Skip to content

ci(NODE-6682, NODE-6684): deployed KMS tests and serverless tests use secrets manager #4385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Jan 29, 2025
Merged

ci(NODE-6682, NODE-6684): deployed KMS tests and serverless tests use secrets manager #4385

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4b8802e
serverless uses secrets manager
baileympearson Jan 27, 2025
5dfc742
fixups
baileympearson Jan 27, 2025
f93b3a6
lint
baileympearson Jan 27, 2025
fa84011
Merge branch 'main' into NODE-6684
baileympearson Jan 27, 2025
4999af8
search indexes
baileympearson Jan 28, 2025
27ae3a5
gcp kms tests
baileympearson Jan 28, 2025
a964150
fix missing file
baileympearson Jan 28, 2025
9a6684d
finish revert
baileympearson Jan 28, 2025
3e19043
fix lint
baileympearson Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 21 additions & 76 deletions .evergreen/config.in.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,27 +238,13 @@ functions:
. ./set-temp-creds.sh
popd

MONGODB_URI="${MONGODB_URI}" \
AUTH=${AUTH} SSL=${SSL} TEST_CSFLE=true \
MONGODB_API_VERSION="${MONGODB_API_VERSION}"

export MONGODB_API_VERSION="${MONGODB_API_VERSION}"
export AUTH="auth"
export SSL="ssl"
export SERVERLESS="1"
export SERVERLESS_ATLAS_USER="${SERVERLESS_ATLAS_USER}"
export SERVERLESS_ATLAS_PASSWORD="${SERVERLESS_ATLAS_PASSWORD}"
export SERVERLESS_URI="${SERVERLESS_URI}"
export TEST_CSFLE=true

echo "setting SERVERLESS_URI: $SERVERLESS_URI"

export MONGODB_URI="${SERVERLESS_URI}"
export SINGLE_MONGOS_LB_URI="${SERVERLESS_URI}"

# Setting MULTI_MONGOS to the SERVERLESS_URI is intentional
# LB tests pick one host out of the comma separated list
# so just passing the one host is equivalent
export MULTI_MONGOS_LB_URI="${SERVERLESS_URI}"
source secrets-export.sh
source serverless.env

bash ${PROJECT_DIRECTORY}/.evergreen/run-serverless-tests.sh

Expand Down Expand Up @@ -1171,29 +1157,10 @@ tasks:
type: setup
params:
binary: bash
add_expansions_to_env: true
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
GCPKMS_GCLOUD: ${GCPKMS_GCLOUD}
GCPKMS_PROJECT: ${GCPKMS_PROJECT}
GCPKMS_ZONE: ${GCPKMS_ZONE}
GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME}
args:
- src/.evergreen/setup-gcp-testing.sh
# Run Mocha test over on GCE instance
- command: subprocess.exec
type: test
params:
working_dir: src
binary: bash
env:
GCPKMS_GCLOUD: ${GCPKMS_GCLOUD}
GCPKMS_PROJECT: ${GCPKMS_PROJECT}
GCPKMS_ZONE: ${GCPKMS_ZONE}
GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME}
GCPKMS_CMD: "env EXPECTED_GCPKMS_OUTCOME=success bash src/.evergreen/run-gcp-kms-tests.sh"
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh
- src/.evergreen/run-deployed-gcp-kms-tests.sh

- name: "test-gcpkms-fail-task"
# test-gcpkms-fail-task runs in a non-GCE environment.
Expand Down Expand Up @@ -1230,9 +1197,10 @@ tasks:
type: setup
params:
binary: bash
add_expansions_to_env: true
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
args:
- src/.evergreen/copy-driver-to-azure-and-run.sh
- src/.evergreen/run-deployed-azure-kms-tests.sh

- name: "test-azurekms-fail-task"
commands:
Expand Down Expand Up @@ -1427,32 +1395,24 @@ task_groups:
setup_group_timeout_secs: 1800 # 30 minutes
setup_group:
- func: "fetch source"
- command: shell.exec
params:
shell: bash
script: |
${PREPARE_SHELL}
set +o xtrace
LOADBALANCED=ON \
SERVERLESS_DRIVERS_GROUP=${SERVERLESS_DRIVERS_GROUP} \
SERVERLESS_API_PUBLIC_KEY=${SERVERLESS_API_PUBLIC_KEY} \
SERVERLESS_API_PRIVATE_KEY=${SERVERLESS_API_PRIVATE_KEY} \
bash ${DRIVERS_TOOLS}/.evergreen/serverless/create-instance.sh
- command: expansions.update
- command: subprocess.exec
params:
file: serverless-expansion.yml
working_dir: "src"
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
args:
- .evergreen/setup-serverless.sh

teardown_group:
- func: "upload test results"
- command: shell.exec
- command: subprocess.exec
params:
script: |
${PREPARE_SHELL}
set +o xtrace
SERVERLESS_DRIVERS_GROUP=${SERVERLESS_DRIVERS_GROUP} \
SERVERLESS_API_PUBLIC_KEY=${SERVERLESS_API_PUBLIC_KEY} \
SERVERLESS_API_PRIVATE_KEY=${SERVERLESS_API_PRIVATE_KEY} \
SERVERLESS_INSTANCE_NAME=${SERVERLESS_INSTANCE_NAME} \
bash ${DRIVERS_TOOLS}/.evergreen/serverless/delete-instance.sh
working_dir: "src"
binary: bash
args:
- ${DRIVERS_TOOLS}/.evergreen/serverless/delete-instance.sh

tasks:
- ".serverless"

Expand All @@ -1467,21 +1427,11 @@ task_groups:
binary: bash
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh
- command: expansions.update
# Load the GCPKMS_GCLOUD, GCPKMS_INSTANCE, GCPKMS_REGION, and GCPKMS_ZONE expansions.
params:
file: src/testgcpkms-expansions.yml

teardown_group:
- command: subprocess.exec
params:
binary: bash
add_expansions_to_env: true
env:
GCPKMS_GCLOUD: ${GCPKMS_GCLOUD}
GCPKMS_PROJECT: ${GCPKMS_PROJECT}
GCPKMS_ZONE: ${GCPKMS_ZONE}
GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME}
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/teardown.sh
tasks:
Expand All @@ -1500,10 +1450,6 @@ task_groups:
AZUREKMS_VMNAME_PREFIX: "NODE_DRIVER"
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh
- command: expansions.update
# Load AZUREKMS_VMNAME into the expansions.
params:
file: src/testazurekms-expansions.yml

teardown_group:
# Load expansions again. The setup task may have failed before running `expansions.update`.
Expand All @@ -1513,7 +1459,6 @@ task_groups:
- command: subprocess.exec
params:
binary: bash
add_expansions_to_env: true
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/teardown.sh
tasks:
Expand Down
92 changes: 19 additions & 73 deletions .evergreen/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,27 +209,13 @@ functions:
. ./set-temp-creds.sh
popd

MONGODB_URI="${MONGODB_URI}" \
AUTH=${AUTH} SSL=${SSL} TEST_CSFLE=true \
MONGODB_API_VERSION="${MONGODB_API_VERSION}"

export MONGODB_API_VERSION="${MONGODB_API_VERSION}"
export AUTH="auth"
export SSL="ssl"
export SERVERLESS="1"
export SERVERLESS_ATLAS_USER="${SERVERLESS_ATLAS_USER}"
export SERVERLESS_ATLAS_PASSWORD="${SERVERLESS_ATLAS_PASSWORD}"
export SERVERLESS_URI="${SERVERLESS_URI}"

echo "setting SERVERLESS_URI: $SERVERLESS_URI"

export MONGODB_URI="${SERVERLESS_URI}"
export SINGLE_MONGOS_LB_URI="${SERVERLESS_URI}"
export TEST_CSFLE=true

# Setting MULTI_MONGOS to the SERVERLESS_URI is intentional
# LB tests pick one host out of the comma separated list
# so just passing the one host is equivalent
export MULTI_MONGOS_LB_URI="${SERVERLESS_URI}"
source secrets-export.sh
source serverless.env

bash ${PROJECT_DIRECTORY}/.evergreen/run-serverless-tests.sh
start-load-balancer:
Expand Down Expand Up @@ -1130,28 +1116,10 @@ tasks:
type: setup
params:
binary: bash
add_expansions_to_env: true
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
GCPKMS_GCLOUD: ${GCPKMS_GCLOUD}
GCPKMS_PROJECT: ${GCPKMS_PROJECT}
GCPKMS_ZONE: ${GCPKMS_ZONE}
GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME}
args:
- src/.evergreen/setup-gcp-testing.sh
- command: subprocess.exec
type: test
params:
working_dir: src
binary: bash
env:
GCPKMS_GCLOUD: ${GCPKMS_GCLOUD}
GCPKMS_PROJECT: ${GCPKMS_PROJECT}
GCPKMS_ZONE: ${GCPKMS_ZONE}
GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME}
GCPKMS_CMD: env EXPECTED_GCPKMS_OUTCOME=success bash src/.evergreen/run-gcp-kms-tests.sh
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh
- src/.evergreen/run-deployed-gcp-kms-tests.sh
- name: test-gcpkms-fail-task
commands:
- command: expansions.update
Expand Down Expand Up @@ -1184,9 +1152,10 @@ tasks:
type: setup
params:
binary: bash
add_expansions_to_env: true
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
args:
- src/.evergreen/copy-driver-to-azure-and-run.sh
- src/.evergreen/run-deployed-azure-kms-tests.sh
- name: test-azurekms-fail-task
commands:
- command: expansions.update
Expand Down Expand Up @@ -4458,32 +4427,22 @@ task_groups:
setup_group_timeout_secs: 1800
setup_group:
- func: fetch source
- command: shell.exec
params:
shell: bash
script: |
${PREPARE_SHELL}
set +o xtrace
LOADBALANCED=ON \
SERVERLESS_DRIVERS_GROUP=${SERVERLESS_DRIVERS_GROUP} \
SERVERLESS_API_PUBLIC_KEY=${SERVERLESS_API_PUBLIC_KEY} \
SERVERLESS_API_PRIVATE_KEY=${SERVERLESS_API_PRIVATE_KEY} \
bash ${DRIVERS_TOOLS}/.evergreen/serverless/create-instance.sh
- command: expansions.update
- command: subprocess.exec
params:
file: serverless-expansion.yml
working_dir: src
binary: bash
env:
DRIVERS_TOOLS: ${DRIVERS_TOOLS}
args:
- .evergreen/setup-serverless.sh
teardown_group:
- func: upload test results
- command: shell.exec
- command: subprocess.exec
params:
script: |
${PREPARE_SHELL}
set +o xtrace
SERVERLESS_DRIVERS_GROUP=${SERVERLESS_DRIVERS_GROUP} \
SERVERLESS_API_PUBLIC_KEY=${SERVERLESS_API_PUBLIC_KEY} \
SERVERLESS_API_PRIVATE_KEY=${SERVERLESS_API_PRIVATE_KEY} \
SERVERLESS_INSTANCE_NAME=${SERVERLESS_INSTANCE_NAME} \
bash ${DRIVERS_TOOLS}/.evergreen/serverless/delete-instance.sh
working_dir: src
binary: bash
args:
- ${DRIVERS_TOOLS}/.evergreen/serverless/delete-instance.sh
tasks:
- .serverless
- name: test_gcpkms_task_group
Expand All @@ -4497,19 +4456,10 @@ task_groups:
binary: bash
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh
- command: expansions.update
params:
file: src/testgcpkms-expansions.yml
teardown_group:
- command: subprocess.exec
params:
binary: bash
add_expansions_to_env: true
env:
GCPKMS_GCLOUD: ${GCPKMS_GCLOUD}
GCPKMS_PROJECT: ${GCPKMS_PROJECT}
GCPKMS_ZONE: ${GCPKMS_ZONE}
GCPKMS_INSTANCENAME: ${GCPKMS_INSTANCENAME}
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/teardown.sh
tasks:
Expand All @@ -4527,17 +4477,13 @@ task_groups:
AZUREKMS_VMNAME_PREFIX: NODE_DRIVER
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh
- command: expansions.update
params:
file: src/testazurekms-expansions.yml
teardown_group:
- command: expansions.update
params:
file: testazurekms-expansions.yml
- command: subprocess.exec
params:
binary: bash
add_expansions_to_env: true
args:
- ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/teardown.sh
tasks:
Expand Down
3 changes: 1 addition & 2 deletions .evergreen/copy-driver-to-azure-and-run.sh → .evergreen/run-deployed-azure-kms-tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,11 @@

set -o errexit
source "${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/secrets-export.sh"
source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh

if [ -z ${AZUREKMS_RESOURCEGROUP+omitted} ]; then echo "AZUREKMS_RESOURCEGROUP is unset" && exit 1; fi
if [ -z ${AZUREKMS_VMNAME+omitted} ]; then echo "AZUREKMS_VMNAME is unset" && exit 1; fi

source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh

export AZUREKMS_PUBLICKEYPATH=/tmp/testazurekms_publickey
export AZUREKMS_PRIVATEKEYPATH=/tmp/testazurekms_privatekey

Expand Down
6 changes: 4 additions & 2 deletions .evergreen/setup-gcp-testing.sh → .evergreen/run-deployed-gcp-kms-tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#! /usr/bin/env bash

source "${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/secrets-export.sh"
source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh

# Assert required environment variables are present without printing them
if [ -z ${GCPKMS_GCLOUD+omitted} ]; then echo "GCPKMS_GCLOUD is unset" && exit 1; fi
Expand All @@ -10,8 +11,6 @@ if [ -z ${GCPKMS_INSTANCENAME+omitted} ]; then echo "GCPKMS_INSTANCENAME is unse

set -o errexit

source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh

export GCPKMS_SRC=node-driver-source.tgz
export GCPKMS_DST=$GCPKMS_INSTANCENAME:

Expand All @@ -28,3 +27,6 @@ echo "decompressing node driver tar on gcp ... begin"
export GCPKMS_CMD="tar -xzf $GCPKMS_SRC"
"${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh"
echo "decompressing node driver tar on gcp ... end"

export GCPKMS_CMD="env EXPECTED_GCPKMS_OUTCOME=success bash src/.evergreen/run-gcp-kms-tests.sh"
bash ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/run-command.sh
1 change: 0 additions & 1 deletion .evergreen/run-serverless-tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh

if [ -z ${SERVERLESS+omitted} ]; then echo "SERVERLESS is unset" && exit 1; fi
if [ -z ${SERVERLESS_URI+omitted} ]; then echo "SERVERLESS_URI is unset" && exit 1; fi
if [ -z ${SINGLE_MONGOS_LB_URI+omitted} ]; then echo "SINGLE_MONGOS_LB_URI is unset" && exit 1; fi
if [ -z ${MULTI_MONGOS_LB_URI+omitted} ]; then echo "MULTI_MONGOS_LB_URI is unset" && exit 1; fi
if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi
Expand Down
14 changes: 14 additions & 0 deletions .evergreen/setup-serverless.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env bash

bash ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/serverless
bash ${DRIVERS_TOOLS}/.evergreen/serverless/create-instance.sh

cp ${DRIVERS_TOOLS}/.evergreen/serverless/secrets-export.sh .

# generate a source-able expansion file
cat serverless-expansion.yml | sed 's/: /=/g' > serverless.env

echo 'export MONGODB_URI="${SERVERLESS_URI}"' >> serverless.env
echo 'export SINGLE_MONGOS_LB_URI="${SERVERLESS_URI}"' >> serverless.env
echo 'export MULTI_MONGOS_LB_URI="${SERVERLESS_URI}"' >> serverless.env
echo 'export SERVERLESS=1' >> serverless.env
Loading