test: azure oidc updates

mongodb · Jan 29, 2024 · 24dc578 · 24dc578
1 parent e13afba
commit 24dc578
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 12 deletions.
diff --git a/.evergreen/prepare-shell.sh b/.evergreen/prepare-shell.sh
@@ -31,7 +31,7 @@ export PATH="$MONGODB_BINARIES:$PATH"
 
 if [ ! -d "$DRIVERS_TOOLS" ]; then
   # Only clone driver tools if it does not exist
-  git clone --depth=1 "https://github.com/mongodb-labs/drivers-evergreen-tools.git" "${DRIVERS_TOOLS}"
+  git clone --depth=1 --branch DRIVERS-2416-5 "https://github.com/blink1073/drivers-evergreen-tools.git" "${DRIVERS_TOOLS}"
 fi
 
 echo "installed DRIVERS_EVERGREEN_TOOLS from commit $(git -C $DRIVERS_EVERGREEN_TOOLS rev-parse HEAD)"

diff --git a/.evergreen/run-oidc-tests.sh b/.evergreen/run-oidc-tests.sh
@@ -17,10 +17,9 @@ if [ "$PROVIDER_NAME" = "azure" ]; then
     echo "Must specify an AZUREOIDC_CLIENTID"
     exit 1
   fi
-  MONGODB_URI="${MONGODB_URI}/?authMechanism=MONGODB-OIDC"
+  MONGODB_URI="mongodb://${AZUREOIDC_USERNAME}@127.0.0.1:27017/?authMechanism=MONGODB-OIDC"
   MONGODB_URI="${MONGODB_URI}&authMechanismProperties=PROVIDER_NAME:azure"
-  MONGODB_URI="${MONGODB_URI},TOKEN_AUDIENCE:api%3A%2F%2F${AZUREOIDC_CLIENTID}"
-  export MONGODB_URI="${MONGODB_URI},TOKEN_CLIENT_ID:${AZUREOIDC_TOKENCLIENT}"
+  export MONGODB_URI="${MONGODB_URI},TOKEN_AUDIENCE:api%3A%2F%2F${AZUREOIDC_CLIENTID}"
   npm run check:oidc-azure
 else
   echo $OIDC_ATLAS_URI_SINGLE

diff --git a/src/cmap/auth/mongodb_oidc/azure_machine_workflow.ts b/src/cmap/auth/mongodb_oidc/azure_machine_workflow.ts
@@ -6,7 +6,7 @@ import { MachineWorkflow } from './machine_workflow';
 
 /** Base URL for getting Azure tokens. */
 const AZURE_BASE_URL =
-  'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01';
+  'http://169.254.169.254/metadata/identity/oauth2/token?';
 
 /** Azure request headers. */
 const AZURE_HEADERS = Object.freeze({ Metadata: 'true', Accept: 'application/json' });
@@ -41,7 +41,7 @@ export class AzureMachineWorkflow extends MachineWorkflow {
    */
   async getToken(credentials?: MongoCredentials): Promise<string> {
     const tokenAudience = credentials?.mechanismProperties.TOKEN_AUDIENCE;
-    const tokenClientId = credentials?.mechanismProperties.TOKEN_CLIENT_ID;
+    const username = credentials?.username;
     if (!tokenAudience) {
       throw new MongoAzureError(TOKEN_AUDIENCE_MISSING_ERROR);
     }
@@ -51,7 +51,7 @@ export class AzureMachineWorkflow extends MachineWorkflow {
       token = entry.token;
     } else {
       this.cache.deleteEntry(tokenAudience);
-      const response = await getAzureTokenData(tokenAudience, tokenClientId);
+      const response = await getAzureTokenData(tokenAudience, username);
       if (!isEndpointResultValid(response)) {
         throw new MongoAzureError(ENDPOINT_RESULT_ERROR);
       }
@@ -67,13 +67,15 @@ export class AzureMachineWorkflow extends MachineWorkflow {
  */
 async function getAzureTokenData(
   tokenAudience: string,
-  tokenClientId?: string
+  username?: string
 ): Promise<AzureAccessToken> {
-  let url = `${AZURE_BASE_URL}&resource=${tokenAudience}`;
-  if (tokenClientId) {
-    url += `&client_id=${tokenClientId}`;
+  const url = new URL(AZURE_BASE_URL);
+  url.searchParams.append('api-version', '2018-02-01');
+  url.searchParams.append('resource', tokenAudience);
+  if (username) {
+    url.searchParams.append('object_id', username);
   }
-  const data = await request(url, {
+  const data = await request(url.toString(), {
     json: true,
     headers: AZURE_HEADERS
   });