DRIVERS-2882 Add scripts to test AKS (#453)

mongodb-labs · Jul 1, 2024 · ced6c71 · ced6c71
1 parent 4483bcc
commit ced6c71
Show file tree

Hide file tree

Showing 33 changed files with 595 additions and 73 deletions.
diff --git a/.evergreen/auth_oidc/azure/create-and-setup-vm.sh b/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
@@ -31,19 +31,6 @@ export AZUREKMS_TENANTID=$AZUREOIDC_TENANTID
 export AZUREKMS_SECRET=$AZUREOIDC_SECRET
 export AZUREKMS_CLIENTID=$AZUREOIDC_APPID
 
-# Check for Azure Command-Line Interface (`az`) version 2.25.0 or newer.
-if ! command -v az &> /dev/null; then
-    echo "az not detected. See https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/azurekms/README.md for supported distros"
-    exit 1
-fi
-EXPECTED_VERSION_NEWER="2.25.0"
-ACTUAL_VERSION="$(az version -o tsv | awk '{print $1}')"
-if [[ "$(printf "$ACTUAL_VERSION\n$EXPECTED_VERSION_NEWER\n" | sort -rV | head -n 1)" != "$ACTUAL_VERSION" ]]; then
-    # az is not new enough.
-    echo "Detected az version $ACTUAL_VERSION but need version >= 2.25.0. See https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/csfle/azurekms/README.md for supported distros"
-    exit 1
-fi
-
 # Login.
 "$DRIVERS_TOOLS"/.evergreen/csfle/azurekms/login.sh
 

diff --git a/.evergreen/auth_oidc/k8s/README.md b/.evergreen/auth_oidc/k8s/README.md
@@ -0,0 +1,9 @@
+## OIDC on K8S
+
+- Launch an Atlas cluster
+- Wait for the Atlas cluster
+- Setup a pod and self-test
+- Teardown pod
+- Run test on pod
+
+- Repeat pod steps for other variants if desired
diff --git a/.evergreen/auth_oidc/k8s/remote-scripts/run-self-test.sh b/.evergreen/auth_oidc/k8s/remote-scripts/run-self-test.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -eux
+
+echo "Installing dependencies ... begin"
+git clone https://github.com/mongodb/mongo-python-driver
+pushd mongo-python-driver
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -U -q pip
+pip install .
+popd
+echo "Installing dependencies ... end"
+
+# Run the Python Driver Self Test
+cd /tmp
+source secrets-export.sh
+python test.py
diff --git a/.evergreen/auth_oidc/k8s/remote-scripts/test.py b/.evergreen/auth_oidc/k8s/remote-scripts/test.py
@@ -0,0 +1,23 @@
+from pymongo import MongoClient
+import os
+from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
+
+atlas_uri = os.environ["MONGODB_URI"]
+
+class MyCallback(OIDCCallback):
+    def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
+        fname = '/var/run/secrets/kubernetes.io/serviceaccount/token'
+        for key in ['AZURE_FEDERATED_TOKEN_FILE', 'AWS_WEB_IDENTITY_TOKEN_FILE']:
+            if key in os.environ:
+                fname = os.environ[key]
+        with open(fname) as fid:
+            token = fid.read()
+        return OIDCCallbackResult(access_token=token)
+
+props = dict(OIDC_CALLBACK=MyCallback())
+print('Testing MONGODB-OIDC on k8s...')
+c = MongoClient(f'{atlas_uri}/?authMechanism=MONGODB-OIDC', authMechanismProperties=props)
+c.test.test.insert_one({})
+c.close()
+print('Testing MONGODB-OIDC on k8s... done.')
+print('Self test complete!')
diff --git a/.evergreen/auth_oidc/k8s/run-driver-test.sh b/.evergreen/auth_oidc/k8s/run-driver-test.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -o errexit
+set -o pipefail
+set -o nounset
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
+. $SCRIPT_DIR/../../handle-paths.sh
+pushd $SCRIPT_DIR
+
+VARLIST=(
+K8S_DRIVERS_TAR_FILE
+K8S_VARIANT
+K8S_TEST_CMD
+)
+
+# Ensure that all variables required to run the test are set, otherwise throw
+# an error.
+for VARNAME in ${VARLIST[*]}; do
+[[ -z "${!VARNAME:-}" ]] && echo "ERROR: $VARNAME not set" && exit 1;
+done
+
+# Read in the secrets.
+VARIANT=$(echo "$K8S_VARIANT" | tr '[:upper:]' '[:lower:]')
+source ./../../k8s/$VARIANT/secrets-export.sh
+
+# Extract the tar file to the /tmp/test directory.
+bash ./../../ensure-binary.sh kubectl
+kubectl exec ${K8S_POD_NAME} -- bash -c "rm -rf /tmp/test && mkdir /tmp/test"
+tar cf - ${K8S_DRIVERS_TAR_FILE} | kubectl exec -i ${K8S_POD_NAME} -- /bin/sh -c 'tar xf - -C /tmp/test'
+
+# Run the command.
+kubectl exec ${K8S_POD_NAME} -- bash -c "cd /tmp/test && ${K8S_TEST_CMD}"
+
+popd
diff --git a/.evergreen/auth_oidc/k8s/setup-pod.sh b/.evergreen/auth_oidc/k8s/setup-pod.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -o errexit  # Exit the script with error if any of the commands fail
+set -x
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
+. $SCRIPT_DIR/../../handle-paths.sh
+pushd $SCRIPT_DIR
+
+VARIANT=$1
+if [ -z "$VARIANT" ]; then
+    echo "Must supply a variant as the first argument!"
+    exit 1
+fi
+
+echo "Setting up the $VARIANT pod..."
+bash ./../../k8s/$VARIANT/setup.sh
+
+echo "Copying the test files to the pod..."
+source ./../../k8s/$VARIANT/secrets-export.sh
+bash ./../../ensure-binary.sh kubectl
+kubectl cp ./remote-scripts/run-self-test.sh ${K8S_POD_NAME}:/tmp/run-self-test.sh
+kubectl cp ./remote-scripts/test.py ${K8S_POD_NAME}:/tmp/test.py
+kubectl cp ./secrets-export.sh ${K8S_POD_NAME}:/tmp/secrets-export.sh
+
+echo "Running the self test on the pod..."
+kubectl exec ${K8S_POD_NAME} -- bash /tmp/run-self-test.sh
+
+popd
diff --git a/.evergreen/auth_oidc/k8s/setup-secrets.sh b/.evergreen/auth_oidc/k8s/setup-secrets.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -o errexit  # Exit the script with error if any of the commands fail
+set -x
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
+. $SCRIPT_DIR/../../handle-paths.sh
+pushd $SCRIPT_DIR
+. ../../secrets_handling/setup-secrets.sh drivers/oidck8s
+popd
diff --git a/.evergreen/auth_oidc/k8s/setup.sh b/.evergreen/auth_oidc/k8s/setup.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+set -o errexit
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
+. $SCRIPT_DIR/../../handle-paths.sh
+pushd $SCRIPT_DIR
+
+# Handle secrets from vault.
+rm -f secrets-export.sh
+. ./setup-secrets.sh
+
+VARIANT=${VARIANT:-"aks"}
+VARIANT=$(echo "$VARIANT" | tr '[:upper:]' '[:lower:]')
+
+########################
+# Start an Atlas Cluster
+
+# Get the utility functions
+. ../../atlas/atlas-utils.sh
+
+# Generate a random cluster name.
+# See: https://docs.atlas.mongodb.com/reference/atlas-limits/#label-limits
+DEPLOYMENT_NAME="$RANDOM-DRIVER-K8S"
+echo "export CLUSTER_NAME=$DEPLOYMENT_NAME" >> "secrets-export.sh"
+
+# Set the create cluster configuration.
+export DEPLOYMENT_DATA=$(cat <<EOF
+{
+  "autoScaling" : {
+    "autoIndexingEnabled" : false,
+    "compute" : {
+      "enabled" : true,
+      "scaleDownEnabled" : true
+    },
+    "diskGBEnabled" : true
+  },
+  "backupEnabled" : false,
+  "biConnector" : {
+    "enabled" : false,
+    "readPreference" : "secondary"
+  },
+  "clusterType" : "REPLICASET",
+  "diskSizeGB" : 10.0,
+  "encryptionAtRestProvider" : "NONE",
+  "mongoDBMajorVersion" : "7.0",
+  "name" : "${DEPLOYMENT_NAME}",
+  "numShards" : 1,
+  "paused" : false,
+  "pitEnabled" : false,
+  "providerBackupEnabled" : false,
+  "providerSettings" : {
+    "providerName" : "AWS",
+    "autoScaling" : {
+      "compute" : {
+        "maxInstanceSize" : "M20",
+        "minInstanceSize" : "M10"
+      }
+    },
+    "diskIOPS" : 3000,
+    "encryptEBSVolume" : true,
+    "instanceSizeName" : "M10",
+    "regionName" : "US_EAST_1",
+    "volumeType" : "STANDARD"
+  },
+  "replicationFactor" : 3,
+  "rootCertType" : "ISRGROOTX1",
+  "terminationProtectionEnabled" : false,
+  "versionReleaseSystem" : "LTS"
+}
+EOF
+)
+
+export ATLAS_PUBLIC_API_KEY=$OIDC_ATLAS_PUBLIC_API_KEY
+export ATLAS_PRIVATE_API_KEY=$OIDC_ATLAS_PRIVATE_API_KEY
+export ATLAS_GROUP_ID=$OIDC_ATLAS_GROUP_ID
+
+create_deployment
+
+########################
+# Wait for the Atlas Cluster
+URI=$(check_deployment)
+
+cat <<EOF >> "secrets-export.sh"
+export MONGODB_URI="$URI"
+export MONGODB_URI_SINGLE="$URI/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s"
+export OIDC_ADMIN_USER=$OIDC_ATLAS_USER
+export OIDC_ADMIN_PWD=$OIDC_ATLAS_PASSWORD
+export K8S_VARIANT=$VARIANT
+EOF
+
+########################
+# Set up the pod.
+bash ./setup-pod.sh $VARIANT
+
+popd
diff --git a/.evergreen/auth_oidc/k8s/teardown.sh b/.evergreen/auth_oidc/k8s/teardown.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -eu
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
+. $SCRIPT_DIR/../../handle-paths.sh
+pushd $SCRIPT_DIR
+
+# Source the secrets.
+source ./secrets-export.sh
+
+# Tear down the Atlas Cluster
+export DRIVERS_ATLAS_PUBLIC_API_KEY=$OIDC_ATLAS_PUBLIC_API_KEY
+export DRIVERS_ATLAS_PRIVATE_API_KEY=$OIDC_ATLAS_PRIVATE_API_KEY
+export DRIVERS_ATLAS_GROUP_ID=$OIDC_ATLAS_GROUP_ID
+bash ../../atlas/teardown-atlas-cluster.sh
+
+# Tear down the pod
+K8S_VARIANT=${K8S_VARIANT:-aks}
+bash ../../k8s/$K8S_VARIANT/teardown.sh
+
+popd
diff --git a/.evergreen/check-connection.sh b/.evergreen/check-connection.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-set -eu
+set -eux
 
 SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
 . $SCRIPT_DIR/handle-paths.sh
@@ -9,4 +9,5 @@ if [ ! -f "${MONGODB_BINARIES}/mongosh" ]; then
     bash -c "source ${DRIVERS_TOOLS}/.evergreen/download-mongodb.sh && download_and_extract_mongosh"
 fi
 
-${MONGODB_BINARIES}/mongosh "${MONGODB_URI}" --eval "db.runCommand({\"ping\":1})" --&serverSelectionTimeoutMS=10000
+MONGODB_URI=${MONGODB_URI:-"mongodb://127.0.0.1:27017/?serverSelectionTimeoutMS=10000"}
+${MONGODB_BINARIES}/mongosh "${MONGODB_URI}" --eval "db.runCommand({\"ping\":1})"