Skip to content

Commit

Permalink
GODRIVER-2607 Remove legacy shell from test scripts (#1429)
Browse files Browse the repository at this point in the history
  • Loading branch information
blink1073 authored Oct 18, 2023
1 parent 1dbe6de commit 1066e2a
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 196 deletions.
202 changes: 19 additions & 183 deletions .evergreen/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ functions:
PROJECT_DIRECTORY: "$PROJECT_DIRECTORY"
PREPARE_SHELL: |
set -o errexit
export SKIP_LEGACY_SHELL=1
export GOROOT="$GOROOT"
export GOPATH="$GOPATH"
export GOCACHE="$GOCACHE"
Expand Down Expand Up @@ -724,69 +725,29 @@ functions:
fi
add-aws-auth-variables-to-file:
- command: shell.exec
type: test
- command: ec2.assume_role
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
cat <<EOF > ${DRIVERS_TOOLS}/.evergreen/auth_aws/aws_e2e_setup.json
{
"iam_auth_ecs_account" : "${iam_auth_ecs_account}",
"iam_auth_ecs_secret_access_key" : "${iam_auth_ecs_secret_access_key}",
"iam_auth_ecs_account_arn": "arn:aws:iam::557821124784:user/authtest_fargate_user",
"iam_auth_ecs_cluster": "${iam_auth_ecs_cluster}",
"iam_auth_ecs_task_definition": "${iam_auth_ecs_task_definition_ubuntu2004}",
"iam_auth_ecs_subnet_a": "${iam_auth_ecs_subnet_a}",
"iam_auth_ecs_subnet_b": "${iam_auth_ecs_subnet_b}",
"iam_auth_ecs_security_group": "${iam_auth_ecs_security_group}",
"iam_auth_assume_aws_account" : "${iam_auth_assume_aws_account}",
"iam_auth_assume_aws_secret_access_key" : "${iam_auth_assume_aws_secret_access_key}",
"iam_auth_assume_role_name" : "${iam_auth_assume_role_name}",
"iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}",
"iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}",
"iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}",
"iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}",
"iam_web_identity_issuer": "${iam_web_identity_issuer}",
"iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}",
"iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}",
"iam_web_identity_token_file": "${iam_web_identity_token_file}"
}
EOF
run-aws-auth-test-with-regular-aws-credentials:
role_arn: ${aws_test_secrets_role}
- command: shell.exec
type: test
params:
include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
. ./activate-authawsvenv.sh
mongo aws_e2e_regular_aws.js
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
alias urlencode='python3 -c "import sys, urllib.parse as ulp; sys.stdout.write(ulp.quote_plus(sys.argv[1]))"'
USER=$(urlencode ${iam_auth_ecs_account})
PASS=$(urlencode ${iam_auth_ecs_secret_access_key})
MONGODB_URI="mongodb://$USER:$PASS@localhost"
EOF
cd $DRIVERS_TOOLS/.evergreen/auth_aws
./setup_secrets.sh drivers/aws_auth
run-aws-auth-test-with-regular-aws-credentials:
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh regular
run-aws-auth-test-with-assume-role-credentials:
- command: shell.exec
Expand All @@ -796,36 +757,7 @@ functions:
working_dir: "src"
script: |
${PREPARE_SHELL}
cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
. ./activate-authawsvenv.sh
mongo aws_e2e_assume_role.js
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
# DO NOT ECHO WITH XTRACE
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
alias urlencode='python3 -c "import sys, urllib.parse as ulp; sys.stdout.write(ulp.quote_plus(sys.argv[1]))"'
alias jsonkey='python3 -c "import json,sys;sys.stdout.write(json.load(sys.stdin)[sys.argv[1]])" < ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json'
USER=$(jsonkey AccessKeyId)
USER=$(urlencode $USER)
PASS=$(jsonkey SecretAccessKey)
PASS=$(urlencode $PASS)
SESSION_TOKEN=$(jsonkey SessionToken)
SESSION_TOKEN=$(urlencode $SESSION_TOKEN)
MONGODB_URI="mongodb://$USER:$PASS@localhost"
EOF
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh assume-role
run-aws-auth-test-with-aws-EC2-credentials:
- command: shell.exec
Expand All @@ -839,70 +771,27 @@ functions:
echo "This platform does not support the EC2 auth test, skipping..."
exit 0
fi
cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
. ./activate-authawsvenv.sh
mongo aws_e2e_ec2.js
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
if [ "${SKIP_EC2_AUTH_TEST}" = "true" ]; then
exit 0
fi
# Truncate "prepare_mongodb_aws.sh" to zero length. If file not present, creates zero-length file.
: > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh ec2
run-aws-auth-test-with-aws-credentials-as-environment-variables:
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
# DO NOT ECHO WITH XTRACE
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
export AWS_ACCESS_KEY_ID=${iam_auth_ecs_account}
export AWS_SECRET_ACCESS_KEY=${iam_auth_ecs_secret_access_key}
EOF
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
PROJECT_DIRECTORY=${PROJECT_DIRECTORY} ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh env-creds
run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables:
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
# DO NOT ECHO WITH XTRACE
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
alias jsonkey='python -c "import json,sys;sys.stdout.write(json.load(sys.stdin)[sys.argv[1]])" < ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json'
export AWS_ACCESS_KEY_ID=$(jsonkey AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(jsonkey SecretAccessKey)
export AWS_SESSION_TOKEN=$(jsonkey SessionToken)
EOF
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh session-creds
run-aws-ECS-auth-test:
- command: shell.exec
Expand Down Expand Up @@ -934,14 +823,9 @@ functions:
cp ${PROJECT_DIRECTORY}/main $ECS_SRC_DIR
cp ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-ecs-test.sh $ECS_SRC_DIR/.evergreen
tar -czf $ECS_SRC_DIR/src.tgz -C $PROJECT_DIRECTORY .
cd $AUTH_AWS_DIR
. ./activate-authawsvenv.sh
cat <<EOF > setup.js
const mongo_binaries = "$MONGODB_BINARIES";
const project_dir = "$ECS_SRC_DIR";
EOF
cat setup.js
mongo --nodb setup.js aws_e2e_ecs.js
export PROJECT_DIRECTORY="$ECS_SRC_DIR"
$AUTH_AWS_DIR/aws_setup.sh ecs
run-aws-auth-test-with-aws-web-identity-credentials:
- command: shell.exec
Expand All @@ -955,56 +839,7 @@ functions:
echo "This platform does not support the web identity auth test, skipping..."
exit 0
fi
cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
. ./activate_venv.sh
mongo aws_e2e_web_identity.js
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
if [ "${SKIP_WEB_IDENTITY_AUTH_TEST}" = "true" ]; then
echo "This platform does not support the web identity auth test, skipping..."
exit 0
fi
# DO NOT ECHO WITH XTRACE
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
export AWS_ROLE_ARN="${iam_auth_assume_web_role_name}"
export AWS_WEB_IDENTITY_TOKEN_FILE="${iam_web_identity_token_file}"
export MONGODB_URI="mongodb://localhost"
EOF
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
script: |
${PREPARE_SHELL}
if [ "${SKIP_WEB_IDENTITY_AUTH_TEST}" = "true" ]; then
echo "This platform does not support the web identity auth test, skipping..."
exit 0
fi
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
- command: shell.exec
type: test
params:
shell: "bash"
working_dir: "src"
silent: true
script: |
if [ "${SKIP_WEB_IDENTITY_AUTH_TEST}" = "true" ]; then
echo "This platform does not support the web identity auth test, skipping..."
exit 0
fi
# DO NOT ECHO WITH XTRACE
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
export AWS_ROLE_ARN="${iam_auth_assume_web_role_name}"
export AWS_WEB_IDENTITY_TOKEN_FILE="${iam_web_identity_token_file}"
export AWS_ROLE_SESSION_NAME="test"
export MONGODB_URI="mongodb://localhost"
EOF
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh web-identity
- command: shell.exec
type: test
params:
Expand All @@ -1016,7 +851,8 @@ functions:
echo "This platform does not support the web identity auth test, skipping..."
exit 0
fi
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
export AWS_ROLE_SESSION_NAME="test"
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh web-identity
start-kms-mock-server:
- command: shell.exec
Expand Down
15 changes: 2 additions & 13 deletions .evergreen/run-mongodb-aws-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,9 @@ set -o errexit # Exit the script with error if any of the commands fail
# mechanism.

echo "Running MONGODB-AWS authentication tests"
# ensure no secrets are printed in log files
set +x

# load the script
shopt -s expand_aliases # needed for `urlencode` alias
[ -s "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" ] && source "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"

MONGODB_URI=${MONGODB_URI:-"mongodb://localhost"}
MONGODB_URI="${MONGODB_URI}/aws?authMechanism=MONGODB-AWS"
if [[ -n ${SESSION_TOKEN} ]]; then
MONGODB_URI="${MONGODB_URI}&authMechanismProperties=AWS_SESSION_TOKEN:${SESSION_TOKEN}"
fi

export MONGODB_URI="$MONGODB_URI"
# Handle credentials and environment setup.
. $DRIVERS_TOOLS/.evergreen/auth_aws/aws_setup.sh $1

# show test output
set -x
Expand Down

0 comments on commit 1066e2a

Please sign in to comment.