Skip to content

feat(NODE-5815): remove oidc #3981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 26, 2024
Merged

feat(NODE-5815): remove oidc #3981

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 0 additions & 100 deletions .evergreen/config.in.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,58 +132,6 @@ functions:
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}

"bootstrap oidc":
- command: ec2.assume_role
params:
role_arn: ${OIDC_AWS_ROLE_ARN}
- command: shell.exec
type: test
params:
working_dir: "src"
shell: bash
script: |
${PREPARE_SHELL}
cd "${DRIVERS_TOOLS}"/.evergreen/auth_oidc

# This is a bit confusing but the ec2.assume_role command before
# this task will overwrite these variables to a different value
# than we have set in our evergreen project config. As these are
# now specific to the OIDC ARN, we re-export for the python
# scripts.
export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
export OIDC_TOKEN_DIR=/tmp/tokens

. ./activate-authoidcvenv.sh
python oidc_write_orchestration.py
python oidc_get_tokens.py

"setup oidc roles":
- command: subprocess.exec
params:
working_dir: src
binary: bash
args:
- .evergreen/setup-oidc-roles.sh
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}

"run oidc tests aws":
- command: shell.exec
type: test
params:
working_dir: "src"
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}

OIDC_TOKEN_DIR="/tmp/tokens" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh

"run tests":
- command: shell.exec
type: test
Expand Down Expand Up @@ -1254,26 +1202,6 @@ tasks:
args:
- src/.evergreen/run-azure-kms-tests.sh

- name: "oidc-auth-test-azure-latest"
commands:
- command: expansions.update
type: setup
params:
updates:
- { key: NPM_VERSION, value: "9" }
- func: "install dependencies"
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
PROVIDER_NAME: azure
args:
- .evergreen/run-oidc-tests-azure.sh

- name: "test-aws-lambda-deployed"
commands:
- command: expansions.update
Expand Down Expand Up @@ -1400,34 +1328,6 @@ task_groups:
tasks:
- test-azurekms-task

- name: testazureoidc_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
export AZUREOIDC_SECRET="${testazureoidc_secret}"
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_group:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest

- name: test_atlas_task_group
setup_group:
- func: fetch source
Expand Down
125 changes: 0 additions & 125 deletions .evergreen/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,55 +104,6 @@ functions:
- .evergreen/run-azure-kms-mock-server.sh
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
bootstrap oidc:
- command: ec2.assume_role
params:
role_arn: ${OIDC_AWS_ROLE_ARN}
- command: shell.exec
type: test
params:
working_dir: src
shell: bash
script: |
${PREPARE_SHELL}
cd "${DRIVERS_TOOLS}"/.evergreen/auth_oidc

# This is a bit confusing but the ec2.assume_role command before
# this task will overwrite these variables to a different value
# than we have set in our evergreen project config. As these are
# now specific to the OIDC ARN, we re-export for the python
# scripts.
export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
export OIDC_TOKEN_DIR=/tmp/tokens

. ./activate-authoidcvenv.sh
python oidc_write_orchestration.py
python oidc_get_tokens.py
setup oidc roles:
- command: subprocess.exec
params:
working_dir: src
binary: bash
args:
- .evergreen/setup-oidc-roles.sh
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
run oidc tests aws:
- command: shell.exec
type: test
params:
working_dir: src
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}

OIDC_TOKEN_DIR="/tmp/tokens" \
AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
run tests:
- command: shell.exec
type: test
Expand Down Expand Up @@ -1205,25 +1156,6 @@ tasks:
EXPECTED_AZUREKMS_OUTCOME: failure
args:
- src/.evergreen/run-azure-kms-tests.sh
- name: oidc-auth-test-azure-latest
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: NPM_VERSION, value: '9'}
- func: install dependencies
- command: subprocess.exec
params:
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
PROVIDER_NAME: azure
args:
- .evergreen/run-oidc-tests-azure.sh
- name: test-aws-lambda-deployed
commands:
- command: expansions.update
Expand Down Expand Up @@ -1794,25 +1726,6 @@ tasks:
commands:
- func: install dependencies
- func: run ldap tests
- name: test-auth-oidc
tags:
- latest
- replica_set
- oidc
commands:
- command: expansions.update
type: setup
params:
updates:
- {key: VERSION, value: latest}
- {key: TOPOLOGY, value: replica_set}
- {key: AUTH, value: auth}
- {key: ORCHESTRATION_FILE, value: auth-oidc.json}
- func: install dependencies
- func: bootstrap oidc
- func: bootstrap mongo-orchestration
- func: setup oidc roles
- func: run oidc tests aws
- name: test-socks5
tags: []
commands:
Expand Down Expand Up @@ -3735,33 +3648,6 @@ task_groups:
- ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/delete-vm.sh
tasks:
- test-azurekms-task
- name: testazureoidc_task_group
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |-
set -o errexit
${PREPARE_SHELL}
export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
export AZUREOIDC_SECRET="${testazureoidc_secret}"
export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
teardown_group:
- command: shell.exec
params:
shell: bash
script: |-
${PREPARE_SHELL}
$DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-azure-latest
- name: test_atlas_task_group
setup_group:
- func: fetch source
Expand Down Expand Up @@ -3846,7 +3732,6 @@ buildvariants:
- test-6.0-load-balanced
- test-latest-load-balanced
- test-auth-ldap
- test-auth-oidc
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -3898,7 +3783,6 @@ buildvariants:
- test-6.0-load-balanced
- test-latest-load-balanced
- test-auth-ldap
- test-auth-oidc
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -3948,7 +3832,6 @@ buildvariants:
- test-6.0-load-balanced
- test-latest-load-balanced
- test-auth-ldap
- test-auth-oidc
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -3998,7 +3881,6 @@ buildvariants:
- test-6.0-load-balanced
- test-latest-load-balanced
- test-auth-ldap
- test-auth-oidc
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4047,7 +3929,6 @@ buildvariants:
- test-6.0-load-balanced
- test-latest-load-balanced
- test-auth-ldap
- test-auth-oidc
- test-socks5
- test-socks5-csfle
- test-socks5-tls
Expand Down Expand Up @@ -4331,12 +4212,6 @@ buildvariants:
tasks:
- test_azurekms_task_group
- test-azurekms-fail-task
- name: ubuntu20-test-azure-oidc
display_name: Azure OIDC
run_on: ubuntu2004-small
batchtime: 20160
tasks:
- testazureoidc_task_group
- name: rhel8-test-atlas
display_name: Atlas Cluster Tests
run_on: rhel80-large
Expand Down
28 changes: 1 addition & 27 deletions .evergreen/generate_evergreen_tasks.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,7 @@ const WINDOWS_SKIP_TAGS = new Set([
'atlas-connect',
'auth',
'load_balancer',
'socks5-csfle',
'oidc'
'socks5-csfle'
]);

const TASKS = [];
Expand Down Expand Up @@ -188,23 +187,6 @@ TASKS.push(
tags: ['auth', 'ldap'],
commands: [{ func: 'install dependencies' }, { func: 'run ldap tests' }]
},
{
name: 'test-auth-oidc',
tags: ['latest', 'replica_set', 'oidc'],
commands: [
updateExpansions({
VERSION: 'latest',
TOPOLOGY: 'replica_set',
AUTH: 'auth',
ORCHESTRATION_FILE: 'auth-oidc.json'
}),
{ func: 'install dependencies' },
{ func: 'bootstrap oidc' },
{ func: 'bootstrap mongo-orchestration' },
{ func: 'setup oidc roles' },
{ func: 'run oidc tests aws' }
]
},
{
name: 'test-socks5',
tags: [],
Expand Down Expand Up @@ -701,14 +683,6 @@ BUILD_VARIANTS.push({
tasks: ['test_azurekms_task_group', 'test-azurekms-fail-task']
});

BUILD_VARIANTS.push({
name: 'ubuntu20-test-azure-oidc',
display_name: 'Azure OIDC',
run_on: UBUNTU_20_OS,
batchtime: 20160,
tasks: ['testazureoidc_task_group']
});

BUILD_VARIANTS.push({
name: 'rhel8-test-atlas',
display_name: 'Atlas Cluster Tests',
Expand Down
11 changes: 0 additions & 11 deletions .evergreen/run-oidc-tests-azure.sh
View file
Open in desktop

This file was deleted.

Loading