Skip to content

Commit b7c6750

Browse files
durrandurran
authored
feat(NODE-6988)!: require aws sdk for aws auth (mongodb#4659)
1 parent 0e89311 commit b7c6750

File tree

9 files changed

+290
-485
lines changed

9 files changed

+290
-485
lines changed

.evergreen/config.in.yml

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -422,7 +422,6 @@ functions:
422422
include_expansions_in_env:
423423
- MONGODB_URI
424424
- DRIVERS_TOOLS
425-
- MONGODB_AWS_SDK
426425
- AWS_ACCESS_KEY_ID
427426
- AWS_SECRET_ACCESS_KEY
428427
- AWS_SESSION_TOKEN
@@ -440,7 +439,6 @@ functions:
440439
include_expansions_in_env:
441440
- MONGODB_URI
442441
- DRIVERS_TOOLS
443-
- MONGODB_AWS_SDK
444442
- AWS_ACCESS_KEY_ID
445443
- AWS_SECRET_ACCESS_KEY
446444
- AWS_SESSION_TOKEN
@@ -458,7 +456,6 @@ functions:
458456
include_expansions_in_env:
459457
- MONGODB_URI
460458
- DRIVERS_TOOLS
461-
- MONGODB_AWS_SDK
462459
- AWS_ACCESS_KEY_ID
463460
- AWS_SECRET_ACCESS_KEY
464461
- AWS_SESSION_TOKEN
@@ -477,7 +474,6 @@ functions:
477474
include_expansions_in_env:
478475
- MONGODB_URI
479476
- DRIVERS_TOOLS
480-
- MONGODB_AWS_SDK
481477
- AWS_ACCESS_KEY_ID
482478
- AWS_SECRET_ACCESS_KEY
483479
- AWS_SESSION_TOKEN
@@ -495,7 +491,6 @@ functions:
495491
include_expansions_in_env:
496492
- MONGODB_URI
497493
- DRIVERS_TOOLS
498-
- MONGODB_AWS_SDK
499494
- AWS_ACCESS_KEY_ID
500495
- AWS_SECRET_ACCESS_KEY
501496
- AWS_SESSION_TOKEN
@@ -513,7 +508,6 @@ functions:
513508
include_expansions_in_env:
514509
- MONGODB_URI
515510
- DRIVERS_TOOLS
516-
- MONGODB_AWS_SDK
517511
- AWS_ACCESS_KEY_ID
518512
- AWS_SECRET_ACCESS_KEY
519513
- AWS_SESSION_TOKEN
@@ -532,7 +526,6 @@ functions:
532526
include_expansions_in_env:
533527
- MONGODB_URI
534528
- DRIVERS_TOOLS
535-
- MONGODB_AWS_SDK
536529
- AWS_ACCESS_KEY_ID
537530
- AWS_SECRET_ACCESS_KEY
538531
- AWS_SESSION_TOKEN
@@ -549,7 +542,6 @@ functions:
549542
params:
550543
include_expansions_in_env:
551544
- DRIVERS_TOOLS
552-
- MONGODB_AWS_SDK
553545
- PROJECT_DIRECTORY
554546
- MONGODB_BINARIES
555547
- AWS_ACCESS_KEY_ID
@@ -597,7 +589,6 @@ functions:
597589
- AWS_SESSION_TOKEN
598590
env:
599591
AWS_CREDENTIAL_TYPE: env-creds
600-
MONGODB_AWS_SDK: "true"
601592
working_dir: "src"
602593
binary: bash
603594
args:

.evergreen/config.yml

Lines changed: 0 additions & 99 deletions
Original file line numberDiff line numberDiff line change
@@ -377,7 +377,6 @@ functions:
377377
include_expansions_in_env:
378378
- MONGODB_URI
379379
- DRIVERS_TOOLS
380-
- MONGODB_AWS_SDK
381380
- AWS_ACCESS_KEY_ID
382381
- AWS_SECRET_ACCESS_KEY
383382
- AWS_SESSION_TOKEN
@@ -394,7 +393,6 @@ functions:
394393
include_expansions_in_env:
395394
- MONGODB_URI
396395
- DRIVERS_TOOLS
397-
- MONGODB_AWS_SDK
398396
- AWS_ACCESS_KEY_ID
399397
- AWS_SECRET_ACCESS_KEY
400398
- AWS_SESSION_TOKEN
@@ -411,7 +409,6 @@ functions:
411409
include_expansions_in_env:
412410
- MONGODB_URI
413411
- DRIVERS_TOOLS
414-
- MONGODB_AWS_SDK
415412
- AWS_ACCESS_KEY_ID
416413
- AWS_SECRET_ACCESS_KEY
417414
- AWS_SESSION_TOKEN
@@ -429,7 +426,6 @@ functions:
429426
include_expansions_in_env:
430427
- MONGODB_URI
431428
- DRIVERS_TOOLS
432-
- MONGODB_AWS_SDK
433429
- AWS_ACCESS_KEY_ID
434430
- AWS_SECRET_ACCESS_KEY
435431
- AWS_SESSION_TOKEN
@@ -446,7 +442,6 @@ functions:
446442
include_expansions_in_env:
447443
- MONGODB_URI
448444
- DRIVERS_TOOLS
449-
- MONGODB_AWS_SDK
450445
- AWS_ACCESS_KEY_ID
451446
- AWS_SECRET_ACCESS_KEY
452447
- AWS_SESSION_TOKEN
@@ -463,7 +458,6 @@ functions:
463458
include_expansions_in_env:
464459
- MONGODB_URI
465460
- DRIVERS_TOOLS
466-
- MONGODB_AWS_SDK
467461
- AWS_ACCESS_KEY_ID
468462
- AWS_SECRET_ACCESS_KEY
469463
- AWS_SESSION_TOKEN
@@ -481,7 +475,6 @@ functions:
481475
include_expansions_in_env:
482476
- MONGODB_URI
483477
- DRIVERS_TOOLS
484-
- MONGODB_AWS_SDK
485478
- AWS_ACCESS_KEY_ID
486479
- AWS_SECRET_ACCESS_KEY
487480
- AWS_SESSION_TOKEN
@@ -497,7 +490,6 @@ functions:
497490
params:
498491
include_expansions_in_env:
499492
- DRIVERS_TOOLS
500-
- MONGODB_AWS_SDK
501493
- PROJECT_DIRECTORY
502494
- MONGODB_BINARIES
503495
- AWS_ACCESS_KEY_ID
@@ -542,7 +534,6 @@ functions:
542534
- AWS_SESSION_TOKEN
543535
env:
544536
AWS_CREDENTIAL_TYPE: env-creds
545-
MONGODB_AWS_SDK: 'true'
546537
working_dir: src
547538
binary: bash
548539
args:
@@ -1660,7 +1651,6 @@ tasks:
16601651
- {key: AUTH, value: auth}
16611652
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
16621653
- {key: TOPOLOGY, value: server}
1663-
- {key: MONGODB_AWS_SDK, value: 'true'}
16641654
- func: install dependencies
16651655
- func: bootstrap mongo-orchestration
16661656
- func: assume secrets manager role
@@ -1675,7 +1665,6 @@ tasks:
16751665
- {key: AUTH, value: auth}
16761666
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
16771667
- {key: TOPOLOGY, value: server}
1678-
- {key: MONGODB_AWS_SDK, value: 'true'}
16791668
- func: install dependencies
16801669
- func: bootstrap mongo-orchestration
16811670
- func: assume secrets manager role
@@ -1690,7 +1679,6 @@ tasks:
16901679
- {key: AUTH, value: auth}
16911680
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
16921681
- {key: TOPOLOGY, value: server}
1693-
- {key: MONGODB_AWS_SDK, value: 'true'}
16941682
- func: install dependencies
16951683
- func: bootstrap mongo-orchestration
16961684
- func: assume secrets manager role
@@ -1705,7 +1693,6 @@ tasks:
17051693
- {key: AUTH, value: auth}
17061694
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
17071695
- {key: TOPOLOGY, value: server}
1708-
- {key: MONGODB_AWS_SDK, value: 'true'}
17091696
- func: install dependencies
17101697
- func: bootstrap mongo-orchestration
17111698
- func: assume secrets manager role
@@ -1720,7 +1707,6 @@ tasks:
17201707
- {key: AUTH, value: auth}
17211708
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
17221709
- {key: TOPOLOGY, value: server}
1723-
- {key: MONGODB_AWS_SDK, value: 'true'}
17241710
- func: install dependencies
17251711
- func: bootstrap mongo-orchestration
17261712
- func: assume secrets manager role
@@ -1735,7 +1721,6 @@ tasks:
17351721
- {key: AUTH, value: auth}
17361722
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
17371723
- {key: TOPOLOGY, value: server}
1738-
- {key: MONGODB_AWS_SDK, value: 'true'}
17391724
- func: install dependencies
17401725
- func: bootstrap mongo-orchestration
17411726
- func: assume secrets manager role
@@ -1750,7 +1735,6 @@ tasks:
17501735
- {key: AUTH, value: auth}
17511736
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
17521737
- {key: TOPOLOGY, value: server}
1753-
- {key: MONGODB_AWS_SDK, value: 'true'}
17541738
- func: install dependencies
17551739
- func: bootstrap mongo-orchestration
17561740
- func: assume secrets manager role
@@ -1765,87 +1749,10 @@ tasks:
17651749
- {key: AUTH, value: auth}
17661750
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
17671751
- {key: TOPOLOGY, value: server}
1768-
- {key: MONGODB_AWS_SDK, value: 'true'}
17691752
- func: install dependencies
17701753
- func: bootstrap mongo-orchestration
17711754
- func: assume secrets manager role
17721755
- func: run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set
1773-
- name: aws-latest-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies
1774-
commands:
1775-
- command: expansions.update
1776-
type: setup
1777-
params:
1778-
updates:
1779-
- {key: VERSION, value: latest}
1780-
- {key: AUTH, value: auth}
1781-
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
1782-
- {key: TOPOLOGY, value: server}
1783-
- {key: MONGODB_AWS_SDK, value: 'false'}
1784-
- func: install dependencies
1785-
- func: bootstrap mongo-orchestration
1786-
- func: assume secrets manager role
1787-
- func: run aws auth test with regular aws credentials
1788-
- name: aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies
1789-
commands:
1790-
- command: expansions.update
1791-
type: setup
1792-
params:
1793-
updates:
1794-
- {key: VERSION, value: latest}
1795-
- {key: AUTH, value: auth}
1796-
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
1797-
- {key: TOPOLOGY, value: server}
1798-
- {key: MONGODB_AWS_SDK, value: 'false'}
1799-
- func: install dependencies
1800-
- func: bootstrap mongo-orchestration
1801-
- func: assume secrets manager role
1802-
- func: run aws auth test with assume role credentials
1803-
- name: aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies
1804-
commands:
1805-
- command: expansions.update
1806-
type: setup
1807-
params:
1808-
updates:
1809-
- {key: VERSION, value: latest}
1810-
- {key: AUTH, value: auth}
1811-
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
1812-
- {key: TOPOLOGY, value: server}
1813-
- {key: MONGODB_AWS_SDK, value: 'false'}
1814-
- func: install dependencies
1815-
- func: bootstrap mongo-orchestration
1816-
- func: assume secrets manager role
1817-
- func: run aws auth test with aws credentials as environment variables
1818-
- name: >-
1819-
aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies
1820-
commands:
1821-
- command: expansions.update
1822-
type: setup
1823-
params:
1824-
updates:
1825-
- {key: VERSION, value: latest}
1826-
- {key: AUTH, value: auth}
1827-
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
1828-
- {key: TOPOLOGY, value: server}
1829-
- {key: MONGODB_AWS_SDK, value: 'false'}
1830-
- func: install dependencies
1831-
- func: bootstrap mongo-orchestration
1832-
- func: assume secrets manager role
1833-
- func: run aws auth test with aws credentials and session token as environment variables
1834-
- name: aws-latest-auth-test-run-aws-ECS-auth-test-no-peer-dependencies
1835-
commands:
1836-
- command: expansions.update
1837-
type: setup
1838-
params:
1839-
updates:
1840-
- {key: VERSION, value: latest}
1841-
- {key: AUTH, value: auth}
1842-
- {key: ORCHESTRATION_FILE, value: auth-aws.json}
1843-
- {key: TOPOLOGY, value: server}
1844-
- {key: MONGODB_AWS_SDK, value: 'false'}
1845-
- func: install dependencies
1846-
- func: bootstrap mongo-orchestration
1847-
- func: assume secrets manager role
1848-
- func: run aws ECS auth test
18491756
- name: run-spec-benchmark-tests-node-server
18501757
tags:
18511758
- run-spec-benchmark-tests
@@ -3567,12 +3474,6 @@ buildvariants:
35673474
- aws-latest-auth-test-run-aws-ECS-auth-test
35683475
- aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-unset
35693476
- aws-latest-auth-test-run-aws-auth-test-AssumeRoleWithWebIdentity-with-AWS_ROLE_SESSION_NAME-set
3570-
- aws-latest-auth-test-run-aws-auth-test-with-regular-aws-credentials-no-peer-dependencies
3571-
- aws-latest-auth-test-run-aws-auth-test-with-assume-role-credentials-no-peer-dependencies
3572-
- aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-as-environment-variables-no-peer-dependencies
3573-
- >-
3574-
aws-latest-auth-test-run-aws-auth-test-with-aws-credentials-and-session-token-as-environment-variables-no-peer-dependencies
3575-
- aws-latest-auth-test-run-aws-ECS-auth-test-no-peer-dependencies
35763477
- name: ubuntu2204-test-atlas-data-lake
35773478
display_name: Atlas Data Lake Tests
35783479
run_on: ubuntu2204-large

.evergreen/generate_evergreen_tasks.js

Lines changed: 5 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -342,14 +342,8 @@ for (const VERSION of AWS_AUTH_VERSIONS) {
342342
{ func: 'run aws auth test with aws credentials as environment variables' },
343343
{ func: 'run aws auth test with aws credentials and session token as environment variables' },
344344
{ func: 'run aws ECS auth test' },
345-
{
346-
func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset',
347-
onlySdk: true
348-
},
349-
{
350-
func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set',
351-
onlySdk: true
352-
}
345+
{ func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset' },
346+
{ func: 'run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set' }
353347
];
354348

355349
const awsTasks = awsFuncs.map(fn => ({
@@ -359,8 +353,7 @@ for (const VERSION of AWS_AUTH_VERSIONS) {
359353
VERSION,
360354
AUTH: 'auth',
361355
ORCHESTRATION_FILE: 'auth-aws.json',
362-
TOPOLOGY: 'server',
363-
MONGODB_AWS_SDK: 'true'
356+
TOPOLOGY: 'server'
364357
}),
365358
{ func: 'install dependencies' },
366359
{ func: 'bootstrap mongo-orchestration' },
@@ -369,29 +362,8 @@ for (const VERSION of AWS_AUTH_VERSIONS) {
369362
]
370363
}));
371364

372-
const awsNoPeerDependenciesTasks = awsFuncs
373-
.filter(fn => fn.onlySdk !== true)
374-
.map(fn => ({
375-
name: `${name(fn.func)}-no-peer-dependencies`,
376-
commands: [
377-
updateExpansions({
378-
VERSION: VERSION,
379-
AUTH: 'auth',
380-
ORCHESTRATION_FILE: 'auth-aws.json',
381-
TOPOLOGY: 'server',
382-
MONGODB_AWS_SDK: 'false'
383-
}),
384-
{ func: 'install dependencies' },
385-
{ func: 'bootstrap mongo-orchestration' },
386-
{ func: 'assume secrets manager role' },
387-
{ func: fn.func }
388-
]
389-
}));
390-
391-
const allAwsTasks = awsTasks.concat(awsNoPeerDependenciesTasks);
392-
393-
TASKS.push(...allAwsTasks);
394-
AWS_AUTH_TASKS.push(...allAwsTasks.map(t => t.name));
365+
TASKS.push(...awsTasks);
366+
AWS_AUTH_TASKS.push(...awsTasks.map(t => t.name));
395367
}
396368

397369
const BUILD_VARIANTS = [];

.evergreen/prepare-mongodb-aws-ecs-auth.sh

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,6 @@ mkdir -p $ECS_SRC_DIR/.evergreen
1010
set -ex
1111

1212
# write test file
13-
echo "export MONGODB_AWS_SDK=$MONGODB_AWS_SDK" >>$PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh
14-
echo "if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi" >>$PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh
1513
echo "npm run check:aws" >>$PROJECT_DIRECTORY/.evergreen/run-mongodb-aws-ecs-test.sh
1614

1715
# copy test file to AWS ecs test directory

.evergreen/setup-mongodb-aws-auth-tests.sh

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ set +x
88
if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi
99
if [ -z ${DRIVERS_TOOLS+omitted} ]; then echo "DRIVERS_TOOLS is unset" && exit 1; fi
1010
if [ -z ${AWS_CREDENTIAL_TYPE+omitted} ]; then echo "AWS_CREDENTIAL_TYPE is unset" && exit 1; fi
11-
if [ -z ${MONGODB_AWS_SDK+omitted} ]; then echo "MONGODB_AWS_SDK is unset" && exit 1; fi
1211

1312
bash $DRIVERS_TOOLS/.evergreen/auth_aws/setup-secrets.sh
1413

@@ -25,7 +24,5 @@ cd $BEFORE
2524

2625
npm install --no-save aws4
2726

28-
if [ $MONGODB_AWS_SDK = 'false' ]; then rm -rf ./node_modules/@aws-sdk/credential-providers; fi
29-
3027
# revert to show test output
3128
set -x

0 commit comments

Comments
 (0)