[SERVER-77907] Create tests for OIDC managed identity machine flows in Azure Created: 08/Jun/23 Updated: 29/Oct/23 Resolved: 19/Oct/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.2.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Adam Rayner | Assignee: | Adam Rayner |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Sprint: | Security 2023-06-26, Security 2023-07-10, Security 2023-07-24, Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18, Security 2023-10-02, Security 2023-10-16, Security 2023-10-30 | ||||
| Participants: | |||||
| Linked BF Score: | 167 | ||||
| Description |
|
This ticket will create simple integration test for an Azure Managed Identity VM, where the OIDC access and refresh token are obtained via a local machine metadata URI (see https://wiki.corp.mongodb.com/display/~adam.rayner/Azure+POC+Notes#AzurePOCNotes-ServiceAccounts/ManagedIdentities/MachineFlows) To achieve this, we will need to do some orchestration of Azure VMs from our evergreen instances running in AWS. A starting point for what this kind of thing looks like is the AWS IAM external auth jstests (https://github.com/10gen/mongo-enterprise-modules/tree/master/jstests/external_auth_aws): these use the AWS python API to construct a temporary container instance in AWS Fargate, deploy test code to this, run the tests on the remote container instance while getting access to a local machine-specific token, and then clean up this newly-created infrastructure. We will want to essentially port this approach to Azure (and then GCP). |
| Comments |
| Comment by Githook User [ 16/Oct/23 ] |
|
Author: {'name': 'Adam Rayner', 'email': 'adam.rayner@mongodb.com', 'username': 'adamtron'}Message: |
| Comment by Githook User [ 06/Oct/23 ] |
|
Author: {'name': 'Liubov Molchanova', 'email': 'liubov.molchanova@mongodb.com', 'username': 'liubov-molchanova'}Message: Revert " This reverts commit 4ceb419bae3b0e2d278e942810facf60348bf78a. |
| Comment by Githook User [ 05/Oct/23 ] |
|
Author: {'name': 'Adam Rayner', 'email': 'adam.rayner@mongodb.com', 'username': 'adamtron'}Message: |