env() -> None: cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start' run_command(cmd) + if test_name == "oidc": + pass + if SSL != "nossl": if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") diff --git a/.evergreen/scripts/utils.py b/.evergreen/scripts/utils.py index dcb50cc4dc..836841c798 100644 --- a/.evergreen/scripts/utils.py +++ b/.evergreen/scripts/utils.py @@ -49,7 +49,7 @@ class Distro: } # Tests that require a sub test suite. -SUB_TEST_REQUIRED = ["auth_aws", "kms"] +SUB_TEST_REQUIRED = ["auth_aws", "auth_oidc", "kms"] def get_test_options( diff --git a/justfile b/justfile index 43aefb3f1a..fc9b8dce5d 100644 --- a/justfile +++ b/justfile @@ -76,6 +76,14 @@ teardown-tests: run-server *args="": bash .evergreen/scripts/run-server.sh {{args}} +[group('server')] +run-atlas-server *args="": + bash .evergreen/scripts/run-atlas-server.sh {{args}} + [group('server')] stop-server: bash .evergreen/scripts/stop-server.sh + +[group('server')] +stop-atlas-server *args="": + bash .evergreen/scripts/stop-atlas-server.sh {{args}} From 234ab703611fdce85a34ab1fe6148f8b9ad314e1 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 10:53:48 -0500 Subject: [PATCH 02/27] add bash scripts for atlas server handling --- .evergreen/scripts/run-atlas-server.sh | 13 +++++++++++++ .evergreen/scripts/stop-atlas-server.sh | 14 ++++++++++++++ 2 files changed, 27 insertions(+) create mode 100755 .evergreen/scripts/run-atlas-server.sh create mode 100755 .evergreen/scripts/stop-atlas-server.sh diff --git a/.evergreen/scripts/run-atlas-server.sh b/.evergreen/scripts/run-atlas-server.sh new file mode 100755 index 0000000000..e74b424a39 --- /dev/null +++ b/.evergreen/scripts/run-atlas-server.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -eu + +HERE=$(dirname ${BASH_SOURCE:-$0}) + +# Try to source the env file. +if [ -f $HERE/env.sh ]; then + echo "Sourcing env file" + source $HERE/env.sh +fi + +uv run $HERE/run_atlas_server.py "$@" diff --git a/.evergreen/scripts/stop-atlas-server.sh b/.evergreen/scripts/stop-atlas-server.sh new file mode 100755 index 0000000000..640e66b092 --- /dev/null +++ b/.evergreen/scripts/stop-atlas-server.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -eu + +HERE=$(dirname ${BASH_SOURCE:-$0}) +HERE="$( cd -- "$HERE" > /dev/null 2>&1 && pwd )" + +# Try to source the env file. +if [ -f $HERE/env.sh ]; then + echo "Sourcing env file" + source $HERE/env.sh +fi + +uv run $HERE/stop_atlas_server.py "$@" From b3885fa03b7a4ae5becff77968fb9d98e75798be Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 12:47:27 -0500 Subject: [PATCH 03/27] PYTHON-5196 Convert OIDC tests to use new test scripts --- .evergreen/generated_configs/tasks.yml | 2 + .evergreen/run-mongodb-oidc-remote-test.sh | 60 ---------------------- .evergreen/run-mongodb-oidc-test.sh | 14 +---- .evergreen/scripts/generate_config.py | 5 ++ .evergreen/scripts/kms_tester.py | 19 +++---- .evergreen/scripts/oidc_tester.py | 59 +++++++++++++++++++++ .evergreen/scripts/run-atlas-server.sh | 13 ----- .evergreen/scripts/run_server.py | 6 +-- .evergreen/scripts/run_tests.py | 2 +- .evergreen/scripts/setup_tests.py | 6 ++- .evergreen/scripts/stop-atlas-server.sh | 14 ----- .evergreen/scripts/teardown_tests.py | 6 +++ .evergreen/scripts/utils.py | 7 +++ justfile | 8 --- 14 files changed, 99 insertions(+), 122 deletions(-) delete mode 100755 .evergreen/run-mongodb-oidc-remote-test.sh create mode 100644 .evergreen/scripts/oidc_tester.py delete mode 100755 .evergreen/scripts/run-atlas-server.sh delete mode 100755 .evergreen/scripts/stop-atlas-server.sh diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 02ee29e6ed..f10d7b65ea 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -1042,6 +1042,8 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] + # Oidc tests + # Server tests - name: test-4.0-standalone-auth-ssl-sync commands: diff --git a/.evergreen/run-mongodb-oidc-remote-test.sh b/.evergreen/run-mongodb-oidc-remote-test.sh deleted file mode 100755 index bb90bddf07..0000000000 --- a/.evergreen/run-mongodb-oidc-remote-test.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash - -set +x # Disable debug trace -set -eu - -echo "Running MONGODB-OIDC remote tests" - -OIDC_ENV=${OIDC_ENV:-"test"} - -# Make sure DRIVERS_TOOLS is set. -if [ -z "$DRIVERS_TOOLS" ]; then - echo "Must specify DRIVERS_TOOLS" - exit 1 -fi - -# Set up the remote files to test. -git add . -git commit -m "add files" || true -export TEST_TAR_FILE=/tmp/mongo-python-driver.tgz -git archive -o $TEST_TAR_FILE HEAD - -pushd $DRIVERS_TOOLS - -if [ $OIDC_ENV == "test" ]; then - echo "Test OIDC environment does not support remote test!" - exit 1 - -elif [ $OIDC_ENV == "azure" ]; then - export AZUREOIDC_DRIVERS_TAR_FILE=$TEST_TAR_FILE - export AZUREOIDC_TEST_CMD="OIDC_ENV=azure ./.evergreen/run-mongodb-oidc-test.sh" - bash ./.evergreen/auth_oidc/azure/run-driver-test.sh - -elif [ $OIDC_ENV == "gcp" ]; then - export GCPOIDC_DRIVERS_TAR_FILE=$TEST_TAR_FILE - export GCPOIDC_TEST_CMD="OIDC_ENV=gcp ./.evergreen/run-mongodb-oidc-test.sh" - bash ./.evergreen/auth_oidc/gcp/run-driver-test.sh - -elif [ $OIDC_ENV == "k8s" ]; then - # Make sure K8S_VARIANT is set. - if [ -z "$K8S_VARIANT" ]; then - echo "Must specify K8S_VARIANT" - popd - exit 1 - fi - - bash ./.evergreen/auth_oidc/k8s/setup-pod.sh - bash ./.evergreen/auth_oidc/k8s/run-self-test.sh - export K8S_DRIVERS_TAR_FILE=$TEST_TAR_FILE - export K8S_TEST_CMD="OIDC_ENV=k8s ./.evergreen/run-mongodb-oidc-test.sh" - source ./.evergreen/auth_oidc/k8s/secrets-export.sh # for MONGODB_URI - bash ./.evergreen/auth_oidc/k8s/run-driver-test.sh - bash ./.evergreen/auth_oidc/k8s/teardown-pod.sh - -else - echo "Unrecognized OIDC_ENV $OIDC_ENV" - pod - exit 1 -fi - -popd diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh index 759ac5d2bb..b10b10d55f 100755 --- a/.evergreen/run-mongodb-oidc-test.sh +++ b/.evergreen/run-mongodb-oidc-test.sh @@ -5,17 +5,7 @@ set -eu echo "Running MONGODB-OIDC authentication tests" -OIDC_ENV=${OIDC_ENV:-"test"} - -if [ $OIDC_ENV == "test" ]; then - # Make sure DRIVERS_TOOLS is set. - if [ -z "$DRIVERS_TOOLS" ]; then - echo "Must specify DRIVERS_TOOLS" - exit 1 - fi - source ${DRIVERS_TOOLS}/.evergreen/auth_oidc/secrets-export.sh - -elif [ $OIDC_ENV == "azure" ]; then +if [ $OIDC_ENV == "azure" ]; then source ./env.sh elif [ $OIDC_ENV == "gcp" ]; then @@ -29,5 +19,5 @@ else exit 1 fi -COVERAGE=1 bash ./.evergreen/just.sh setup-tests auth_oidc +bash ./.evergreen/just.sh setup-tests auth_oidc remote bash ./.evergreen/just.sh run-tests "${@:1}" diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index d4639614af..d66939e68c 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -886,6 +886,11 @@ def create_aws_tasks(): def create_oidc_tasks(): tasks = [] + for sub_test in ["test", "azure", "gcp", "eks", "aks", "gke"]: + vars = dict(TEST_NAME="auth_oidc", SUB_TEST_NAME=sub_test) + test_func = FunctionCall(func="run tests", vars=vars) + task_name = f"test-auth-oidc-{sub_test}" + tasks.append(EvgTask(name=task_name, tags=["oidc"], commands=[test_func])) tasks.append([]) diff --git a/.evergreen/scripts/kms_tester.py b/.evergreen/scripts/kms_tester.py index d38ec3a69e..014ef7ff15 100644 --- a/.evergreen/scripts/kms_tester.py +++ b/.evergreen/scripts/kms_tester.py @@ -2,9 +2,16 @@ import os -from utils import DRIVERS_TOOLS, LOGGER, ROOT, read_env, run_command, write_env +from utils import ( + DRIVERS_TOOLS, + LOGGER, + TMP_DRIVER_FILE, + create_archive, + read_env, + run_command, + write_env, +) -TMP_DRIVER_FILE = "/tmp/mongo-python-driver.tgz" # noqa: S108 DIRS = dict( gcp=f"{DRIVERS_TOOLS}/.evergreen/csfle/gcpkms", azure=f"{DRIVERS_TOOLS}/.evergreen/csfle/azurekms", @@ -45,12 +52,6 @@ def _setup_gcp_vm(base_env: dict[str, str]) -> None: LOGGER.info("Setting up GCP VM...") -def _create_archive() -> None: - run_command("git add .", cwd=ROOT) - run_command('git commit -m "add files"', check=False, cwd=ROOT) - run_command(f"git archive -o {TMP_DRIVER_FILE} HEAD", cwd=ROOT) - - def _load_kms_config(sub_test_target: str) -> dict[str, str]: target_dir = DIRS[sub_test_target] config = read_env(f"{target_dir}/secrets-export.sh") @@ -87,7 +88,7 @@ def setup_kms(sub_test_name: str) -> None: run_command("./setup-secrets.sh", cwd=kms_dir) if success: - _create_archive() + create_archive() if sub_test_target == "azure": os.environ["AZUREKMS_VMNAME_PREFIX"] = "PYTHON_DRIVER" diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py new file mode 100644 index 0000000000..b0330728f7 --- /dev/null +++ b/.evergreen/scripts/oidc_tester.py @@ -0,0 +1,59 @@ +from __future__ import annotations + +import os + +from utils import ( + DRIVERS_TOOLS, + TMP_DRIVER_FILE, + run_command, +) + +K8S_NAMES = ["aks", "gke", "eks"] + + +def _get_target_dir(sub_test_name: str) -> str: + if sub_test_name == "test": + target_dir = "auth_oidc" + elif sub_test_name == "azure": + target_dir = "auth_oidc/azure" + elif sub_test_name == "gcp": + target_dir = "auth_oidc/gcp" + elif sub_test_name in K8S_NAMES: + target_dir = "auth_oidc/k8s" + else: + raise ValueError(f"Invalid sub test name '{sub_test_name}'") + return f"{DRIVERS_TOOLS}/.evergreen/{target_dir}" + + +def setup_oidc(sub_test_name: str) -> None: + target_dir = _get_target_dir(sub_test_name) + env = os.environ.copy() + if sub_test_name == "azure": + env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER" + run_command(f"bash {target_dir}/setup.sh", env=env) + if sub_test_name in K8S_NAMES: + run_command(f"bash {target_dir}/setup-pod.sh") + run_command(f"bash {target_dir}/run-self-test.sh") + + +def test_oidc_remote(sub_test_name: str) -> None: + env = os.environ.copy() + target_dir = _get_target_dir(sub_test_name) + if sub_test_name in ["azure", "gcp"]: + upper_name = sub_test_name.upper() + env[f"{upper_name}OIDC_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE + env[ + f"{upper_name}OIDC_TEST_CMD" + ] = f"OIDC_ENV={sub_test_name} ./.evergreen/run-mongodb-oidc-test.sh" + elif sub_test_name in K8S_NAMES: + env["K8S_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE + env["K8S_TEST_CMD"] = "OIDC_ENV=k8s ./.evergreen/run-mongodb-oidc-test.sh" + + run_command(f"bash {target_dir}/run-driver-test.sh") + + +def teardown_oidc(sub_test_name: str) -> None: + target_dir = _get_target_dir(sub_test_name) + if sub_test_name in K8S_NAMES: + run_command(f"bash {target_dir}/teardown-pod.sh") + run_command(f"bash {target_dir}/teardown.sh") diff --git a/.evergreen/scripts/run-atlas-server.sh b/.evergreen/scripts/run-atlas-server.sh deleted file mode 100755 index e74b424a39..0000000000 --- a/.evergreen/scripts/run-atlas-server.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -eu - -HERE=$(dirname ${BASH_SOURCE:-$0}) - -# Try to source the env file. -if [ -f $HERE/env.sh ]; then - echo "Sourcing env file" - source $HERE/env.sh -fi - -uv run $HERE/run_atlas_server.py "$@" diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index ef2195a3c9..8ed50e80e5 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -33,9 +33,9 @@ def start_server(): set_env("LOAD_BALANCER") elif test_name == "auth_oidc": - cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/auth_oidc/start-local-server.sh"] - run_command(cmd, cwd=DRIVERS_TOOLS) - return + raise ValueError( + "OIDC auth does not use run-orchestration directly, do not use run-server!" + ) elif test_name == "ocsp": opts.ssl = True diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index bd266947fd..9903692782 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -113,7 +113,7 @@ def run() -> None: return # Run remote oidc tests. - if TEST_NAME == "auth_oidc" and SUB_TEST_NAME in [""]: + if TEST_NAME == "auth_oidc" and SUB_TEST_NAME not in ["test", "test-remote"]: from oidc_tester import test_oidc_remote test_oidc_remote(SUB_TEST_NAME) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index cbac1de7f9..dc000a44cd 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -239,8 +239,10 @@ def handle_test_env() -> None: cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start' run_command(cmd) - if test_name == "oidc": - pass + if test_name == "auth_oidc": + from oidc_helper import setup_oidc + + setup_oidc(sub_test_name) if test_name == "ocsp": if sub_test_name: diff --git a/.evergreen/scripts/stop-atlas-server.sh b/.evergreen/scripts/stop-atlas-server.sh deleted file mode 100755 index 640e66b092..0000000000 --- a/.evergreen/scripts/stop-atlas-server.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -eu - -HERE=$(dirname ${BASH_SOURCE:-$0}) -HERE="$( cd -- "$HERE" > /dev/null 2>&1 && pwd )" - -# Try to source the env file. -if [ -f $HERE/env.sh ]; then - echo "Sourcing env file" - source $HERE/env.sh -fi - -uv run $HERE/stop_atlas_server.py "$@" diff --git a/.evergreen/scripts/teardown_tests.py b/.evergreen/scripts/teardown_tests.py index fedbdc2fe8..a3f083beee 100644 --- a/.evergreen/scripts/teardown_tests.py +++ b/.evergreen/scripts/teardown_tests.py @@ -24,6 +24,12 @@ teardown_kms(SUB_TEST_NAME) +# Tear down OIDC if applicable. +elif TEST_NAME == "oidc": + from oidc_tester import teardown_oidc + + teardown_oidc(SUB_TEST_NAME) + # Tear down ocsp if applicable. elif TEST_NAME == "ocsp": run_command(f"bash {DRIVERS_TOOLS}/.evergreen/teardown.sh") diff --git a/.evergreen/scripts/utils.py b/.evergreen/scripts/utils.py index 836841c798..70a527028b 100644 --- a/.evergreen/scripts/utils.py +++ b/.evergreen/scripts/utils.py @@ -13,6 +13,7 @@ HERE = Path(__file__).absolute().parent ROOT = HERE.parent.parent DRIVERS_TOOLS = os.environ.get("DRIVERS_TOOLS", "").replace(os.sep, "/") +TMP_DRIVER_FILE = "/tmp/mongo-python-driver.tgz" # noqa: S108 LOGGER = logging.getLogger("test") logging.basicConfig(level=logging.INFO, format="%(levelname)-8s %(message)s") @@ -138,3 +139,9 @@ def run_command(cmd: str | list[str], **kwargs: Any) -> None: kwargs.setdefault("check", True) subprocess.run(shlex.split(cmd), **kwargs) # noqa: PLW1510, S603 LOGGER.info("Running command '%s'... done.", cmd) + + +def create_archive() -> None: + run_command("git add .", cwd=ROOT) + run_command('git commit -m "add files"', check=False, cwd=ROOT) + run_command(f"git archive -o {TMP_DRIVER_FILE} HEAD", cwd=ROOT) diff --git a/justfile b/justfile index fc9b8dce5d..43aefb3f1a 100644 --- a/justfile +++ b/justfile @@ -76,14 +76,6 @@ teardown-tests: run-server *args="": bash .evergreen/scripts/run-server.sh {{args}} -[group('server')] -run-atlas-server *args="": - bash .evergreen/scripts/run-atlas-server.sh {{args}} - [group('server')] stop-server: bash .evergreen/scripts/stop-server.sh - -[group('server')] -stop-atlas-server *args="": - bash .evergreen/scripts/stop-atlas-server.sh {{args}} From cb4a70b2585a7a713d4f1c67cd40391c0e502bf3 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 12:50:44 -0500 Subject: [PATCH 04/27] PYTHON-5196 Convert OIDC tests to use new test scripts --- .evergreen/generated_configs/variants.yml | 9 +++------ .evergreen/scripts/generate_config.py | 11 +++++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.evergreen/generated_configs/variants.yml b/.evergreen/generated_configs/variants.yml index 80f08bc7a4..cf3e0cc903 100644 --- a/.evergreen/generated_configs/variants.yml +++ b/.evergreen/generated_configs/variants.yml @@ -920,24 +920,21 @@ buildvariants: # Oidc auth tests - name: auth-oidc-ubuntu-22 tasks: - - name: testoidc_task_group - - name: testazureoidc_task_group - - name: testgcpoidc_task_group - - name: testk8soidc_task_group + - name: .auth_oidc display_name: Auth OIDC Ubuntu-22 run_on: - ubuntu2204-small batchtime: 10080 - name: auth-oidc-macos tasks: - - name: testoidc_task_group + - name: .auth_oidc !.auth_oidc_remote display_name: Auth OIDC macOS run_on: - macos-14 batchtime: 10080 - name: auth-oidc-win64 tasks: - - name: testoidc_task_group + - name: .auth_oidc !.auth_oidc_remote display_name: Auth OIDC Win64 run_on: - windows-64-vsMulti-small diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index d66939e68c..aa3a0a310d 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -663,11 +663,11 @@ def create_serverless_variants(): def create_oidc_auth_variants(): variants = [] - other_tasks = ["testazureoidc_task_group", "testgcpoidc_task_group", "testk8soidc_task_group"] for host_name in ["ubuntu22", "macos", "win64"]: - tasks = ["testoidc_task_group"] if host_name == "ubuntu22": - tasks += other_tasks + tasks = [".auth_oidc"] + else: + tasks = [".auth_oidc !.auth_oidc_remote"] host = HOSTS[host_name] variants.append( create_variant( @@ -890,7 +890,10 @@ def create_oidc_tasks(): vars = dict(TEST_NAME="auth_oidc", SUB_TEST_NAME=sub_test) test_func = FunctionCall(func="run tests", vars=vars) task_name = f"test-auth-oidc-{sub_test}" - tasks.append(EvgTask(name=task_name, tags=["oidc"], commands=[test_func])) + tags = ["auth_oidc"] + if sub_test != "test": + tags.append("auth_oidc_remote") + tasks.append(EvgTask(name=task_name, tags=tags, commands=[test_func])) tasks.append([]) From 3bbd5f2a555ef16d40111812374d0ab7e81af09c Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 12:52:40 -0500 Subject: [PATCH 05/27] PYTHON-5196 Convert OIDC tests to use new test scripts --- .evergreen/generated_configs/tasks.yml | 42 ++++++++++++++++++++++++++ .evergreen/scripts/generate_config.py | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index f10d7b65ea..c112332608 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -1043,6 +1043,48 @@ tasks: tags: [ocsp, ocsp-rsa] # Oidc tests + - name: test-auth-oidc-test + commands: + - func: run tests + vars: + TEST_NAME: auth_oidc + SUB_TEST_NAME: test + tags: [auth_oidc] + - name: test-auth-oidc-azure + commands: + - func: run tests + vars: + TEST_NAME: auth_oidc + SUB_TEST_NAME: azure + tags: [auth_oidc, auth_oidc_remote] + - name: test-auth-oidc-gcp + commands: + - func: run tests + vars: + TEST_NAME: auth_oidc + SUB_TEST_NAME: gcp + tags: [auth_oidc, auth_oidc_remote] + - name: test-auth-oidc-eks + commands: + - func: run tests + vars: + TEST_NAME: auth_oidc + SUB_TEST_NAME: eks + tags: [auth_oidc, auth_oidc_remote] + - name: test-auth-oidc-aks + commands: + - func: run tests + vars: + TEST_NAME: auth_oidc + SUB_TEST_NAME: aks + tags: [auth_oidc, auth_oidc_remote] + - name: test-auth-oidc-gke + commands: + - func: run tests + vars: + TEST_NAME: auth_oidc + SUB_TEST_NAME: gke + tags: [auth_oidc, auth_oidc_remote] # Server tests - name: test-4.0-standalone-auth-ssl-sync diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index aa3a0a310d..b3d9def00d 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -894,7 +894,7 @@ def create_oidc_tasks(): if sub_test != "test": tags.append("auth_oidc_remote") tasks.append(EvgTask(name=task_name, tags=tags, commands=[test_func])) - tasks.append([]) + return tasks def _create_ocsp_task(algo, variant, server_type, base_task_name): From e6fa6102f378825d51da413ba9688e9653eec38c Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 11:11:38 -0500 Subject: [PATCH 06/27] wip --- .evergreen/run-mongodb-oidc-test.sh | 20 +++--------- .evergreen/run-tests.sh | 5 --- .evergreen/scripts/oidc_tester.py | 47 ++++++++++++++++++++-------- .evergreen/scripts/setup_tests.py | 17 +++++----- .evergreen/scripts/teardown_tests.py | 2 +- test/auth_oidc/test_auth_oidc.py | 5 +++ 6 files changed, 53 insertions(+), 43 deletions(-) diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh index b10b10d55f..7016502af5 100755 --- a/.evergreen/run-mongodb-oidc-test.sh +++ b/.evergreen/run-mongodb-oidc-test.sh @@ -3,21 +3,9 @@ set +x # Disable debug trace set -eu -echo "Running MONGODB-OIDC authentication tests" +echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}..." -if [ $OIDC_ENV == "azure" ]; then - source ./env.sh - -elif [ $OIDC_ENV == "gcp" ]; then - source ./secrets-export.sh - -elif [ $OIDC_ENV == "k8s" ]; then - echo "Running oidc on k8s" - -else - echo "Unrecognized OIDC_ENV $OIDC_ENV" - exit 1 -fi - -bash ./.evergreen/just.sh setup-tests auth_oidc remote +bash ./.evergreen/just.sh setup-tests auth_oidc ${OIDC_ENV}-remote bash ./.evergreen/just.sh run-tests "${@:1}" + +echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}... done." diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 61d505d45a..00841b0a67 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -24,11 +24,6 @@ else exit 1 fi -# Source the local secrets export file if available. -if [ -f "./secrets-export.sh" ]; then - . "./secrets-export.sh" -fi - # List the packages. PIP_QUIET=0 uv run ${UV_ARGS} --with pip pip list diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index b0330728f7..ac0c62b360 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -2,43 +2,65 @@ import os -from utils import ( - DRIVERS_TOOLS, - TMP_DRIVER_FILE, - run_command, -) +from utils import DRIVERS_TOOLS, TMP_DRIVER_FILE, create_archive, read_env, run_command, write_env K8S_NAMES = ["aks", "gke", "eks"] +K8S_REMOTE_NAMES = [f"{n}-remote" for n in K8S_NAMES] def _get_target_dir(sub_test_name: str) -> str: if sub_test_name == "test": target_dir = "auth_oidc" - elif sub_test_name == "azure": + elif sub_test_name.startswith("azure"): target_dir = "auth_oidc/azure" - elif sub_test_name == "gcp": + elif sub_test_name.startswith("gcp"): target_dir = "auth_oidc/gcp" - elif sub_test_name in K8S_NAMES: + elif sub_test_name in K8S_NAMES + K8S_REMOTE_NAMES: target_dir = "auth_oidc/k8s" else: raise ValueError(f"Invalid sub test name '{sub_test_name}'") return f"{DRIVERS_TOOLS}/.evergreen/{target_dir}" -def setup_oidc(sub_test_name: str) -> None: +def setup_oidc(sub_test_name: str) -> dict[str, str] | None: target_dir = _get_target_dir(sub_test_name) env = os.environ.copy() if sub_test_name == "azure": env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER" - run_command(f"bash {target_dir}/setup.sh", env=env) + elif "-remote" not in sub_test_name: + run_command(f"bash {target_dir}/setup.sh", env=env) if sub_test_name in K8S_NAMES: - run_command(f"bash {target_dir}/setup-pod.sh") + run_command(f"bash {target_dir}/setup-pod.sh {sub_test_name}") run_command(f"bash {target_dir}/run-self-test.sh") + return None + + source_file = None + if sub_test_name == "test": + source_file = f"{target_dir}/secrets-export.sh" + elif sub_test_name == "azure-remote": + source_file = "./env.sh" + elif sub_test_name == "gcp-remote": + source_file = "./secrets-export.sh" + if sub_test_name in K8S_REMOTE_NAMES: + return os.environ.copy() + if source_file is None: + return None + + config = read_env(source_file) + write_env("MONGODB_URI_SINGLE", config["MONGODB_URI_SINGLE"]) + write_env("MONGODB_URI", config["MONGODB_URI"]) + write_env("DB_IP", config["MONGODB_URI"]) + + if sub_test_name == "test": + write_env("OIDC_TOKEN_FILE", config["OIDC_TOKEN_FILE"]) + write_env("OIDC_TOKEN_DIR", config["OIDC_TOKEN_DIR"]) + return config def test_oidc_remote(sub_test_name: str) -> None: env = os.environ.copy() target_dir = _get_target_dir(sub_test_name) + create_archive() if sub_test_name in ["azure", "gcp"]: upper_name = sub_test_name.upper() env[f"{upper_name}OIDC_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE @@ -48,8 +70,7 @@ def test_oidc_remote(sub_test_name: str) -> None: elif sub_test_name in K8S_NAMES: env["K8S_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE env["K8S_TEST_CMD"] = "OIDC_ENV=k8s ./.evergreen/run-mongodb-oidc-test.sh" - - run_command(f"bash {target_dir}/run-driver-test.sh") + run_command(f"bash {target_dir}/run-driver-test.sh", env=env) def teardown_oidc(sub_test_name: str) -> None: diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index dc000a44cd..8432eacd5a 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -161,6 +161,13 @@ def handle_test_env() -> None: if group := GROUP_MAP.get(test_name, ""): UV_ARGS.append(f"--group {group}") + if test_name == "auth_oidc": + from oidc_tester import setup_oidc + + config = setup_oidc(sub_test_name) + if not config: + AUTH = "noauth" + if AUTH != "noauth": if test_name == "data_lake": config = read_env(f"{DRIVERS_TOOLS}/.evergreen/atlas_data_lake/secrets-export.sh") @@ -174,9 +181,8 @@ def handle_test_env() -> None: write_env("SINGLE_MONGOS_LB_URI", config["SERVERLESS_URI"]) write_env("MULTI_MONGOS_LB_URI", config["SERVERLESS_URI"]) elif test_name == "auth_oidc": - DB_USER = os.environ["OIDC_ADMIN_USER"] - DB_PASSWORD = os.environ["OIDC_ADMIN_PWD"] - write_env("DB_IP", os.environ["MONGODB_URI"]) + DB_USER = config["OIDC_ADMIN_USER"] + DB_PASSWORD = config["OIDC_ADMIN_PWD"] elif test_name == "index_management": config = read_env(f"{DRIVERS_TOOLS}/.evergreen/atlas/secrets-export.sh") DB_USER = config["DRIVERS_ATLAS_LAMBDA_USER"] @@ -239,11 +245,6 @@ def handle_test_env() -> None: cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start' run_command(cmd) - if test_name == "auth_oidc": - from oidc_helper import setup_oidc - - setup_oidc(sub_test_name) - if test_name == "ocsp": if sub_test_name: os.environ["OCSP_SERVER_TYPE"] = sub_test_name diff --git a/.evergreen/scripts/teardown_tests.py b/.evergreen/scripts/teardown_tests.py index a3f083beee..988d7ec48a 100644 --- a/.evergreen/scripts/teardown_tests.py +++ b/.evergreen/scripts/teardown_tests.py @@ -25,7 +25,7 @@ teardown_kms(SUB_TEST_NAME) # Tear down OIDC if applicable. -elif TEST_NAME == "oidc": +elif TEST_NAME == "auth_oidc": from oidc_tester import teardown_oidc teardown_oidc(SUB_TEST_NAME) diff --git a/test/auth_oidc/test_auth_oidc.py b/test/auth_oidc/test_auth_oidc.py index 7a78f3d2f6..267d898a49 100644 --- a/test/auth_oidc/test_auth_oidc.py +++ b/test/auth_oidc/test_auth_oidc.py @@ -70,6 +70,11 @@ def setUpClass(cls): cls.uri_single = os.environ["MONGODB_URI_SINGLE"] cls.uri_multiple = os.environ.get("MONGODB_URI_MULTI") cls.uri_admin = os.environ["MONGODB_URI"] + if ENVIRON == "test": + if not TOKEN_DIR: + raise ValueError("Please set OIDC_TOKEN_DIR") + if not TOKEN_FILE: + raise ValueError("Please set OIDC_TOKEN_FILE") def setUp(self): self.request_called = 0 From 08abb8b439af195db9ab43c6eea9532d1c17de25 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 11:13:58 -0500 Subject: [PATCH 07/27] add files --- .evergreen/run-mongodb-oidc-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh index 7016502af5..9e97223575 100755 --- a/.evergreen/run-mongodb-oidc-test.sh +++ b/.evergreen/run-mongodb-oidc-test.sh @@ -5,7 +5,7 @@ set -eu echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}..." -bash ./.evergreen/just.sh setup-tests auth_oidc ${OIDC_ENV}-remote +bash ./.evergreen/just.sh setup-tests auth_oidc $K8S_VARIANT-remote bash ./.evergreen/just.sh run-tests "${@:1}" echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}... done." From d72dd3ee76760ccf3415d7243150d9419705c016 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 11:16:18 -0500 Subject: [PATCH 08/27] add files --- .evergreen/run-mongodb-oidc-test.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh index 9e97223575..bd67106a36 100755 --- a/.evergreen/run-mongodb-oidc-test.sh +++ b/.evergreen/run-mongodb-oidc-test.sh @@ -5,7 +5,12 @@ set -eu echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}..." -bash ./.evergreen/just.sh setup-tests auth_oidc $K8S_VARIANT-remote +if [ ${OIDC_ENV} == "k8s" ]; then + SUB_TEST_NAME=$K8S_VARIANT-remote +else + SUB_TEST_NAME=$OIDC_ENV-remote +fi +bash ./.evergreen/just.sh setup-tests auth_oidc $SUB_TEST_NAME bash ./.evergreen/just.sh run-tests "${@:1}" echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}... done." From 269c6f33d9ba18226b33951f0e6d6c99a041ab90 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 11:20:21 -0500 Subject: [PATCH 09/27] add files --- .evergreen/scripts/run_tests.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index 9903692782..3e42b17159 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -113,7 +113,12 @@ def run() -> None: return # Run remote oidc tests. - if TEST_NAME == "auth_oidc" and SUB_TEST_NAME not in ["test", "test-remote"]: + print("HI HI", SUB_TEST_NAME) # noqa: T201 + if ( + TEST_NAME == "auth_oidc" + and SUB_TEST_NAME != "test" + and not SUB_TEST_NAME.endswith("-remote") + ): from oidc_tester import test_oidc_remote test_oidc_remote(SUB_TEST_NAME) From b8dc7480965a06bd69a959275d2be025babd0875 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 11:22:42 -0500 Subject: [PATCH 10/27] undo debug print --- .evergreen/scripts/run_tests.py | 1 - 1 file changed, 1 deletion(-) diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index 3e42b17159..00fc440b51 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -113,7 +113,6 @@ def run() -> None: return # Run remote oidc tests. - print("HI HI", SUB_TEST_NAME) # noqa: T201 if ( TEST_NAME == "auth_oidc" and SUB_TEST_NAME != "test" From ac4adb850024222c641b090126ed34c6b105a783 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 17:49:15 -0500 Subject: [PATCH 11/27] add files --- .evergreen/run-tests.sh | 6 ++++++ .evergreen/scripts/oidc_tester.py | 2 +- .evergreen/scripts/setup_tests.py | 3 +++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 00841b0a67..f9a853f27c 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -24,6 +24,12 @@ else exit 1 fi +# Source the local secrets export file if available. +if [ -f "./secrets-export.sh" ]; then + echo "Sourcing local secrets file" + . "./secrets-export.sh" +fi + # List the packages. PIP_QUIET=0 uv run ${UV_ARGS} --with pip pip list diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index ac0c62b360..099c024672 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -27,7 +27,7 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: env = os.environ.copy() if sub_test_name == "azure": env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER" - elif "-remote" not in sub_test_name: + if "-remote" not in sub_test_name: run_command(f"bash {target_dir}/setup.sh", env=env) if sub_test_name in K8S_NAMES: run_command(f"bash {target_dir}/setup-pod.sh {sub_test_name}") diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 8432eacd5a..8b6090bcfc 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -120,6 +120,9 @@ def handle_test_env() -> None: SSL = "ssl" if opts.ssl else "nossl" TEST_ARGS = "" + # Remove an existing local secrets file if it exists. + (ROOT / "secrets-export.sh").unlink(missing_ok=True) + # Start compiling the args we'll pass to uv. # Run in an isolated environment so as not to pollute the base venv. UV_ARGS = ["--isolated --extra test"] From ed0f4afb16806798e9a08db1f1821fb891973e0a Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 17:53:52 -0500 Subject: [PATCH 12/27] add files --- .evergreen/scripts/kms_tester.py | 2 +- .evergreen/scripts/oidc_tester.py | 2 +- .evergreen/scripts/run_tests.py | 14 +++++++------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.evergreen/scripts/kms_tester.py b/.evergreen/scripts/kms_tester.py index 014ef7ff15..40fd65919d 100644 --- a/.evergreen/scripts/kms_tester.py +++ b/.evergreen/scripts/kms_tester.py @@ -109,7 +109,7 @@ def setup_kms(sub_test_name: str) -> None: write_env("KEY_VAULT_ENDPOINT", config["AZUREKMS_KEYVAULTENDPOINT"]) -def test_kms_remote(sub_test_name: str) -> None: +def test_kms_send_to_remote(sub_test_name: str) -> None: env = _load_kms_config(sub_test_name) if sub_test_name == "azure": key_name = os.environ["KEY_NAME"] diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 099c024672..032e6b6535 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -57,7 +57,7 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: return config -def test_oidc_remote(sub_test_name: str) -> None: +def test_oidc_send_to_remote(sub_test_name: str) -> None: env = os.environ.copy() target_dir = _get_target_dir(sub_test_name) create_archive() diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index 00fc440b51..d7e74ee2e7 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -100,27 +100,27 @@ def run() -> None: if TEST_PERF: start_time = datetime.now() - # Run remote kms tests. + # Send kms tests to run remotely. if TEST_NAME == "kms" and SUB_TEST_NAME in ["azure", "gcp"]: - from kms_tester import test_kms_remote + from kms_tester import test_kms_send_to_remote - test_kms_remote(SUB_TEST_NAME) + test_kms_send_to_remote(SUB_TEST_NAME) return - # Run remote ecs tests. + # Senc ecs tests to run remotely. if TEST_NAME == "auth_aws" and SUB_TEST_NAME == "ecs": run_command(f"{DRIVERS_TOOLS}/.evergreen/auth_aws/aws_setup.sh ecs") return - # Run remote oidc tests. + # Send OIDC tests to run remotely. if ( TEST_NAME == "auth_oidc" and SUB_TEST_NAME != "test" and not SUB_TEST_NAME.endswith("-remote") ): - from oidc_tester import test_oidc_remote + from oidc_tester import test_oidc_send_to_remote - test_oidc_remote(SUB_TEST_NAME) + test_oidc_send_to_remote(SUB_TEST_NAME) return if os.environ.get("DEBUG_LOG"): From 95d4b39688317f12e83fc0f0afb795e3e8122694 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 17:58:22 -0500 Subject: [PATCH 13/27] add files --- .evergreen/scripts/oidc_tester.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 032e6b6535..3578a59411 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -54,6 +54,12 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: if sub_test_name == "test": write_env("OIDC_TOKEN_FILE", config["OIDC_TOKEN_FILE"]) write_env("OIDC_TOKEN_DIR", config["OIDC_TOKEN_DIR"]) + if "OIDC_DOMAIN" in config: + write_env("OIDC_DOMAIN", config["OIDC_DOMAIN"]) + elif sub_test_name == "azure-remote": + write_env("AZUREOIDC_RESOURCE", config["AZUREOIDC_RESOURCE"]) + elif sub_test_name == "gcp-remote": + write_env("GCPOIDC_AUDIENCE", config["GCPOIDC_AUDIENCE"]) return config From 201613c70ce762dbe69ed18326a16437bc6b635b Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 11 Mar 2025 20:37:26 -0500 Subject: [PATCH 14/27] add files --- .evergreen/scripts/setup-tests.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.evergreen/scripts/setup-tests.sh b/.evergreen/scripts/setup-tests.sh index 8e073dcec9..994a792b9d 100755 --- a/.evergreen/scripts/setup-tests.sh +++ b/.evergreen/scripts/setup-tests.sh @@ -19,4 +19,8 @@ if [ -f $SCRIPT_DIR/env.sh ]; then source $SCRIPT_DIR/env.sh fi +set -x +pwd +ls +exit 1 uv run $SCRIPT_DIR/setup_tests.py "$@" From 641c6699ed59b7d190db6321e9a26c49305965c9 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 07:30:44 -0500 Subject: [PATCH 15/27] add files --- .evergreen/scripts/setup-tests.sh | 4 ---- .evergreen/scripts/setup_tests.py | 3 --- 2 files changed, 7 deletions(-) diff --git a/.evergreen/scripts/setup-tests.sh b/.evergreen/scripts/setup-tests.sh index 994a792b9d..8e073dcec9 100755 --- a/.evergreen/scripts/setup-tests.sh +++ b/.evergreen/scripts/setup-tests.sh @@ -19,8 +19,4 @@ if [ -f $SCRIPT_DIR/env.sh ]; then source $SCRIPT_DIR/env.sh fi -set -x -pwd -ls -exit 1 uv run $SCRIPT_DIR/setup_tests.py "$@" diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 8b6090bcfc..8432eacd5a 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -120,9 +120,6 @@ def handle_test_env() -> None: SSL = "ssl" if opts.ssl else "nossl" TEST_ARGS = "" - # Remove an existing local secrets file if it exists. - (ROOT / "secrets-export.sh").unlink(missing_ok=True) - # Start compiling the args we'll pass to uv. # Run in an isolated environment so as not to pollute the base venv. UV_ARGS = ["--isolated --extra test"] From c01b864b9f5239330328e9b99c49b02124a8d388 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 07:52:35 -0500 Subject: [PATCH 16/27] add files --- CONTRIBUTING.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1d8783d9d1..4997753ac8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -236,12 +236,19 @@ the pages will re-render and the browser will automatically refresh. - Set up the test with `just setup-tests load_balancer`. - Run the tests with `just run-tests`. -### AWS tests +### AWS auth tests - Run `just run-server auth_aws` to start the server. - Run `just setup-tests auth_aws ` to set up the AWS test. - Run the tests with `just run-tests`. +### OIDC auth tests + +- Run `just setup-tests auth_oidc ` to set up the OIDC test. +- Run the tests with `just run-tests`. + +The supported types are [`test`, `azure`, `gcp`, `eks`, `aks`, and `gke`]. + ### KMS tests For KMS tests that are run locally, and expected to fail, in this case using `azure`: From a630cc66ae4e5e0ef4ed42e5735fbd0ea69afb07 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 09:01:09 -0500 Subject: [PATCH 17/27] fix handling of eks --- .evergreen/scripts/oidc_tester.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 3578a59411..a182336d64 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -25,6 +25,11 @@ def _get_target_dir(sub_test_name: str) -> str: def setup_oidc(sub_test_name: str) -> dict[str, str] | None: target_dir = _get_target_dir(sub_test_name) env = os.environ.copy() + if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: + # Remove AWS creds that would interfere with kubectl access. + for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: + if key in os.environ: + del os.environ[key] if sub_test_name == "azure": env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER" if "-remote" not in sub_test_name: From 5a02dd80d3ef893c547bb28a759452ba87ddc347 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 09:27:11 -0500 Subject: [PATCH 18/27] fix eks handling --- .evergreen/scripts/oidc_tester.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index a182336d64..bc137a83b9 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -25,11 +25,6 @@ def _get_target_dir(sub_test_name: str) -> str: def setup_oidc(sub_test_name: str) -> dict[str, str] | None: target_dir = _get_target_dir(sub_test_name) env = os.environ.copy() - if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: - # Remove AWS creds that would interfere with kubectl access. - for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: - if key in os.environ: - del os.environ[key] if sub_test_name == "azure": env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER" if "-remote" not in sub_test_name: @@ -81,6 +76,11 @@ def test_oidc_send_to_remote(sub_test_name: str) -> None: elif sub_test_name in K8S_NAMES: env["K8S_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE env["K8S_TEST_CMD"] = "OIDC_ENV=k8s ./.evergreen/run-mongodb-oidc-test.sh" + if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: + # Remove AWS creds that would interfere with kubectl access. + for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: + if key in os.environ: + del os.environ[key] run_command(f"bash {target_dir}/run-driver-test.sh", env=env) From b51e68a6f018c8aed6c52826182942e456b7bc5e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 09:44:53 -0500 Subject: [PATCH 19/27] fix handling of eks --- .evergreen/scripts/oidc_tester.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index bc137a83b9..c3e063e604 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -60,6 +60,11 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: write_env("AZUREOIDC_RESOURCE", config["AZUREOIDC_RESOURCE"]) elif sub_test_name == "gcp-remote": write_env("GCPOIDC_AUDIENCE", config["GCPOIDC_AUDIENCE"]) + elif sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: + # Store AWS creds for kubectl access. + for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: + if key in os.environ: + write_env(key, os.environ[key]) return config @@ -76,11 +81,6 @@ def test_oidc_send_to_remote(sub_test_name: str) -> None: elif sub_test_name in K8S_NAMES: env["K8S_DRIVERS_TAR_FILE"] = TMP_DRIVER_FILE env["K8S_TEST_CMD"] = "OIDC_ENV=k8s ./.evergreen/run-mongodb-oidc-test.sh" - if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: - # Remove AWS creds that would interfere with kubectl access. - for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: - if key in os.environ: - del os.environ[key] run_command(f"bash {target_dir}/run-driver-test.sh", env=env) From ca32468740b9bec21040dfba50ab34ef210b5475 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 10:06:52 -0500 Subject: [PATCH 20/27] fix handling of eks --- .evergreen/scripts/oidc_tester.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index c3e063e604..2cb449567b 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -34,6 +34,12 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: run_command(f"bash {target_dir}/run-self-test.sh") return None + if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: + # Store AWS creds for kubectl access. + for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: + if key in os.environ: + write_env(key, os.environ[key]) + source_file = None if sub_test_name == "test": source_file = f"{target_dir}/secrets-export.sh" @@ -60,11 +66,6 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: write_env("AZUREOIDC_RESOURCE", config["AZUREOIDC_RESOURCE"]) elif sub_test_name == "gcp-remote": write_env("GCPOIDC_AUDIENCE", config["GCPOIDC_AUDIENCE"]) - elif sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: - # Store AWS creds for kubectl access. - for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: - if key in os.environ: - write_env(key, os.environ[key]) return config From 2303e9ef153d6468bd398f6d8fede6e26f1e0922 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 10:07:59 -0500 Subject: [PATCH 21/27] fix handling of teardown --- .evergreen/scripts/oidc_tester.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 2cb449567b..9633d58643 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -87,6 +87,12 @@ def test_oidc_send_to_remote(sub_test_name: str) -> None: def teardown_oidc(sub_test_name: str) -> None: target_dir = _get_target_dir(sub_test_name) + error = None if sub_test_name in K8S_NAMES: - run_command(f"bash {target_dir}/teardown-pod.sh") + try: + run_command(f"bash {target_dir}/teardown-pod.sh") + except Exception as e: + error = e run_command(f"bash {target_dir}/teardown.sh") + if error: + raise error From d3e8b53e08860eab9be49c2d3f35529cefaf586a Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 10:08:54 -0500 Subject: [PATCH 22/27] fix handling of teardown --- .evergreen/scripts/oidc_tester.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 9633d58643..1fb1745bda 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -87,6 +87,8 @@ def test_oidc_send_to_remote(sub_test_name: str) -> None: def teardown_oidc(sub_test_name: str) -> None: target_dir = _get_target_dir(sub_test_name) + # For k8s, make sure an error while tearing down the pod doesn't prevent + # the Altas server teardown. error = None if sub_test_name in K8S_NAMES: try: From 802676ec6f8c04e286acb85781e075b4263f0dbc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 10:23:03 -0500 Subject: [PATCH 23/27] fix eks handling --- .evergreen/scripts/oidc_tester.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 1fb1745bda..5613c8dbae 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -25,6 +25,13 @@ def _get_target_dir(sub_test_name: str) -> str: def setup_oidc(sub_test_name: str) -> dict[str, str] | None: target_dir = _get_target_dir(sub_test_name) env = os.environ.copy() + + if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: + # Store AWS creds for kubectl access. + for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: + if key in os.environ: + write_env(key, os.environ[key]) + if sub_test_name == "azure": env["AZUREOIDC_VMNAME_PREFIX"] = "PYTHON_DRIVER" if "-remote" not in sub_test_name: @@ -34,12 +41,6 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: run_command(f"bash {target_dir}/run-self-test.sh") return None - if sub_test_name == "eks" and "AWS_ACCESS_KEY_ID" in os.environ: - # Store AWS creds for kubectl access. - for key in ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]: - if key in os.environ: - write_env(key, os.environ[key]) - source_file = None if sub_test_name == "test": source_file = f"{target_dir}/secrets-export.sh" From a27f9624e7fb6427973368f91bdb29081f4b5ba0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 12:37:16 -0500 Subject: [PATCH 24/27] typo --- .evergreen/scripts/run_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index d7e74ee2e7..f8c0b4b66e 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -107,7 +107,7 @@ def run() -> None: test_kms_send_to_remote(SUB_TEST_NAME) return - # Senc ecs tests to run remotely. + # Send ecs tests to run remotely. if TEST_NAME == "auth_aws" and SUB_TEST_NAME == "ecs": run_command(f"{DRIVERS_TOOLS}/.evergreen/auth_aws/aws_setup.sh ecs") return From 05ce3c19a8faf24dca8ecd562d27874822a10c34 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 13:38:07 -0500 Subject: [PATCH 25/27] address review --- .evergreen/generated_configs/tasks.yml | 4 ++-- .evergreen/scripts/configure-env.sh | 2 ++ .evergreen/scripts/generate_config.py | 4 ++-- .evergreen/scripts/oidc_tester.py | 10 ++++------ CONTRIBUTING.md | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index c112332608..9d52cf957d 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -1043,12 +1043,12 @@ tasks: tags: [ocsp, ocsp-rsa] # Oidc tests - - name: test-auth-oidc-test + - name: test-auth-oidc-default commands: - func: run tests vars: TEST_NAME: auth_oidc - SUB_TEST_NAME: test + SUB_TEST_NAME: default tags: [auth_oidc] - name: test-auth-oidc-azure commands: diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index f23af8a811..73cb47d193 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -78,6 +78,8 @@ EOT rm -rf $DRIVERS_TOOLS BRANCH=master ORG=mongodb-labs +BRANCH=PYTHON-5196 +ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index b3d9def00d..14f30fed91 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -886,12 +886,12 @@ def create_aws_tasks(): def create_oidc_tasks(): tasks = [] - for sub_test in ["test", "azure", "gcp", "eks", "aks", "gke"]: + for sub_test in ["default", "azure", "gcp", "eks", "aks", "gke"]: vars = dict(TEST_NAME="auth_oidc", SUB_TEST_NAME=sub_test) test_func = FunctionCall(func="run tests", vars=vars) task_name = f"test-auth-oidc-{sub_test}" tags = ["auth_oidc"] - if sub_test != "test": + if sub_test != "default": tags.append("auth_oidc_remote") tasks.append(EvgTask(name=task_name, tags=tags, commands=[test_func])) return tasks diff --git a/.evergreen/scripts/oidc_tester.py b/.evergreen/scripts/oidc_tester.py index 5613c8dbae..fd702cf1d1 100644 --- a/.evergreen/scripts/oidc_tester.py +++ b/.evergreen/scripts/oidc_tester.py @@ -9,7 +9,7 @@ def _get_target_dir(sub_test_name: str) -> str: - if sub_test_name == "test": + if sub_test_name == "default": target_dir = "auth_oidc" elif sub_test_name.startswith("azure"): target_dir = "auth_oidc/azure" @@ -42,11 +42,9 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: return None source_file = None - if sub_test_name == "test": + if sub_test_name == "default": source_file = f"{target_dir}/secrets-export.sh" - elif sub_test_name == "azure-remote": - source_file = "./env.sh" - elif sub_test_name == "gcp-remote": + elif sub_test_name in ["azure-remote", "gcp-remote"]: source_file = "./secrets-export.sh" if sub_test_name in K8S_REMOTE_NAMES: return os.environ.copy() @@ -58,7 +56,7 @@ def setup_oidc(sub_test_name: str) -> dict[str, str] | None: write_env("MONGODB_URI", config["MONGODB_URI"]) write_env("DB_IP", config["MONGODB_URI"]) - if sub_test_name == "test": + if sub_test_name == "default": write_env("OIDC_TOKEN_FILE", config["OIDC_TOKEN_FILE"]) write_env("OIDC_TOKEN_DIR", config["OIDC_TOKEN_DIR"]) if "OIDC_DOMAIN" in config: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4997753ac8..7e70c025ed 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -247,7 +247,7 @@ the pages will re-render and the browser will automatically refresh. - Run `just setup-tests auth_oidc ` to set up the OIDC test. - Run the tests with `just run-tests`. -The supported types are [`test`, `azure`, `gcp`, `eks`, `aks`, and `gke`]. +The supported types are [`default`, `azure`, `gcp`, `eks`, `aks`, and `gke`]. ### KMS tests From 4cc65307ad479c96cd96772f9196e686fb171b2f Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 13:43:30 -0500 Subject: [PATCH 26/27] fix default name --- .evergreen/scripts/run_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/scripts/run_tests.py b/.evergreen/scripts/run_tests.py index f8c0b4b66e..38fd3c67cb 100644 --- a/.evergreen/scripts/run_tests.py +++ b/.evergreen/scripts/run_tests.py @@ -115,7 +115,7 @@ def run() -> None: # Send OIDC tests to run remotely. if ( TEST_NAME == "auth_oidc" - and SUB_TEST_NAME != "test" + and SUB_TEST_NAME != "default" and not SUB_TEST_NAME.endswith("-remote") ): from oidc_tester import test_oidc_send_to_remote From 0aee22226baee18463e7a2a94ddda1d467462f83 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 12 Mar 2025 14:28:41 -0500 Subject: [PATCH 27/27] use upstream --- .evergreen/scripts/configure-env.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index 73cb47d193..f23af8a811 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -78,8 +78,6 @@ EOT rm -rf $DRIVERS_TOOLS BRANCH=master ORG=mongodb-labs -BRANCH=PYTHON-5196 -ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env