Skip to content

Commit

Permalink
feat(NODE-3445): add support for AssumeRoleWithWebIdentity in aws aut…
Browse files Browse the repository at this point in the history
…hentication (#3556)
  • Loading branch information
baileympearson committed Feb 13, 2023
1 parent 908b3b6 commit b005ff6
Show file tree
Hide file tree
Showing 4 changed files with 1,655 additions and 1,205 deletions.
56 changes: 55 additions & 1 deletion .evergreen/config.in.yml
Original file line number Diff line number Diff line change
Expand Up @@ -545,7 +545,12 @@ functions:
"iam_auth_assume_role_name" : "${iam_auth_assume_role_name}",
"iam_auth_ec2_instance_account" : "${iam_auth_ec2_instance_account}",
"iam_auth_ec2_instance_secret_access_key" : "${iam_auth_ec2_instance_secret_access_key}",
"iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}"
"iam_auth_ec2_instance_profile" : "${iam_auth_ec2_instance_profile}",
"iam_auth_assume_web_role_name": "${iam_auth_assume_web_role_name}",
"iam_web_identity_issuer": "${iam_web_identity_issuer}",
"iam_web_identity_rsa_key": "${iam_web_identity_rsa_key}",
"iam_web_identity_jwks_uri": "${iam_web_identity_jwks_uri}",
"iam_web_identity_token_file": "${iam_web_identity_token_file}"
}
EOF
Expand Down Expand Up @@ -697,6 +702,55 @@ functions:
${PREPARE_SHELL}
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
"run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME set":
- command: shell.exec
type: test
params:
working_dir: "src"
silent: true
script: |
cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
. ./activate_venv.sh
${MONGODB_BINARIES}/mongo --verbose aws_e2e_web_identity.js
cd -
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
export AWS_ROLE_SESSION_NAME='test'
export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
EOF
- command: shell.exec
type: test
params:
working_dir: "src"
script: |
${PREPARE_SHELL}
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
"run aws auth test AssumeRoleWithWebIdentity with AWS_ROLE_SESSION_NAME unset":
- command: shell.exec
type: test
params:
working_dir: "src"
silent: true
script: |
cd ${DRIVERS_TOOLS}/.evergreen/auth_aws
. ./activate_venv.sh
${MONGODB_BINARIES}/mongo --verbose aws_e2e_web_identity.js
cd -
cat <<'EOF' > "${PROJECT_DIRECTORY}/prepare_mongodb_aws.sh"
export AWS_WEB_IDENTITY_TOKEN_FILE=${iam_web_identity_token_file}
export AWS_ROLE_ARN=${iam_auth_assume_web_role_name}
export MONGODB_URI="mongodb://localhost:27017/aws?authMechanism=MONGODB-AWS"
EOF
- command: shell.exec
type: test
params:
working_dir: "src"
script: |
${PREPARE_SHELL}
${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh
"run aws ECS auth test":
- command: shell.exec
type: test
Expand Down
Loading

0 comments on commit b005ff6

Please sign in to comment.