Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PYTHON-3920 - Migrate AWS Auth Tests to use AWS Secrets #1367

Merged
merged 36 commits into from
Sep 5, 2023
Merged

PYTHON-3920 - Migrate AWS Auth Tests to use AWS Secrets #1367

merged 36 commits into from
Sep 5, 2023

Conversation

NoahStapp
Copy link
Contributor

No description provided.

@NoahStapp
testing
2267a64
@NoahStapp
PYTHON-3920 - Migrate AWS Auth Tests to use AWS Secrets
92dc1f6
@NoahStapp
Update web identity tests
0c17df6
@NoahStapp
Clean up echoes
4277328
@NoahStapp
Use prepare_aws_env.sh from DET
867cf0e
@NoahStapp
debugging
be0ece8
@NoahStapp
Debugging
df6e47e
@NoahStapp
Debugging
4d9524d
@NoahStapp
Debugging
5e52217
@NoahStapp
Consolodate AWS auth test function
1918c4a 
PYTHON-3920 - Migrate AWS Auth Tests to use AWS Secrets
@NoahStapp
Source secrets first
9dc15f3
@NoahStapp
debugging
027ca99
@NoahStapp
debug
9e0cb3e
@NoahStapp
Migrate assume role tests
be561c2
@NoahStapp
Migrate AWS EC2 cred tests
53779fe
@NoahStapp
don't include expansions
0ea4a12
@NoahStapp
Migrate AWS Web identity creds test
a5e86fb
@NoahStapp
Debugging
0bf2b3e
@NoahStapp
web identity debugging
14c0f11
@NoahStapp
more debugging
9d34059
@NoahStapp
Try using bash -c for explicit variable setting
fc24104
@NoahStapp
More env var testing
3fc9ae3
@NoahStapp
More env var testing
58c9f6c
@NoahStapp
Cleanup
edc451c
@NoahStapp
PYTHON_BINARY cleanup
c4686bd
@NoahStapp
More cleanup
928431c
@NoahStapp
Migrate AWS Auth credential tests
9a75a9a
@NoahStapp
debugging
70b6b02
@NoahStapp
Migrate AWS Session token auth test
157a8c0
@NoahStapp
Add SESSION_TOKEN_CREDENTIALS flag
5acd909
@NoahStapp NoahStapp requested a review from a team as a code owner August 30, 2023 19:59
@NoahStapp NoahStapp requested review from Jibola and blink1073 and removed request for a team August 30, 2023 19:59
blink1073
blink1073 requested changes Aug 30, 2023
View reviewed changes
.evergreen/config.yml
- command: shell.exec
type: test
params:
add_expansions_to_env: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These can be simplified to include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]. I tried it out in mongodb/mongo-go-driver#1365

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This particular instance still needs to be updated. :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for get_aws_secrets it fails without expansions_to_env, test-atlas has been updated to use include_expansions_in_env

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait so there are things we're missing from the new vault?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get_aws_secrets is what fetches the secrets from the vault.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, okay, so now I'm confused, because that's what I'm doing in the go driver ticket.

.evergreen/config.yml Outdated

cd -

# Write an empty prepare_aws_env so no auth environment variables are set.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't need to do this anymore (perhaps something still needs to change in D-E-T?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see how it is used now. I think we can also absorb this logic into run-mongodb-aws-test.sh. I do like the idea of adding the script in D-E-T as you've done.

.evergreen/config.yml Outdated
if [ "${skip_EC2_auth_test}" = "true" ]; then
echo "This platform does not support the web identity auth test, skipping..."
exit 0
fi
set -ex

# Try to source exported AWS Secrets
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can probably move this logic into run-mongodb-aws-test.sh and pass in the test to run (web-identity in this case).

.evergreen/run-tests.sh Outdated Show resolved Hide resolved
@blink1073
Copy link
Member

Nice, I like the direction this is heading. Looks like you still need to convert the last few tests?

@NoahStapp
Copy link
Contributor Author

Nice, I like the direction this is heading. Looks like you still need to convert the last few tests?

Should all be converted and good to go now!

blink1073
blink1073 approved these changes Sep 5, 2023
View reviewed changes
Copy link
Member

@blink1073 blink1073 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beautiful!

@NoahStapp
Copy link
Contributor Author

Beautiful!

Are these failures expected?

Screen Shot 2023-09-05 at 11 20 28 AM

@blink1073
Copy link
Member

No, I something changed on those tests, I'll open a ticket.

@NoahStapp
Copy link
Contributor Author

No, I something changed on those tests, I'll open a ticket.

Is this good to merge then?

@blink1073
Copy link
Member

Is this good to merge then?

Yes, I opened https://jira.mongodb.org/browse/PYTHON-3951

@NoahStapp NoahStapp merged commit b67ca68 into mongodb:master Sep 5, 2023
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blink1073 blink1073 blink1073 approved these changes

@Jibola Jibola Awaiting requested review from Jibola Jibola was automatically assigned from mongodb/dbx-python

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NoahStapp @blink1073