[SERVER-77908] Implement Tests for OIDC Machine Flows in Google Cloud Created: 08/Jun/23 Updated: 05/Feb/24 |
|
| Status: | In Code Review |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Adam Rayner | Assignee: | Varun Ravichandran |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||
| Backport Requested: |
v7.0
|
||||||||||||
| Sprint: | Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-01-22, Security 2024-02-05, Security 2024-02-19 | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
This ticket will create simple integration test for an GCP machine flow, where the OIDC access and refresh token are obtained via some kind of local machine metadata URI To achieve this, we will need to do some orchestration of GCP VMs from our evergreen instances running in AWS. A starting point for what this kind of thing looks like is the AWS IAM external auth jstests (https://github.com/10gen/mongo-enterprise-modules/tree/master/jstests/external_auth_aws): these use the AWS python API to construct a temporary container instance in AWS Fargate, deploy test code to this, run the tests on the remote container instance while getting access to a local machine-specific token, and then clean up this newly-created infrastructure. We will want to essentially port this approach to GCP. |