-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(NODE-4929): Add OIDC Azure workflow #3670
Merged
Changes from all commits
Commits
Show all changes
40 commits
Select commit
Hold shift + click to select a range
7fd4c02
feat(NODE-4929): Add OIDC Azure workflow
durran e15b4b8
refactor: token caches
durran cb72e60
test: update configs
durran 31a5e1e
fix: add azure error
durran 71ba05e
test: point at new branch
durran a8fa022
test: update permissions
durran b9a3ba4
test: fix unit test
durran 8cfa756
test: setup scripts
durran 42ddd33
test: install deps
durran 5614f45
test: fix unit tests
durran 3e7c17a
fix: make azure error public
durran 7ce4c4d
test: first 2 prose tests
durran 5c80981
test: fix validation, more prose tests
durran 3e65c3f
test: add reauth test
durran 0af4f95
test: debug tests
durran 31a0b37
test: update cache getter
durran 2b0bf48
test: get token audience from props
durran a15ad09
chore: debug
durran 38b5d7b
test: update uris
durran 0409aa8
test: updatescript
durran 2e28cca
fix: token audience property
durran 339ec68
test: parse tokens
durran 722a814
test: fix logic
durran c71adf1
test: more debug
durran de3d9f0
test: move validation
durran 29288c6
test: await fail point
durran fb316d7
test: monitor commands
durran 25ec3da
chore: remove console logging
durran a32bd39
test: fix script
durran fce0ccd
test: fix unit test
durran d160ac5
fix: more mech properties type safety
durran 95e17e7
test: use drivers tools master
durran 0b4e3b6
test: update per suggestions
durran 506e6b6
test: fix prose test
durran 29ed901
test: fix ubuntu distro
durran 23be573
test: run correct script
durran 236a64c
test: use auth dir
durran 384eaa1
test: use subprocess
durran 0064fdd
chore: update comment
durran d901e52
fix: lint
durran File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
set -o xtrace # Write all commands first to stderr | ||
set -o errexit # Exit the script with error if any of the commands fail | ||
|
||
export AZUREOIDC_DRIVERS_TAR_FILE=/tmp/node-mongodb-native.tgz | ||
tar czf $AZUREOIDC_DRIVERS_TAR_FILE . | ||
export AZUREOIDC_TEST_CMD="source ./env.sh && PROVIDER_NAME=azure ./.evergreen/run-oidc-tests.sh" | ||
export AZUREOIDC_CLIENTID=$AZUREOIDC_CLIENTID | ||
export PROJECT_DIRECTORY=$PROJECT_DIRECTORY | ||
export PROVIDER_NAME=$PROVIDER_NAME | ||
bash $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/run-driver-test.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
import * as crypto from 'crypto'; | ||
import * as http from 'http'; | ||
import * as url from 'url'; | ||
import { promisify } from 'util'; | ||
|
||
import type { Binary, BSONSerializeOptions } from '../../bson'; | ||
|
@@ -12,7 +10,7 @@ import { | |
MongoMissingCredentialsError, | ||
MongoRuntimeError | ||
} from '../../error'; | ||
import { ByteUtils, maxWireVersion, ns } from '../../utils'; | ||
import { ByteUtils, maxWireVersion, ns, request } from '../../utils'; | ||
import { type AuthContext, AuthProvider } from './auth_provider'; | ||
import { MongoCredentials } from './mongo_credentials'; | ||
import { AuthMechanism } from './providers'; | ||
|
@@ -253,61 +251,3 @@ function deriveRegion(host: string) { | |
|
||
return parts[1]; | ||
} | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Moving this all out of the AWS module into utils as Azure will reuse this as well as GCP. |
||
interface RequestOptions { | ||
json?: boolean; | ||
method?: string; | ||
timeout?: number; | ||
headers?: http.OutgoingHttpHeaders; | ||
} | ||
|
||
async function request(uri: string): Promise<Record<string, any>>; | ||
async function request( | ||
uri: string, | ||
options?: { json?: true } & RequestOptions | ||
): Promise<Record<string, any>>; | ||
async function request(uri: string, options?: { json: false } & RequestOptions): Promise<string>; | ||
async function request( | ||
uri: string, | ||
options: RequestOptions = {} | ||
): Promise<string | Record<string, any>> { | ||
return new Promise<string | Record<string, any>>((resolve, reject) => { | ||
const requestOptions = { | ||
method: 'GET', | ||
timeout: 10000, | ||
json: true, | ||
...url.parse(uri), | ||
...options | ||
}; | ||
|
||
const req = http.request(requestOptions, res => { | ||
res.setEncoding('utf8'); | ||
|
||
let data = ''; | ||
res.on('data', d => { | ||
data += d; | ||
}); | ||
|
||
res.once('end', () => { | ||
if (options.json === false) { | ||
resolve(data); | ||
return; | ||
} | ||
|
||
try { | ||
const parsed = JSON.parse(data); | ||
resolve(parsed); | ||
} catch { | ||
// TODO(NODE-3483) | ||
reject(new MongoRuntimeError(`Invalid JSON response: "${data}"`)); | ||
} | ||
}); | ||
}); | ||
|
||
req.once('timeout', () => | ||
req.destroy(new MongoAWSError(`AWS request to ${uri} timed out after ${options.timeout} ms`)) | ||
); | ||
req.once('error', error => reject(error)); | ||
req.end(); | ||
}); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Azure needs to run its prose tests in a separate environment so they are split out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the GCP/Azure KMS, the tests live in the integration folder but only run on the specialized hosts/environment due to beforeEach skipping. It seems like we're approaching the specialized environment stuff in different ways, I don't feel strongly but should we do away with the
manual/
dir (for this work) in favor of encoding things into mocha?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've moved to test/integration/auth and put the skip logic in now.