[CDRIVER-4081] Add native support for AWS IAM Roles for service accounts, EKS in particular Created: 15/Jul/21  Updated: 28/Oct/23  Resolved: 14/Mar/23

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.24.0

Type: New Feature Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by PHPC-1895 Add native support for AWS IAM Roles ... Closed
Issue split
split from DRIVERS-1746 Add native support for AWS IAM Roles ... Closed
Quarter: FY23Q3, FY24Q1
Upstream Changes Summary:

DRIVERS-1746:
Summary of required changes

  • Add support for AssumeRoleWithWebIdentity in AWS Auth
  • Add integration tests to verify usage
  • Use the credentials found in this document

Additional background

Please see https://github.com/mongodb/specifications/commit/bc4257fed21186ba9b53e2c0b7e92482da196882 for the specification change and https://github.com/mongodb/specifications/commit/cdd93a4c7639014c8837d34a3e26e408d7b14d5b for a clarification.

Please see https://github.com/mongodb/mongo-csharp-driver/commit/daa88998837aace9296b7c1f599c901f3cdac86f for a reference implementation in C#.

Integration test

Drivers are expected to add an integration test as described in the specification change


 Description   

DRIVERS Ticket Description
Script Target - If you can read this text, the script has failed


 Comments   
Comment by Githook User [ 14/Mar/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4081 Add support for `AssumeRoleWithWebIdentity` in AWS Auth (#1211)

  • ignore NULL for `bson_string_free`

Follows pattern of other destroy / free functions in libbson and libmongoc

  • add use_tls option to _send_http_request
  • add `_obtain_creds_from_assumerolewithwebidentity`

rename expiration_to_timer to expiration_iso8601_to_timer

  • fix length in `_mongoc_http_send`

`datalen` is capacity of the buffer.

  • fix size arg in `bin_to_hex` utility

The size argument includes the NULL byte

  • test in Evergreen
  • format util.h
  • move `hex_to_bin` and `bin_to_hex` to mongoc-util-private.h
  • test `bin_to_hex` and `hex_to_bin`
  • lowercase variable names
  • revise comment for null terminator
  • break long line at ampersand
  • add spaces between test cases
Generated at Wed Feb 07 21:19:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.