Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2425

Ensure AWS EC2 Credential Test is Running Properly

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Authentication
    • None
    • Needed
    • Hide

      Several of the drivers are using the pattern of creating a prepare_mongodb_aws.sh file and sourcing as part of their AWS Evergreen tests. For the case of testing against EC2 credentials, several of the drivers are not writing this file as part of the task, but the file exists on disk from a previous task run on the same job. The task is therefore run using the contents of prepare_mongodb_aws.sh , which could contain AWS auth environment variables, preventing the driver from fetching the credentials using the AWS end point. The file should be overwritten or removed during the EC2 credential test.

      See https://github.com/mongodb/mongo-python-driver/commit/0f135a157e2fa6ae66d4091186bdf0c40113ef77 for an example fix.

      Show
      Several of the drivers are using the pattern of creating a prepare_mongodb_aws.sh file and sourcing as part of their AWS Evergreen tests. For the case of testing against EC2 credentials, several of the drivers are not writing this file as part of the task, but the file exists on disk from a previous task run on the same job. The task is therefore run using the contents of prepare_mongodb_aws.sh , which could contain AWS auth environment variables, preventing the driver from fetching the credentials using the AWS end point. The file should be overwritten or removed during the EC2 credential test. See https://github.com/mongodb/mongo-python-driver/commit/0f135a157e2fa6ae66d4091186bdf0c40113ef77 for an example fix.
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-4461 Works as Designed
      CXX-2569 Works as Designed
      CSHARP-4302 Works as Designed
      GODRIVER-2534 Done
      JAVA-4714 Fixed 4.8.0
      NODE-4585 Fixed 4.10.0
      MOTOR-1022 Duplicate
      PYTHON-3413 Fixed 4.3
      PHPLIB-941 Backlog
      RUBY-3094 Works as Designed
      RUST-1456 Fixed 2.4.0
      SWIFT-1628 Duplicate
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-4461 Works as Designed CXX-2569 Works as Designed CSHARP-4302 Works as Designed GODRIVER-2534 Done JAVA-4714 Fixed 4.8.0 NODE-4585 Fixed 4.10.0 MOTOR-1022 Duplicate PYTHON-3413 Fixed 4.3 PHPLIB-941 Backlog RUBY-3094 Works as Designed RUST-1456 Fixed 2.4.0 SWIFT-1628 Duplicate

      Summary

      What is the problem or use case, what are we trying to achieve?
      Several of the drivers are using the pattern of creating a prepare_mongodb_aws.sh file and sourcing as part of their AWS Evergreen tests. For the case of testing against EC2 credentials, several of the drivers are not writing this file as part of the task, but the file exists on disk from a previous task run on the same job. The task is therefore run using the contents of prepare_mongodb_aws.sh , which could contain AWS auth environment variables, preventing the driver from fetching the credentials using the AWS end point. The file should be overwritten or removed during the EC2 credential test.

      See https://github.com/mongodb/mongo-python-driver/commit/0f135a157e2fa6ae66d4091186bdf0c40113ef77 for an example fix.

      Motivation

      Who is the affected end user?

      Who are the stakeholders?
      The driver is not protected from regressions in the EC2 credential fetch behavior.

      How does this affect the end user?

      Are they blocked? Are they annoyed? Are they confused?
      The end user is not currently affected, else we would have had associated bug tickets.

      How likely is it that this problem or use case will occur?

      Main path? Edge case?
      The code used to fetch EC2 credentials is not likely to change or regress over time.

      If the problem does occur, what are the consequences and how severe are they?

      _Minor annoyance at a log message? Performance concern? Outage/unavailability?
      Failover can't complete?_
      The driver would not be able to authenticate the user on EC2 as expected.

      Is this issue urgent?

      Does this ticket have a required timeline? What is it?
      It is not urgent.

      Is this ticket required by a downstream team?

      Needed by e.g. Atlas, Shell, Compass?
      None

      Is this ticket only for tests?

      Does this ticket have any functional impact, or is it just test improvements?
      It is only for tests.

            Assignee:
            steve.silvester@mongodb.com Steve Silvester
            Reporter:
            steve.silvester@mongodb.com Steve Silvester
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: