[DRIVERS-2425] Ensure AWS EC2 Credential Test is Running Properly Created: 25/Aug/22  Updated: 31/Aug/22

Status: Implementing
Project: Drivers
Component/s: Authentication
Fix Version/s: None

Type: Task Priority: Unknown
Reporter: Steve Silvester Assignee: Steve Silvester
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Issue split
split to CXX-2569 Ensure AWS EC2 Credential Test is Run... Backlog
split to PHPLIB-941 Ensure AWS EC2 Credential Test is Run... Backlog
split to JAVA-4714 Ensure AWS EC2 Credential Test is Run... Closed
split to CDRIVER-4461 Ensure AWS EC2 Credential Test is Run... Closed
split to CSHARP-4302 Ensure AWS EC2 Credential Test is Run... Closed
split to GODRIVER-2534 Ensure AWS EC2 Credential Test is Run... Closed
split to MOTOR-1022 Ensure AWS EC2 Credential Test is Run... Closed
split to NODE-4585 Ensure AWS EC2 Credential Test is Run... Closed
split to PYTHON-3413 Ensure AWS EC2 Credential Test is Run... Closed
split to RUBY-3094 Ensure AWS EC2 Credential Test is Run... Closed
split to RUST-1456 Ensure AWS EC2 Credential Test is Run... Closed
Related
Driver Changes: Needed
Downstream Changes Summary:

Several of the drivers are using the pattern of creating a prepare_mongodb_aws.sh file and sourcing as part of their AWS Evergreen tests. For the case of testing against EC2 credentials, several of the drivers are not writing this file as part of the task, but the file exists on disk from a previous task run on the same job. The task is therefore run using the contents of prepare_mongodb_aws.sh , which could contain AWS auth environment variables, preventing the driver from fetching the credentials using the AWS end point. The file should be overwritten or removed during the EC2 credential test.

See https://github.com/mongodb/mongo-python-driver/commit/0f135a157e2fa6ae66d4091186bdf0c40113ef77 for an example fix.

Driver Compliance:
Key Status/Resolution FixVersion
CDRIVER-4461 Works as Designed
CXX-2569 Backlog
CSHARP-4302 Works as Designed
GODRIVER-2534 Done
JAVA-4714 Fixed 4.8.0
NODE-4585 Fixed 4.10.0
MOTOR-1022 Duplicate
PYTHON-3413 Fixed 4.3
PHPLIB-941 Backlog
RUBY-3094 Works as Designed
RUST-1456 Fixed 2.4.0
SWIFT-1628 Duplicate

 Description   

Summary

What is the problem or use case, what are we trying to achieve?
Several of the drivers are using the pattern of creating a prepare_mongodb_aws.sh file and sourcing as part of their AWS Evergreen tests. For the case of testing against EC2 credentials, several of the drivers are not writing this file as part of the task, but the file exists on disk from a previous task run on the same job. The task is therefore run using the contents of prepare_mongodb_aws.sh , which could contain AWS auth environment variables, preventing the driver from fetching the credentials using the AWS end point. The file should be overwritten or removed during the EC2 credential test.

See https://github.com/mongodb/mongo-python-driver/commit/0f135a157e2fa6ae66d4091186bdf0c40113ef77 for an example fix.

Motivation

Who is the affected end user?

Who are the stakeholders?
The driver is not protected from regressions in the EC2 credential fetch behavior.

How does this affect the end user?

Are they blocked? Are they annoyed? Are they confused?
The end user is not currently affected, else we would have had associated bug tickets.

How likely is it that this problem or use case will occur?

Main path? Edge case?
The code used to fetch EC2 credentials is not likely to change or regress over time.

If the problem does occur, what are the consequences and how severe are they?

_Minor annoyance at a log message? Performance concern? Outage/unavailability?
Failover can't complete?_
The driver would not be able to authenticate the user on EC2 as expected.

Is this issue urgent?

Does this ticket have a required timeline? What is it?
It is not urgent.

Is this ticket required by a downstream team?

Needed by e.g. Atlas, Shell, Compass?
None

Is this ticket only for tests?

Does this ticket have any functional impact, or is it just test improvements?
It is only for tests.


Generated at Thu Feb 08 08:25:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.