From 750c0bd097609522f5e22cf1c0756466a9220041 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 13 Oct 2023 14:20:22 -0500 Subject: [PATCH 01/11] wip --- .evergreen/config.yml | 137 ++--------------------------- .evergreen/run-mongodb-aws-test.sh | 15 +--- 2 files changed, 7 insertions(+), 145 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 27c450279c..a49ca52cf1 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -719,38 +719,6 @@ functions: python ./lib/aws_assign_instance_profile.py fi - add-aws-auth-variables-to-file: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - cat < ${DRIVERS_TOOLS}/.evergreen/auth_aws/aws_e2e_setup.json - { - "iam_auth_ecs_account" : "${iam_auth_ecs_account}", - "iam_auth_ecs_secret_access_key" : "${iam_auth_ecs_secret_access_key}", - "iam_auth_ecs_account_arn": "arn:aws:iam::557821124784:user/authtest_fargate_user", - "iam_auth_ecs_cluster": "${iam_auth_ecs_cluster}", - "iam_auth_ecs_task_definition": "${iam_auth_ecs_task_definition}", - "iam_auth_ecs_subnet_a": "${iam_auth_ecs_subnet_a}", - "iam_auth_ecs_subnet_b": "${iam_auth_ecs_subnet_b}", - "iam_auth_ecs_security_group": "${iam_auth_ecs_security_group}", - "iam_auth_assume_aws_account" : "${iam_auth_assume_aws_account}", - "iam_auth_assume_aws_secret_access_key" : "${iam_auth_assume_aws_secret_access_key}", - "iam_auth_assume_role_name" : "${iam_auth_assume_role_name}", - "iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}", - "iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}", - "iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}", - "iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}", - "iam_web_identity_issuer": "${iam_web_identity_issuer}", - "iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}", - "iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}", - "iam_web_identity_token_file": "${iam_web_identity_token_file}" - } - EOF - run-aws-auth-test-with-regular-aws-credentials: - command: shell.exec type: test @@ -759,30 +727,7 @@ functions: working_dir: "src" script: | ${PREPARE_SHELL} - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - mongo aws_e2e_regular_aws.js - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias urlencode='python -c "import sys, urllib as ul; sys.stdout.write(ul.quote_plus(sys.argv[1]))"' - USER=$(urlencode ${iam_auth_ecs_account}) - PASS=$(urlencode ${iam_auth_ecs_secret_access_key}) - MONGODB_URI="mongodb://$USER:$PASS@localhost" - EOF - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh regular run-aws-auth-test-with-assume-role-credentials: - command: shell.exec @@ -792,36 +737,7 @@ functions: working_dir: "src" script: | ${PREPARE_SHELL} - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - mongo aws_e2e_assume_role.js - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - # DO NOT ECHO WITH XTRACE - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias urlencode='python -c "import sys, urllib as ul; sys.stdout.write(ul.quote_plus(sys.argv[1]))"' - alias jsonkey='python -c "import json,sys;sys.stdout.write(json.load(sys.stdin)[sys.argv[1]])" < ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json' - USER=$(jsonkey AccessKeyId) - USER=$(urlencode $USER) - PASS=$(jsonkey SecretAccessKey) - PASS=$(urlencode $PASS) - SESSION_TOKEN=$(jsonkey SessionToken) - SESSION_TOKEN=$(urlencode $SESSION_TOKEN) - MONGODB_URI="mongodb://$USER:$PASS@localhost" - EOF - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - script: | - ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh assume-role run-aws-auth-test-with-aws-EC2-credentials: - command: shell.exec @@ -835,38 +751,9 @@ functions: echo "This platform does not support the EC2 auth test, skipping..." exit 0 fi - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate-authawsvenv.sh - mongo aws_e2e_ec2.js - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - script: | - ${PREPARE_SHELL} - if [ "${SKIP_EC2_AUTH_TEST}" = "true" ]; then - exit 0 - fi - - # Truncate "prepare_mongodb_aws.sh" to zero length. If file not present, creates zero-length file. - : > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh ec2 run-aws-auth-test-with-aws-credentials-as-environment-variables: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - # DO NOT ECHO WITH XTRACE - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ACCESS_KEY_ID=${iam_auth_ecs_account} - export AWS_SECRET_ACCESS_KEY=${iam_auth_ecs_secret_access_key} - EOF - command: shell.exec type: test params: @@ -874,23 +761,9 @@ functions: working_dir: "src" script: | ${PREPARE_SHELL} - PROJECT_DIRECTORY=${PROJECT_DIRECTORY} ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh env-creds run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables: - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - # DO NOT ECHO WITH XTRACE - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - alias jsonkey='python -c "import json,sys;sys.stdout.write(json.load(sys.stdin)[sys.argv[1]])" < ${DRIVERS_TOOLS}/.evergreen/auth_aws/creds.json' - export AWS_ACCESS_KEY_ID=$(jsonkey AccessKeyId) - export AWS_SECRET_ACCESS_KEY=$(jsonkey SecretAccessKey) - export AWS_SESSION_TOKEN=$(jsonkey SessionToken) - EOF - command: shell.exec type: test params: @@ -898,7 +771,7 @@ functions: working_dir: "src" script: | ${PREPARE_SHELL} - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh session-creds run-aws-ECS-auth-test: - command: shell.exec diff --git a/.evergreen/run-mongodb-aws-test.sh b/.evergreen/run-mongodb-aws-test.sh index 4652734ff8..3b213b249c 100644 --- a/.evergreen/run-mongodb-aws-test.sh +++ b/.evergreen/run-mongodb-aws-test.sh @@ -12,20 +12,9 @@ set -o errexit # Exit the script with error if any of the commands fail # mechanism. echo "Running MONGODB-AWS authentication tests" -# ensure no secrets are printed in log files -set +x -# load the script -shopt -s expand_aliases # needed for `urlencode` alias -[ -s "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" ] && source "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - -MONGODB_URI=${MONGODB_URI:-"mongodb://localhost"} -MONGODB_URI="${MONGODB_URI}/aws?authMechanism=MONGODB-AWS" -if [[ -n ${SESSION_TOKEN} ]]; then - MONGODB_URI="${MONGODB_URI}&authMechanismProperties=AWS_SESSION_TOKEN:${SESSION_TOKEN}" -fi - -export MONGODB_URI="$MONGODB_URI" +# Handle credentials and environment setup. +. $DRIVERS_TOOLS/.evergreen/auth_aws/aws_setup.sh $1 # show test output set -x From 91a45c3981ddab3121efcb934e162e013fc380be Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 13 Oct 2023 21:45:22 -0500 Subject: [PATCH 02/11] more migration --- .evergreen/config.yml | 66 +++++-------------------------------------- 1 file changed, 7 insertions(+), 59 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a49ca52cf1..2a7be00dc9 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -131,6 +131,7 @@ functions: PROJECT_DIRECTORY: "$PROJECT_DIRECTORY" PREPARE_SHELL: | set -o errexit + export SKIP_LEGACY_SHELL=1 # TODO: remove before merge export GOROOT="$GOROOT" export GOPATH="$GOPATH" export GOCACHE="$GOCACHE" @@ -803,14 +804,9 @@ functions: cp ${PROJECT_DIRECTORY}/main $ECS_SRC_DIR cp ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-ecs-test.sh $ECS_SRC_DIR/.evergreen tar -czf $ECS_SRC_DIR/src.tgz -C $PROJECT_DIRECTORY . - cd $AUTH_AWS_DIR - . ./activate-authawsvenv.sh - cat < setup.js - const mongo_binaries = "$MONGODB_BINARIES"; - const project_dir = "$ECS_SRC_DIR"; - EOF - cat setup.js - mongo --nodb setup.js aws_e2e_ecs.js + + export PROJECT_DIRECTORY="$ECS_SRC_DIR" + $AUTH_AWS_DIR/aws_setup.sh ecs run-aws-auth-test-with-aws-web-identity-credentials: - command: shell.exec @@ -824,56 +820,7 @@ functions: echo "This platform does not support the web identity auth test, skipping..." exit 0 fi - cd ${DRIVERS_TOOLS}/.evergreen/auth_aws - . ./activate_venv.sh - mongo aws_e2e_web_identity.js - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - if [ "${SKIP_WEB_IDENTITY_AUTH_TEST}" = "true" ]; then - echo "This platform does not support the web identity auth test, skipping..." - exit 0 - fi - # DO NOT ECHO WITH XTRACE - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ROLE_ARN="${iam_auth_assume_web_role_name}" - export AWS_WEB_IDENTITY_TOKEN_FILE="${iam_web_identity_token_file}" - export MONGODB_URI="mongodb://localhost" - EOF - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - script: | - ${PREPARE_SHELL} - if [ "${SKIP_WEB_IDENTITY_AUTH_TEST}" = "true" ]; then - echo "This platform does not support the web identity auth test, skipping..." - exit 0 - fi - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh - - command: shell.exec - type: test - params: - shell: "bash" - working_dir: "src" - silent: true - script: | - if [ "${SKIP_WEB_IDENTITY_AUTH_TEST}" = "true" ]; then - echo "This platform does not support the web identity auth test, skipping..." - exit 0 - fi - # DO NOT ECHO WITH XTRACE - cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh" - export AWS_ROLE_ARN="${iam_auth_assume_web_role_name}" - export AWS_WEB_IDENTITY_TOKEN_FILE="${iam_web_identity_token_file}" - export AWS_ROLE_SESSION_NAME="test" - export MONGODB_URI="mongodb://localhost" - EOF + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh web-identity - command: shell.exec type: test params: @@ -885,7 +832,8 @@ functions: echo "This platform does not support the web identity auth test, skipping..." exit 0 fi - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh + export AWS_ROLE_SESSION_NAME="test" + ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh web-identity start-kms-mock-server: - command: shell.exec From 5327660ab5743b73322ba27df904d3880ec420c5 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 13 Oct 2023 21:45:58 -0500 Subject: [PATCH 03/11] fix yaml --- .evergreen/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 2a7be00dc9..e1ab06e715 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1784,7 +1784,6 @@ tasks: AUTH: "auth" ORCHESTRATION_FILE: "auth-aws.json" TOPOLOGY: "server" - - func: add-aws-auth-variables-to-file - func: run-aws-auth-test-with-regular-aws-credentials - func: run-aws-auth-test-with-assume-role-credentials - func: run-aws-auth-test-with-aws-credentials-as-environment-variables From 1f1ed5e4f7c7e020e02cab151dfda3ea24636910 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 13 Oct 2023 21:52:59 -0500 Subject: [PATCH 04/11] use branch --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index e1ab06e715..af941aa804 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -164,7 +164,7 @@ functions: # If this was a patch build, doing a fresh clone would not actually test the patch cp -R ${PROJECT_DIRECTORY}/ $DRIVERS_TOOLS else - git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git $DRIVERS_TOOLS + git clone --branch GODRIVER-2607 https://github.com/blink1073/drivers-evergreen-tools.git $DRIVERS_TOOLS fi echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config - command: shell.exec From db64cb6c4b7c98804fc6c421f5d48aba1dabbf71 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 14 Oct 2023 04:39:52 -0500 Subject: [PATCH 05/11] skip ecs for now --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index af941aa804..58d0c4a015 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1789,7 +1789,7 @@ tasks: - func: run-aws-auth-test-with-aws-credentials-as-environment-variables - func: run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables - func: run-aws-auth-test-with-aws-EC2-credentials - - func: run-aws-ECS-auth-test + #- func: run-aws-ECS-auth-test - func: run-aws-auth-test-with-aws-web-identity-credentials - name: "test-standalone-versioned-api" From bec20ae629733b689ab3556f5be90ec2426e7854 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 14 Oct 2023 04:58:20 -0500 Subject: [PATCH 06/11] speed up --- .evergreen/config.yml | 50 +++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 58d0c4a015..445427a7ea 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -97,30 +97,30 @@ functions: go version go env - LIBMONGOCRYPT_TAG="1.8.0-alpha1" - # Install libmongocrypt based on OS. - if [ "Windows_NT" = "$OS" ]; then - mkdir -p c:/libmongocrypt/include - mkdir -p c:/libmongocrypt/bin - echo "fetching build for Windows ... begin" - mkdir libmongocrypt-all - cd libmongocrypt-all - # The following URL is published from the upload-all task in the libmongocrypt Evergreen project. - curl https://mciuploads.s3.amazonaws.com/libmongocrypt/all/$LIBMONGOCRYPT_TAG/libmongocrypt-all.tar.gz -o libmongocrypt-all.tar.gz - tar -xf libmongocrypt-all.tar.gz - cd .. - cp libmongocrypt-all/windows-test/bin/mongocrypt.dll c:/libmongocrypt/bin - cp libmongocrypt-all/windows-test/include/mongocrypt/*.h c:/libmongocrypt/include - export PATH=$PATH:/cygdrive/c/libmongocrypt/bin - rm -rf libmongocrypt-all - echo "fetching build for Windows ... end" - else - git clone https://github.com/mongodb/libmongocrypt --depth=1 --branch $LIBMONGOCRYPT_TAG - if ! ( ./libmongocrypt/.evergreen/compile.sh >| output.txt 2>&1 ); then - cat output.txt 1>&2 - exit 1 - fi - fi + # LIBMONGOCRYPT_TAG="1.8.0-alpha1" + # # Install libmongocrypt based on OS. + # if [ "Windows_NT" = "$OS" ]; then + # mkdir -p c:/libmongocrypt/include + # mkdir -p c:/libmongocrypt/bin + # echo "fetching build for Windows ... begin" + # mkdir libmongocrypt-all + # cd libmongocrypt-all + # # The following URL is published from the upload-all task in the libmongocrypt Evergreen project. + # curl https://mciuploads.s3.amazonaws.com/libmongocrypt/all/$LIBMONGOCRYPT_TAG/libmongocrypt-all.tar.gz -o libmongocrypt-all.tar.gz + # tar -xf libmongocrypt-all.tar.gz + # cd .. + # cp libmongocrypt-all/windows-test/bin/mongocrypt.dll c:/libmongocrypt/bin + # cp libmongocrypt-all/windows-test/include/mongocrypt/*.h c:/libmongocrypt/include + # export PATH=$PATH:/cygdrive/c/libmongocrypt/bin + # rm -rf libmongocrypt-all + # echo "fetching build for Windows ... end" + # else + # git clone https://github.com/mongodb/libmongocrypt --depth=1 --branch $LIBMONGOCRYPT_TAG + # if ! ( ./libmongocrypt/.evergreen/compile.sh >| output.txt 2>&1 ); then + # cat output.txt 1>&2 + # exit 1 + # fi + # fi cat < expansion.yml CURRENT_VERSION: "$CURRENT_VERSION" @@ -1004,7 +1004,7 @@ pre: - func: windows-fix - func: fix-absolute-paths - func: make-files-executable - - func: start-cse-servers + #- func: start-cse-servers post: - command: gotest.parse_files From e87ad5d5a350640f93cf150cec5dd6187ae1ea66 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 14 Oct 2023 11:59:35 -0500 Subject: [PATCH 07/11] handle secrets with assume_role --- .evergreen/config.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 445427a7ea..f6535ca5f1 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -808,6 +808,21 @@ functions: export PROJECT_DIRECTORY="$ECS_SRC_DIR" $AUTH_AWS_DIR/aws_setup.sh ecs + run-aws-auth-get-secrets: + - command: ec2.assume_role + params: + role_arn: ${aws_test_secrets_role} + - command: shell.exec + type: test + params: + include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] + shell: "bash" + working_dir: "src" + script: | + ${PREPARE_SHELL} + cd $DRIVERS_TOOLS/.evergreen/aws_auth + ./setup_secrets.sh drivers/aws_auth + run-aws-auth-test-with-aws-web-identity-credentials: - command: shell.exec type: test @@ -1784,6 +1799,7 @@ tasks: AUTH: "auth" ORCHESTRATION_FILE: "auth-aws.json" TOPOLOGY: "server" + - func: run-aws-auth-get-secrets - func: run-aws-auth-test-with-regular-aws-credentials - func: run-aws-auth-test-with-assume-role-credentials - func: run-aws-auth-test-with-aws-credentials-as-environment-variables From 234e6364cebff26fb75df4561a418b7954f8ab4e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 14 Oct 2023 13:06:19 -0500 Subject: [PATCH 08/11] fix dir name --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index f6535ca5f1..85f6286b1f 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -820,7 +820,7 @@ functions: working_dir: "src" script: | ${PREPARE_SHELL} - cd $DRIVERS_TOOLS/.evergreen/aws_auth + cd $DRIVERS_TOOLS/.evergreen/auth_aws ./setup_secrets.sh drivers/aws_auth run-aws-auth-test-with-aws-web-identity-credentials: From 1d3a863d1c403c5cde4334e52dc32445fe0f6659 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 14 Oct 2023 19:15:38 -0500 Subject: [PATCH 09/11] ensure no legacy shell --- .evergreen/config.yml | 52 +++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 85f6286b1f..af7dfbfd27 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -97,30 +97,30 @@ functions: go version go env - # LIBMONGOCRYPT_TAG="1.8.0-alpha1" - # # Install libmongocrypt based on OS. - # if [ "Windows_NT" = "$OS" ]; then - # mkdir -p c:/libmongocrypt/include - # mkdir -p c:/libmongocrypt/bin - # echo "fetching build for Windows ... begin" - # mkdir libmongocrypt-all - # cd libmongocrypt-all - # # The following URL is published from the upload-all task in the libmongocrypt Evergreen project. - # curl https://mciuploads.s3.amazonaws.com/libmongocrypt/all/$LIBMONGOCRYPT_TAG/libmongocrypt-all.tar.gz -o libmongocrypt-all.tar.gz - # tar -xf libmongocrypt-all.tar.gz - # cd .. - # cp libmongocrypt-all/windows-test/bin/mongocrypt.dll c:/libmongocrypt/bin - # cp libmongocrypt-all/windows-test/include/mongocrypt/*.h c:/libmongocrypt/include - # export PATH=$PATH:/cygdrive/c/libmongocrypt/bin - # rm -rf libmongocrypt-all - # echo "fetching build for Windows ... end" - # else - # git clone https://github.com/mongodb/libmongocrypt --depth=1 --branch $LIBMONGOCRYPT_TAG - # if ! ( ./libmongocrypt/.evergreen/compile.sh >| output.txt 2>&1 ); then - # cat output.txt 1>&2 - # exit 1 - # fi - # fi + LIBMONGOCRYPT_TAG="1.8.0-alpha1" + # Install libmongocrypt based on OS. + if [ "Windows_NT" = "$OS" ]; then + mkdir -p c:/libmongocrypt/include + mkdir -p c:/libmongocrypt/bin + echo "fetching build for Windows ... begin" + mkdir libmongocrypt-all + cd libmongocrypt-all + # The following URL is published from the upload-all task in the libmongocrypt Evergreen project. + curl https://mciuploads.s3.amazonaws.com/libmongocrypt/all/$LIBMONGOCRYPT_TAG/libmongocrypt-all.tar.gz -o libmongocrypt-all.tar.gz + tar -xf libmongocrypt-all.tar.gz + cd .. + cp libmongocrypt-all/windows-test/bin/mongocrypt.dll c:/libmongocrypt/bin + cp libmongocrypt-all/windows-test/include/mongocrypt/*.h c:/libmongocrypt/include + export PATH=$PATH:/cygdrive/c/libmongocrypt/bin + rm -rf libmongocrypt-all + echo "fetching build for Windows ... end" + else + git clone https://github.com/mongodb/libmongocrypt --depth=1 --branch $LIBMONGOCRYPT_TAG + if ! ( ./libmongocrypt/.evergreen/compile.sh >| output.txt 2>&1 ); then + cat output.txt 1>&2 + exit 1 + fi + fi cat < expansion.yml CURRENT_VERSION: "$CURRENT_VERSION" @@ -131,7 +131,7 @@ functions: PROJECT_DIRECTORY: "$PROJECT_DIRECTORY" PREPARE_SHELL: | set -o errexit - export SKIP_LEGACY_SHELL=1 # TODO: remove before merge + export SKIP_LEGACY_SHELL=1 export GOROOT="$GOROOT" export GOPATH="$GOPATH" export GOCACHE="$GOCACHE" @@ -1019,7 +1019,7 @@ pre: - func: windows-fix - func: fix-absolute-paths - func: make-files-executable - #- func: start-cse-servers + - func: start-cse-servers post: - command: gotest.parse_files From 1f9758d2f57dd0643a9d4f6786700f6cc3f170e7 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 17 Oct 2023 05:36:48 -0500 Subject: [PATCH 10/11] cleanup --- .evergreen/config.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index ee90943e0a..f7c666266b 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -712,6 +712,21 @@ functions: python ./lib/aws_assign_instance_profile.py fi + add-aws-auth-variables-to-file: + - command: ec2.assume_role + params: + role_arn: ${aws_test_secrets_role} + - command: shell.exec + type: test + params: + include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] + shell: "bash" + working_dir: "src" + script: | + ${PREPARE_SHELL} + cd $DRIVERS_TOOLS/.evergreen/auth_aws + ./setup_secrets.sh drivers/aws_auth + run-aws-auth-test-with-regular-aws-credentials: - command: shell.exec type: test @@ -800,21 +815,6 @@ functions: export PROJECT_DIRECTORY="$ECS_SRC_DIR" $AUTH_AWS_DIR/aws_setup.sh ecs - run-aws-auth-get-secrets: - - command: ec2.assume_role - params: - role_arn: ${aws_test_secrets_role} - - command: shell.exec - type: test - params: - include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"] - shell: "bash" - working_dir: "src" - script: | - ${PREPARE_SHELL} - cd $DRIVERS_TOOLS/.evergreen/auth_aws - ./setup_secrets.sh drivers/aws_auth - run-aws-auth-test-with-aws-web-identity-credentials: - command: shell.exec type: test @@ -1795,13 +1795,13 @@ tasks: AUTH: "auth" ORCHESTRATION_FILE: "auth-aws.json" TOPOLOGY: "server" - - func: run-aws-auth-get-secrets + - func: add-aws-auth-variables-to-file - func: run-aws-auth-test-with-regular-aws-credentials - func: run-aws-auth-test-with-assume-role-credentials - func: run-aws-auth-test-with-aws-credentials-as-environment-variables - func: run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables - func: run-aws-auth-test-with-aws-EC2-credentials - #- func: run-aws-ECS-auth-test + - func: run-aws-ECS-auth-test - func: run-aws-auth-test-with-aws-web-identity-credentials - name: "test-standalone-versioned-api" From 8927927342ae2b8b3b65e166c7d41cc1b6b2bc79 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 17 Oct 2023 13:06:25 -0500 Subject: [PATCH 11/11] Use final branch --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index f7c666266b..b755351163 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -145,7 +145,7 @@ functions: # If this was a patch build, doing a fresh clone would not actually test the patch cp -R ${PROJECT_DIRECTORY}/ $DRIVERS_TOOLS else - git clone --branch GODRIVER-2607 https://github.com/blink1073/drivers-evergreen-tools.git $DRIVERS_TOOLS + git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git $DRIVERS_TOOLS fi echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config - command: shell.exec