GODRIVER-2958 Use AWS Secrets for Atlas tests (#1365)

* GODRIVER-2958 Use AWS Secrets for Atlas tests * fix handling of shell * fix cleanup * print finished * try wip branch * cleanup * cleanup * cleanup * cleanup * clean up secrets handling * GODRIVER-2958 Use AWS Secrets for Atlas tests * restore drivers-eg-tools checkout
mongodb · Nov 8, 2023 · 80e2941 · 80e2941
1 parent d53e0bc
commit 80e2941
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 30 deletions.
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -437,37 +437,18 @@ functions:
  make -s evg-test-enterprise-auth
 
  run-atlas-test:
+ - command: ec2.assume_role
+ params:
+ role_arn: "${aws_test_secrets_role}"
  - command: shell.exec
  type: test
  params:
  shell: "bash"
  working_dir: src/go.mongodb.org/mongo-driver
+ include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
  script: |
- # DO NOT ECHO WITH XTRACE
- if [ "Windows_NT" = "$OS" ]; then
- export GOPATH=$(cygpath -w $(dirname $(dirname $(dirname `pwd`))))
- export GOCACHE=$(cygpath -w "$(pwd)/.cache")
- else
- export GOPATH=$(dirname $(dirname $(dirname `pwd`)))
- export GOCACHE="$(pwd)/.cache"
- fi;
- export GOPATH="$GOPATH"
- export GOROOT="${GO_DIST}"
- export GOCACHE="$GOCACHE"
- export PATH="${GCC_PATH}:${GO_DIST}/bin:$PATH"
- export ATLAS_FREE="${atlas_free_tier_uri}"
- export ATLAS_REPLSET="${atlas_replica_set_uri}"
- export ATLAS_SHARD="${atlas_sharded_uri}"
- export ATLAS_TLS11="${atlas_tls_v11_uri}"
- export ATLAS_TLS12="${atlas_tls_v12_uri}"
- export ATLAS_FREE_SRV="${atlas_free_tier_uri_srv}"
- export ATLAS_REPLSET_SRV="${atlas_replica_set_uri_srv}"
- export ATLAS_SHARD_SRV="${atlas_sharded_uri_srv}"
- export ATLAS_TLS11_SRV="${atlas_tls_v11_uri_srv}"
- export ATLAS_TLS12_SRV="${atlas_tls_v12_uri_srv}"
- export ATLAS_SERVERLESS="${atlas_serverless_uri}"
- export ATLAS_SERVERLESS_SRV="${atlas_serverless_uri_srv}"
- make -s evg-test-atlas
+ ${PREPARE_SHELL}
+ bash etc/run-atlas-test.sh
 
  run-ocsp-test:
  - command: shell.exec

diff --git a/.gitignore b/.gitignore
@@ -21,3 +21,11 @@ internal/test/faas/awslambda/events/event.json
 # Ignore compiled binaries from the compilecheck
 internal/test/compilecheck/compilecheck
 internal/test/compilecheck/compilecheck.so
+
+# Ignore api report files
+api-report.md
+api-report.txt
+
+# Ignore secrets files
+secrets-expansion.yml
+secrets-export.sh
diff --git a/Makefile b/Makefile
@@ -1,4 +1,3 @@
-ATLAS_URIS = "$(ATLAS_FREE)" "$(ATLAS_REPLSET)" "$(ATLAS_SHARD)" "$(ATLAS_TLS11)" "$(ATLAS_TLS12)" "$(ATLAS_FREE_SRV)" "$(ATLAS_REPLSET_SRV)" "$(ATLAS_SHARD_SRV)" "$(ATLAS_TLS11_SRV)" "$(ATLAS_TLS12_SRV)" "$(ATLAS_SERVERLESS)" "$(ATLAS_SERVERLESS_SRV)"
 TEST_TIMEOUT = 1800
 
 ### Utility targets. ###
@@ -124,10 +123,6 @@ build-aws-ecs-test:
 evg-test:
  go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s -p 1 ./... >> test.suite
 
-.PHONY: evg-test-atlas
-evg-test-atlas:
- go run ./cmd/testatlas/main.go $(ATLAS_URIS)
-
 .PHONY: evg-test-atlas-data-lake
 evg-test-atlas-data-lake:
  ATLAS_DATA_LAKE_INTEGRATION_TEST=true go test -v ./mongo/integration -run TestUnifiedSpecs/atlas-data-lake-testing >> spec_test.suite

diff --git a/cmd/testatlas/main.go b/cmd/testatlas/main.go
@@ -23,7 +23,11 @@ func main() {
  uris := flag.Args()
  ctx := context.Background()
 
+ fmt.Printf("Running atlas tests for %d uris\n", len(uris))
+
  for idx, uri := range uris {
+ fmt.Printf("Running test %d\n", idx)
+
  // Set a low server selection timeout so we fail fast if there are errors.
  clientOpts := options.Client().
  ApplyURI(uri).
@@ -41,6 +45,8 @@ func main() {
  panic(fmt.Sprintf("error running test with tlsInsecure at index %d: %v", idx, err))
  }
  }
+
+ fmt.Println("Finished!")
 }
 
 func runTest(ctx context.Context, clientOpts *options.ClientOptions) error {

diff --git a/etc/get_aws_secrets.sh b/etc/get_aws_secrets.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# get-aws-secrets
+# Gets AWS secrets from the vault
+set -eu
+
+if [ -z "$DRIVERS_TOOLS" ]; then
+ echo "Please define DRIVERS_TOOLS variable"
+ exit 1
+fi
+
+bash $DRIVERS_TOOLS/.evergreen/auth_aws/setup_secrets.sh $@
+. ./secrets-export.sh
diff --git a/etc/run-atlas-test.sh b/etc/run-atlas-test.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# run-atlas-test
+# Run atlas connectivity tests.
+set -eu
+set +x
+
+# Get the atlas secrets.
+. etc/get_aws_secrets.sh drivers/atlas_connect
+
+echo "Running cmd/testatlas/main.go"
+go run ./cmd/testatlas/main.go "$ATLAS_REPL" "$ATLAS_SHRD" "$ATLAS_FREE" "$ATLAS_TLS11" "$ATLAS_TLS12" "$ATLAS_SERVERLESS" "$ATLAS_SRV_REPL" "$ATLAS_SRV_SHRD" "$ATLAS_SRV_FREE" "$ATLAS_SRV_TLS11" "$ATLAS_SRV_TLS12" "$ATLAS_SRV_SERVERLESS"