From 8a8c386a8dc9263aa68826a8705c7800752a7153 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 14 Feb 2023 11:59:14 -0500 Subject: [PATCH] feat(NODE-5054): add AssumeRoleWithWebIdentity support to 4x driver (#3566) --- .evergreen/config.in.yml | 56 +++- .evergreen/config.yml | 398 ++++++++++++++++++++----- .evergreen/generate_evergreen_tasks.js | 14 +- 3 files changed, 390 insertions(+), 78 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 916f855511..3a54cd92b2 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -545,7 +545,12 @@ functions: "iam_auth_assume_role_name" : "${iam_auth_assume_role_name}", "iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}", "iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}", - "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}" + "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}", + "iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}", + "iam_web_identity_issuer": "${iam_web_identity_issuer}", + "iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}", + "iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}", + "iam_web_identity_token_file": "${iam_web_identity_token_file}" } EOF @@ -697,6 +702,55 @@ functions: ${PREPARE_SHELL} ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + "run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set": + - command: shell.exec + type: test + params: + working_dir: "src" + silent: true + script: | + cd ${DRIVERS_TOOLS}/.evergreen/auth_aws + . ./activate_venv.sh + ${MONGODB_BINARIES}/mongo --verbose aws_e2e_web_identity.js + cd - + cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" + export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} + export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} + export AWS_ROLE_SESSION_NAME='test' + export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" + EOF + - command: shell.exec + type: test + params: + working_dir: "src" + script: | + ${PREPARE_SHELL} + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + + "run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset": + - command: shell.exec + type: test + params: + working_dir: "src" + silent: true + script: | + cd ${DRIVERS_TOOLS}/.evergreen/auth_aws + . ./activate_venv.sh + ${MONGODB_BINARIES}/mongo --verbose aws_e2e_web_identity.js + cd - + cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" + export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} + export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} + export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" + EOF + - command: shell.exec + type: test + params: + working_dir: "src" + script: | + ${PREPARE_SHELL} + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + "run aws ECS auth test": - command: shell.exec type: test diff --git a/.evergreen/config.yml b/.evergreen/config.yml index fba0d9ed35..b5f4f6d6d1 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -504,7 +504,12 @@ functions: "iam_auth_assume_role_name" : "${iam_auth_assume_role_name}", "iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}", "iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}", - "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}" + "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}", + "iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}", + "iam_web_identity_issuer": "${iam_web_identity_issuer}", + "iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}", + "iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}", + "iam_web_identity_token_file": "${iam_web_identity_token_file}" } EOF setup aws env: @@ -649,6 +654,53 @@ functions: script: | ${PREPARE_SHELL} ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set: + - command: shell.exec + type: test + params: + working_dir: src + silent: true + script: | + cd ${DRIVERS_TOOLS}/.evergreen/auth_aws + . ./activate_venv.sh + ${MONGODB_BINARIES}/mongo --verbose aws_e2e_web_identity.js + cd - + cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" + export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} + export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} + export AWS_ROLE_SESSION_NAME='test' + export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" + EOF + - command: shell.exec + type: test + params: + working_dir: src + script: | + ${PREPARE_SHELL} + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset: + - command: shell.exec + type: test + params: + working_dir: src + silent: true + script: | + cd ${DRIVERS_TOOLS}/.evergreen/auth_aws + . ./activate_venv.sh + ${MONGODB_BINARIES}/mongo --verbose aws_e2e_web_identity.js + cd - + cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" + export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file} + export AWS_ROLE_ARN=${iam_auth_assume_web_role_name} + export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS" + EOF + - command: shell.exec + type: test + params: + working_dir: src + script: | + ${PREPARE_SHELL} + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh run aws ECS auth test: - command: shell.exec type: test @@ -1453,8 +1505,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_0 - func: run aws auth test with regular aws credentials + - func: run aws auth test with regular aws credentials - name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials commands: - func: install dependencies @@ -1466,8 +1517,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_1 - func: run aws auth test with assume role credentials + - func: run aws auth test with assume role credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: - func: install dependencies @@ -1479,8 +1529,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_2 - func: run aws auth test with aws EC2 credentials + - func: run aws auth test with aws EC2 credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: - func: install dependencies @@ -1492,8 +1541,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_3 - func: run aws auth test with aws credentials as environment variables + - func: run aws auth test with aws credentials as environment variables - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: - func: install dependencies @@ -1505,8 +1553,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_4 - func: run aws auth test with aws credentials and session token as environment variables + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-latest-auth-test-run-aws-ECS-auth-test commands: - func: install dependencies @@ -1518,8 +1565,31 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_5 - func: run aws ECS auth test + - func: run aws ECS auth test + - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-latest-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional commands: - func: install dependencies @@ -1533,7 +1603,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_0 + - func: run aws auth test with regular aws credentials - name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional commands: - func: install dependencies @@ -1547,7 +1617,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_1 + - func: run aws auth test with assume role credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional commands: - func: install dependencies @@ -1561,7 +1631,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_2 + - func: run aws auth test with aws EC2 credentials - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional commands: - func: install dependencies @@ -1575,7 +1645,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_3 + - func: run aws auth test with aws credentials as environment variables - name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional commands: - func: install dependencies @@ -1589,7 +1659,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_4 + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-latest-auth-test-run-aws-ECS-auth-test-no-optional commands: - func: install dependencies @@ -1603,7 +1673,35 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_5 + - func: run aws ECS auth test + - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-6.0-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: - func: install dependencies @@ -1615,8 +1713,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_6 - func: run aws auth test with regular aws credentials + - func: run aws auth test with regular aws credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-assume-role-credentials commands: - func: install dependencies @@ -1628,8 +1725,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_7 - func: run aws auth test with assume role credentials + - func: run aws auth test with assume role credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: - func: install dependencies @@ -1641,8 +1737,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_8 - func: run aws auth test with aws EC2 credentials + - func: run aws auth test with aws EC2 credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: - func: install dependencies @@ -1654,8 +1749,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_9 - func: run aws auth test with aws credentials as environment variables + - func: run aws auth test with aws credentials as environment variables - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: - func: install dependencies @@ -1667,8 +1761,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_10 - func: run aws auth test with aws credentials and session token as environment variables + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-6.0-auth-test-run-aws-ECS-auth-test commands: - func: install dependencies @@ -1680,8 +1773,31 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_11 - func: run aws ECS auth test + - func: run aws ECS auth test + - name: aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '6.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '6.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-6.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional commands: - func: install dependencies @@ -1695,7 +1811,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_6 + - func: run aws auth test with regular aws credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional commands: - func: install dependencies @@ -1709,7 +1825,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_7 + - func: run aws auth test with assume role credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional commands: - func: install dependencies @@ -1723,7 +1839,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_8 + - func: run aws auth test with aws EC2 credentials - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional commands: - func: install dependencies @@ -1737,7 +1853,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_9 + - func: run aws auth test with aws credentials as environment variables - name: aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional commands: - func: install dependencies @@ -1751,7 +1867,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_10 + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-6.0-auth-test-run-aws-ECS-auth-test-no-optional commands: - func: install dependencies @@ -1765,7 +1881,35 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_11 + - func: run aws ECS auth test + - name: aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: '6.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: '6.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-5.0-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: - func: install dependencies @@ -1777,8 +1921,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_12 - func: run aws auth test with regular aws credentials + - func: run aws auth test with regular aws credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-assume-role-credentials commands: - func: install dependencies @@ -1790,8 +1933,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_13 - func: run aws auth test with assume role credentials + - func: run aws auth test with assume role credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: - func: install dependencies @@ -1803,8 +1945,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_14 - func: run aws auth test with aws EC2 credentials + - func: run aws auth test with aws EC2 credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: - func: install dependencies @@ -1816,8 +1957,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_15 - func: run aws auth test with aws credentials as environment variables + - func: run aws auth test with aws credentials as environment variables - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: - func: install dependencies @@ -1829,8 +1969,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_16 - func: run aws auth test with aws credentials and session token as environment variables + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-5.0-auth-test-run-aws-ECS-auth-test commands: - func: install dependencies @@ -1842,8 +1981,31 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_17 - func: run aws ECS auth test + - func: run aws ECS auth test + - name: aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '5.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '5.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-5.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional commands: - func: install dependencies @@ -1857,7 +2019,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_12 + - func: run aws auth test with regular aws credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional commands: - func: install dependencies @@ -1871,7 +2033,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_13 + - func: run aws auth test with assume role credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional commands: - func: install dependencies @@ -1885,7 +2047,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_14 + - func: run aws auth test with aws EC2 credentials - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional commands: - func: install dependencies @@ -1899,7 +2061,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_15 + - func: run aws auth test with aws credentials as environment variables - name: aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional commands: - func: install dependencies @@ -1913,7 +2075,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_16 + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-5.0-auth-test-run-aws-ECS-auth-test-no-optional commands: - func: install dependencies @@ -1927,7 +2089,35 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_17 + - func: run aws ECS auth test + - name: aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: '5.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: '5.0' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-4.4-auth-test-run-aws-auth-test-with-regular-aws-credentials commands: - func: install dependencies @@ -1939,8 +2129,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_18 - func: run aws auth test with regular aws credentials + - func: run aws auth test with regular aws credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-assume-role-credentials commands: - func: install dependencies @@ -1952,8 +2141,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_19 - func: run aws auth test with assume role credentials + - func: run aws auth test with assume role credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-EC2-credentials commands: - func: install dependencies @@ -1965,8 +2153,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_20 - func: run aws auth test with aws EC2 credentials + - func: run aws auth test with aws EC2 credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables commands: - func: install dependencies @@ -1978,8 +2165,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_21 - func: run aws auth test with aws credentials as environment variables + - func: run aws auth test with aws credentials as environment variables - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables commands: - func: install dependencies @@ -1991,8 +2177,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_22 - func: run aws auth test with aws credentials and session token as environment variables + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-4.4-auth-test-run-aws-ECS-auth-test commands: - func: install dependencies @@ -2004,8 +2189,31 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - &ref_23 - func: run aws ECS auth test + - func: run aws ECS auth test + - name: aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.4' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.4' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: aws-4.4-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional commands: - func: install dependencies @@ -2019,7 +2227,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_18 + - func: run aws auth test with regular aws credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional commands: - func: install dependencies @@ -2033,7 +2241,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_19 + - func: run aws auth test with assume role credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional commands: - func: install dependencies @@ -2047,7 +2255,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_20 + - func: run aws auth test with aws EC2 credentials - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional commands: - func: install dependencies @@ -2061,7 +2269,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_21 + - func: run aws auth test with aws credentials as environment variables - name: aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional commands: - func: install dependencies @@ -2075,7 +2283,7 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_22 + - func: run aws auth test with aws credentials and session token as environment variables - name: aws-4.4-auth-test-run-aws-ECS-auth-test-no-optional commands: - func: install dependencies @@ -2089,7 +2297,35 @@ tasks: TOPOLOGY: server - func: add aws auth variables to file - func: setup aws env - - *ref_23 + - func: run aws ECS auth test + - name: aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.4' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset + - name: aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional + commands: + - func: install dependencies + vars: + NPM_OPTIONS: '--no-optional' + - func: bootstrap mongo-orchestration + vars: + VERSION: '4.4' + AUTH: auth + ORCHESTRATION_FILE: auth-aws.json + TOPOLOGY: server + - func: add aws auth variables to file + - func: setup aws env + - func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set - name: run-unit-tests tags: - run-unit-tests @@ -3238,6 +3474,8 @@ buildvariants: - aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables - aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables - aws-latest-auth-test-run-aws-ECS-auth-test + - aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + - aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set - aws-latest-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional - aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional - aws-latest-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional @@ -3245,42 +3483,56 @@ buildvariants: - >- aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional - aws-latest-auth-test-run-aws-ECS-auth-test-no-optional + - aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + - aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional - aws-6.0-auth-test-run-aws-auth-test-with-regular-aws-credentials - aws-6.0-auth-test-run-aws-auth-test-with-assume-role-credentials - aws-6.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials - aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables - aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables - aws-6.0-auth-test-run-aws-ECS-auth-test + - aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + - aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set - aws-6.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional - aws-6.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional - aws-6.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional - aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional - aws-6.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional - aws-6.0-auth-test-run-aws-ECS-auth-test-no-optional + - aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + - aws-6.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional - aws-5.0-auth-test-run-aws-auth-test-with-regular-aws-credentials - aws-5.0-auth-test-run-aws-auth-test-with-assume-role-credentials - aws-5.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials - aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables - aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables - aws-5.0-auth-test-run-aws-ECS-auth-test + - aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + - aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set - aws-5.0-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional - aws-5.0-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional - aws-5.0-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional - aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional - aws-5.0-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional - aws-5.0-auth-test-run-aws-ECS-auth-test-no-optional + - aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + - aws-5.0-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional - aws-4.4-auth-test-run-aws-auth-test-with-regular-aws-credentials - aws-4.4-auth-test-run-aws-auth-test-with-assume-role-credentials - aws-4.4-auth-test-run-aws-auth-test-with-aws-EC2-credentials - aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables - aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables - aws-4.4-auth-test-run-aws-ECS-auth-test + - aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset + - aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set - aws-4.4-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-optional - aws-4.4-auth-test-run-aws-auth-test-with-assume-role-credentials-no-optional - aws-4.4-auth-test-run-aws-auth-test-with-aws-EC2-credentials-no-optional - aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-optional - aws-4.4-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-optional - aws-4.4-auth-test-run-aws-ECS-auth-test-no-optional + - aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset-no-optional + - aws-4.4-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set-no-optional - name: rhel8-custom-dependency-tests display_name: Custom Dependency Version Test run_on: rhel80-large diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 8b3e2d8fa2..7d39e6ab6c 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -308,7 +308,9 @@ for (const VERSION of AWS_AUTH_VERSIONS) { { func: 'run aws auth test with aws EC2 credentials' }, { func: 'run aws auth test with aws credentials as environment variables' }, { func: 'run aws auth test with aws credentials and session token as environment variables' }, - { func: 'run aws ECS auth test' } + { func: 'run aws ECS auth test' }, + { func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset' }, + { func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set' } ]; const awsTasks = awsFuncs.map(fn => ({ @@ -326,7 +328,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) { }, { func: 'add aws auth variables to file' }, { func: 'setup aws env' }, - fn + { ...fn } ] })); @@ -350,7 +352,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) { }, { func: 'add aws auth variables to file' }, { func: 'setup aws env' }, - fn + { ...fn } ] })); @@ -719,4 +721,8 @@ fileData.tasks = (fileData.tasks || []) fileData.buildvariants = (fileData.buildvariants || []).concat(BUILD_VARIANTS); -fs.writeFileSync(`${__dirname}/config.yml`, yaml.dump(fileData, { lineWidth: 120 }), 'utf8'); +fs.writeFileSync( + `${__dirname}/config.yml`, + yaml.dump(fileData, { lineWidth: 120, noRefs: true }), + 'utf8' +);