Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-77908

Implement Tests for OIDC Machine Flows in Google Cloud

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security
    • v7.0
    • Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-01-22, Security 2024-02-05, Security 2024-02-19

    Description

      This ticket will create simple integration test for an GCP machine flow, where the OIDC access and refresh token are obtained via some kind of local machine metadata URI

      To achieve this, we will need to do some orchestration of GCP VMs from our evergreen instances running in AWS. A starting point for what this kind of thing looks like is the AWS IAM external auth jstests (https://github.com/10gen/mongo-enterprise-modules/tree/master/jstests/external_auth_aws): these use the AWS python API to construct a temporary container instance in AWS Fargate, deploy test code to this, run the tests on the remote container instance while getting access to a local machine-specific token, and then clean up this newly-created infrastructure.

      We will want to essentially port this approach to GCP.

      Attachments

        Activity

          People

            varun.ravichandran@mongodb.com Varun Ravichandran
            adam.rayner@mongodb.com Adam Rayner
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: