-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Unknown
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
Ruby Drivers
-
None
-
None
-
None
-
None
-
None
-
None
Replace Evergreen project variables used for Kerberos testing with AWS Secrets Manager via drivers-evergreen-tools.
Scope
Replace the "export Kerberos credentials" function in .evergreen/config/common.yml.erb (currently writes 8 variables to .env.private) with a subprocess.exec call to ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_auth.
Update credential sourcing in the Kerberos test scripts to read from ${DRIVERS_TOOLS}/.evergreen/secrets_handling/secrets-export.sh instead of .env.private.
Files to change
- .evergreen/config/common.yml.erb — replace "export Kerberos credentials" function body
- .evergreen/config.yml — regenerate from ERB template
- .evergreen/functions-kerberos.sh — source secrets_handling/secrets-export.sh in configure_for_external_kerberos(); keep .env.private fallback for local development
Evergreen project variables eliminated (8)
sasl_host, sasl_port, sasl_user, sasl_pass, sasl_db, principal, kerberos_db, keytab_base64
Open question before starting
Confirm that the drivers/enterprise_auth vault key names, when uppercased by setup_secrets.py, match what functions-kerberos.sh expects. Compare against the Python driver's Kerberos setup in scripts/setup_tests.py.
Test plan
Run a CI patch with the Kerberos integration build variant.
- is fixed by
-
RUBY-3311 Use AWS Secrets Manager for Evergreen Test Secrets
-
- Backlog
-