-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(NODE-6069): OIDC k8s machine workflow
- Loading branch information
Showing
12 changed files
with
249 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
set -o xtrace # Write all commands first to stderr | ||
set -o errexit # Exit the script with error if any of the commands fail | ||
|
||
export K8S_DRIVERS_TAR_FILE=/tmp/node-mongodb-native.tgz | ||
tar czf $K8S_DRIVERS_TAR_FILE . | ||
bash $DRIVERS_TOOLS/.evergreen/auth_oidc/k8s/setup-pod.sh | ||
bash $DRIVERS_TOOLS/.evergreen/auth_oidc/k8s/run-self-test.sh | ||
export K8S_TEST_CMD="ENVIRONMENT=k8s ./.evergreen/${SCRIPT}" | ||
source $DRIVERS_TOOLS/.evergreen/auth_oidc/k8s/secrets-export.sh | ||
bash $DRIVERS_TOOLS/.evergreen/auth_oidc/k8s/run-driver-test.sh | ||
bash $DRIVERS_TOOLS/.evergreen/auth_oidc/k8s/teardown-pod.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
import { readFile } from 'fs/promises'; | ||
|
||
import { type AccessToken, MachineWorkflow } from './machine_workflow'; | ||
import { type TokenCache } from './token_cache'; | ||
|
||
/** The fallback file name */ | ||
const FALLBACK_FILENAME = '/var/run/secrets/kubernetes.io/serviceaccount/token'; | ||
|
||
/** The azure environment variable for the file name. */ | ||
const AZURE_FILENAME = 'AZURE_FEDERATED_TOKEN_FILE'; | ||
|
||
/** The AWS environment variable for the file name. */ | ||
const AWS_FILENAME = 'AWS_WEB_IDENTITY_TOKEN_FILE'; | ||
|
||
export class K8SMachineWorkflow extends MachineWorkflow { | ||
/** | ||
* Instantiate the machine workflow. | ||
*/ | ||
constructor(cache: TokenCache) { | ||
super(cache); | ||
} | ||
|
||
/** | ||
* Get the token from the environment. | ||
*/ | ||
async getToken(): Promise<AccessToken> { | ||
let filename: string; | ||
if (process.env[AZURE_FILENAME]) { | ||
filename = process.env[AZURE_FILENAME]; | ||
} else if (process.env[AWS_FILENAME]) { | ||
filename = process.env[AWS_FILENAME]; | ||
} else { | ||
filename = FALLBACK_FILENAME; | ||
} | ||
const token = await readFile(filename, 'utf8'); | ||
return { access_token: token }; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
import { expect } from 'chai'; | ||
|
||
import { type Collection, MongoClient } from '../../mongodb'; | ||
|
||
const DEFAULT_URI = 'mongodb://127.0.0.1:27017'; | ||
|
||
describe('OIDC Auth Spec K8s Tests', function () { | ||
// Note there is no spec or tests for GCP yet, these are 2 scenarios based on the | ||
// drivers tools scripts available. | ||
describe('6. GCP Tests', function () { | ||
let client: MongoClient; | ||
let collection: Collection; | ||
|
||
beforeEach(function () { | ||
if (!this.configuration.isOIDC(process.env.MONGODB_URI_SINGLE, 'k8s')) { | ||
this.skipReason = 'K8s OIDC prose tests require a K8s OIDC environment.'; | ||
this.skip(); | ||
} | ||
}); | ||
|
||
afterEach(async function () { | ||
await client?.close(); | ||
}); | ||
|
||
describe('7.1 K8s With Environment Set', function () { | ||
beforeEach(function () { | ||
client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI); | ||
collection = client.db('test').collection('test'); | ||
}); | ||
|
||
it('successfully authenticates', async function () { | ||
const result = await collection.findOne(); | ||
expect(result).to.not.be.null; | ||
}); | ||
}); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters