diff --git a/.evergreen/config.yml b/.evergreen/config.yml index b328d471eb..3056c9bcf1 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1804,7 +1804,7 @@ tasks: - name: "testgcpkms-task" commands: - command: shell.exec - type: setup + type: test params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver @@ -1893,7 +1893,7 @@ tasks: - name: "testazurekms-task" commands: - command: shell.exec - type: setup + type: test params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver @@ -1964,6 +1964,7 @@ tasks: role_arn: ${LAMBDA_AWS_ROLE_ARN} duration_seconds: 3600 - command: shell.exec + type: test params: working_dir: src/go.mongodb.org/mongo-driver shell: bash @@ -1986,6 +1987,7 @@ tasks: - name: "oidc-auth-test-azure" commands: - command: shell.exec + type: test params: working_dir: src/go.mongodb.org/mongo-driver shell: bash @@ -2011,6 +2013,7 @@ tasks: - name: "oidc-auth-test-gcp" commands: - command: shell.exec + type: test params: working_dir: src/go.mongodb.org/mongo-driver shell: bash @@ -2735,7 +2738,7 @@ buildvariants: - name: testoidc-variant display_name: "OIDC" run_on: - - ubuntu2204-large + - ubuntu2204-small expansions: GO_DIST: "/opt/golang/go1.22" tasks: diff --git a/mongo/options/clientoptions_test.go b/mongo/options/clientoptions_test.go index ac94637323..f85a112336 100644 --- a/mongo/options/clientoptions_test.go +++ b/mongo/options/clientoptions_test.go @@ -589,7 +589,7 @@ func TestClientOptions(t *testing.T) { }, }, { - "tmp", + "oidc azure", "mongodb://example.com/?authMechanism=MONGODB-OIDC&authMechanismProperties=TOKEN_RESOURCE:mongodb://test-cluster,ENVIRONMENT:azureManagedIdentities", &ClientOptions{ Hosts: []string{"example.com"}, @@ -600,6 +600,18 @@ func TestClientOptions(t *testing.T) { HTTPClient: httputil.DefaultHTTPClient, }, }, + { + "oidc gcp", + "mongodb://test.mongodb.net/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:mongodb://test-cluster", + &ClientOptions{ + Hosts: []string{"test.mongodb.net"}, + Auth: &Credential{AuthMechanism: "MONGODB-OIDC", AuthSource: "$external", AuthMechanismProperties: map[string]string{ + "ENVIRONMENT": "gcp", + "TOKEN_RESOURCE": "mongodb://test-cluster"}}, + err: nil, + HTTPClient: httputil.DefaultHTTPClient, + }, + }, { "comma in key:value pair causes error", "mongodb://example.com/?authMechanismProperties=TOKEN_RESOURCE:mongodb://host1%2Chost2", diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index fd69eb4904..67af28fa77 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -297,6 +297,10 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { } fallthrough case "mongodb-aws", "mongodb-x509", "mongodb-oidc": + // dns.LookupTXT will get "authSource=admin" from Atlas hosts. + if u.AuthSource == "admin" { + u.AuthSource = "$external" + } if u.AuthSource == "" { u.AuthSource = "$external" } else if u.AuthSource != "$external" { diff --git a/x/mongo/driver/connstring/connstring_test.go b/x/mongo/driver/connstring/connstring_test.go index 84c8ff1d45..1f5c692d1a 100644 --- a/x/mongo/driver/connstring/connstring_test.go +++ b/x/mongo/driver/connstring/connstring_test.go @@ -90,6 +90,28 @@ func TestAuthSource(t *testing.T) { } }) } + + tests = []struct { + s string + expected string + err bool + }{ + {s: "authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:mongodb://test-cluster", expected: "$external"}, + } + + for _, test := range tests { + s := fmt.Sprintf("mongodb://test.mongodb.net/?authMechanism=MONGODB-OIDC&/%s", test.s) + t.Run(s, func(t *testing.T) { + cs, err := connstring.ParseAndValidate(s) + if test.err { + require.Error(t, err) + } else { + require.NoError(t, err) + require.Equal(t, test.expected, cs.AuthSource) + } + }) + } + } func TestConnect(t *testing.T) {