Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GODRIVER-2911: Add machine flow OIDC authentication #1678

Merged
merged 67 commits into from
Jul 15, 2024
Merged
Show file tree
Hide file tree
Changes from 61 commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
a47681f
GODRIVER-2911: Initial attempted to untie the Gordian not, this will …
pmeredit Jun 11, 2024
279635a
GODRIVER-2911: We're going to have to go this way and implement some …
pmeredit Jun 12, 2024
9170d50
GODRIVER-2911: Ok, not great, but this will work
pmeredit Jun 12, 2024
590662d
GODRIVER-2911: Renaming oidc sasl
pmeredit Jun 12, 2024
171204c
GODRIVER-2911: Implement Operation based private sasl conversation fo…
pmeredit Jun 12, 2024
dbc5699
GODRIVER-2911: Privitize all the oidc sasl api, move AuthConfig up so…
pmeredit Jun 12, 2024
ff73302
GODRIVER-2911: Move things as necessary for authentication registration
pmeredit Jun 12, 2024
0db7c3e
GODRIVER-2911: Let's use a bit better naming
pmeredit Jun 12, 2024
be99139
GODRIVER-2911: Add Reauth to Authenticators
pmeredit Jun 12, 2024
f400d18
GODRIVER-2911: Check point
pmeredit Jun 12, 2024
eed3dd5
GODRIVER-2911: Initial plumbing, the Client Authenticator is going to…
pmeredit Jun 13, 2024
2ee93cc
GODRIVER-2911: Set authenticator in topology
pmeredit Jun 13, 2024
f6def8d
GODRIVER-2911: Set authenticator from Command to Operation
pmeredit Jun 13, 2024
bd5c9f2
GODRIVER-2911: Remove authenticator so we can readd it programmatically
pmeredit Jun 13, 2024
36ba008
GODRIVER-2911: Remove authenticator so we can readd it programmatically
pmeredit Jun 13, 2024
a2a4029
GODRIVER-2911: Remove authenticator so we can readd it programatically
pmeredit Jun 13, 2024
d2c75f1
GODRIVER-2911: Add all that authenticator plumbing programmatically s…
pmeredit Jun 13, 2024
4070d06
GODRIVER-2911: Thread through Authenticator
pmeredit Jun 13, 2024
4a44090
GODRIVER-2911: Move OIDC back to auth package, yay
pmeredit Jun 14, 2024
4ea9b9c
GODRIVER-2911: Move Config = AuthConfig to top of the file
pmeredit Jun 14, 2024
2b5cde6
GODRIVER-2911: Update comment
pmeredit Jun 14, 2024
368cedd
GODRIVER-2911: Some implementation
pmeredit Jun 14, 2024
e00e057
GODRIVER-2911: Add OIDCTokenGenID to Connection interface
pmeredit Jun 14, 2024
1666c6c
GODRIVER-2911: Add OIDCTokenGenID to Connection interface for types i…
pmeredit Jun 14, 2024
d90ee3f
GODRIVER-2911: Actually add the oidc file, whoops
pmeredit Jun 14, 2024
19ed261
GODRIVER-2911: Fix nil pointer error
pmeredit Jun 14, 2024
4112208
GODRIVER-2911: Fix fmt
pmeredit Jun 14, 2024
03c4c08
GODRIVER-2911: Fix build failure
pmeredit Jun 14, 2024
dac0468
GODRIVER-2911: well, that was silly
pmeredit Jun 14, 2024
651af66
GODRIVER-2911: Add licenses and fix comment
pmeredit Jun 14, 2024
6b16e91
GODRIVER-2911: Fix receiver names and remove authenticator field from…
pmeredit Jun 14, 2024
26412ae
GODRIVER-2911: Fix many lints. Linter not running for me locally
pmeredit Jun 14, 2024
98e8cbe
GODRIVER-2911: Fix lints
pmeredit Jun 15, 2024
78fa217
GODRIVER-2911: Fix spelling error
pmeredit Jun 15, 2024
46fa6f3
GODRIVER-2911: Testing checkpoint
pmeredit Jun 18, 2024
c6d23de
GODRIVER-2911: Fix config, fix spec auth
pmeredit Jun 18, 2024
c137399
GODRIVER-2911: Checkpoint
pmeredit Jun 19, 2024
1be9498
GODRIVER-2911: OIDC working
pmeredit Jun 19, 2024
8542f76
GODRIVER-2911: add machine_1_2
pmeredit Jun 19, 2024
286525f
GODRIVER-2911: add machine_1_2, actually helps to call it
pmeredit Jun 19, 2024
4013ccb
GODRIVER-2911: Remove unneeded debugging
pmeredit Jun 19, 2024
83ffaa7
GODRIVER-2911: Add more tests
pmeredit Jun 20, 2024
f33dca7
GODRIVER-2911: Updates
pmeredit Jun 20, 2024
3c00307
GODRIVER-2911: Change to using errors
pmeredit Jun 20, 2024
590a3c8
GODRIVER-2911: Add more tests that do not require fail points
pmeredit Jun 20, 2024
e88ebe7
GODRIVER-2911: See if it fails with 10 tries
pmeredit Jun 20, 2024
58f0f42
GODRIVER-2911: Not sure how to get fail points working
pmeredit Jun 20, 2024
1be1e13
GODRIVER-2911: Appease linter
pmeredit Jun 20, 2024
6e1fd3a
GODRIVER-2911: Appease linter
pmeredit Jun 20, 2024
640907d
GODRIVER-2911: Change 3_3 to use fail on find, add 4_1
pmeredit Jun 21, 2024
4d30705
GODRIVER-2911: Manually create fail points
pmeredit Jun 23, 2024
9dd40c9
GODRIVER-2911: This is working except 3_3 seems to be hanging
pmeredit Jun 23, 2024
b343ebb
GODRIVER-2911: Tests all passing
pmeredit Jun 23, 2024
5240a91
GODRIVER-2911: Appease linter
pmeredit Jun 23, 2024
0cdd7a2
GODRIVER-2911: Remove test func that is unneeded
pmeredit Jun 23, 2024
4613c5f
Update x/mongo/driver/auth/oidc.go
pmeredit Jun 26, 2024
40998b6
SQL-1937: Remove spurious authenticators, move mutex
pmeredit Jun 26, 2024
2d09cc5
SQL-1937: Change Reauth interface
pmeredit Jun 26, 2024
d45c7e4
Update Makefile
pmeredit Jul 1, 2024
ae9c34f
GODRIVER-2911: Apply httpclient patch
pmeredit Jul 1, 2024
1d86914
GODRIVER-2911: Fix races
pmeredit Jul 1, 2024
30ed4c4
GODRIVER-2911: Back out changes to sasl, add comment, remove Println …
pmeredit Jul 2, 2024
519205c
GODRIVER-2911: Move public OIDC configuration types into public, non-…
pmeredit Jul 2, 2024
5f0c68d
GODRIVER-2911: Improve comment
pmeredit Jul 2, 2024
6a3af5a
GODRIVER-2911: Update script comment
pmeredit Jul 3, 2024
7340ddd
GODRIVER-2911: Use conversion functions instead of type redeclarations
pmeredit Jul 4, 2024
74ebc8d
Merge branch 'v1' into GODRIVER-2911
matthewdale Jul 13, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .evergreen/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,23 @@ functions:
chmod +x $i
done

assume-ec2-role:
- command: ec2.assume_role
params:
role_arn: ${aws_test_secrets_role}

run-oidc-auth-test-with-test-credentials:
- command: shell.exec
type: test
params:
working_dir: src/go.mongodb.org/mongo-driver
shell: bash
include_expansions_in_env: ["DRIVERS_TOOLS", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
script: |
${PREPARE_SHELL}
export OIDC="oidc"
bash ${PROJECT_DIRECTORY}/etc/run-oidc-test.sh

run-make:
- command: shell.exec
type: test
Expand Down Expand Up @@ -1954,6 +1971,10 @@ tasks:
popd
./.evergreen/run-deployed-lambda-aws-tests.sh

- name: "oidc-auth-test-latest"
commands:
- func: "run-oidc-auth-test-with-test-credentials"

- name: "test-search-index"
commands:
- func: "bootstrap-mongo-orchestration"
Expand Down Expand Up @@ -2247,6 +2268,31 @@ task_groups:
tasks:
- testazurekms-task

- name: testoidc_task_group
setup_group:
- func: fetch-source
- func: prepare-resources
- func: fix-absolute-paths
- func: make-files-executable
- func: assume-ec2-role
- command: shell.exec
params:
shell: bash
include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
script: |
${PREPARE_SHELL}
${DRIVERS_TOOLS}/.evergreen/auth_oidc/setup.sh
teardown_task:
- command: subprocess.exec
params:
binary: bash
args:
- ${DRIVERS_TOOLS}/.evergreen/auth_oidc/teardown.sh
setup_group_can_fail_task: true
setup_group_timeout_secs: 1800
tasks:
- oidc-auth-test-latest

- name: test-aws-lambda-task-group
setup_group:
- func: fetch-source
Expand Down Expand Up @@ -2561,3 +2607,13 @@ buildvariants:
- name: testazurekms_task_group
batchtime: 20160 # Use a batchtime of 14 days as suggested by the CSFLE test README
- testazurekms-fail-task

- name: testoidc-variant
display_name: "OIDC"
run_on:
- ubuntu2204-large
expansions:
GO_DIST: "/opt/golang/go1.20"
tasks:
- name: testoidc_task_group
batchtime: 20160 # Use a batchtime of 14 days as suggested by the CSFLE test README
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,11 @@ evg-test-atlas-data-lake:
evg-test-enterprise-auth:
go run -tags gssapi ./cmd/testentauth/main.go

.PHONY: evg-test-oidc-auth
evg-test-oidc-auth:
go run ./cmd/testoidcauth/main.go
pmeredit marked this conversation as resolved.
Show resolved Hide resolved
go run -race ./cmd/testoidcauth/main.go

.PHONY: evg-test-kmip
evg-test-kmip:
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionSpec/kmipKMS >> test.suite
Expand Down
Loading