[SERVER-77908] Implement Tests for OIDC Machine Flows in Google Cloud Created: 08/Jun/23  Updated: 05/Feb/24

Status: In Code Review
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Adam Rayner Assignee: Varun Ravichandran
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
is depended on by DRIVERS-2601 OIDC: Automatic token acquisition for... Blocked
Assigned Teams:
Server Security
Backport Requested:
v7.0
Sprint: Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-01-22, Security 2024-02-05, Security 2024-02-19
Participants:

 Description   

This ticket will create simple integration test for an GCP machine flow, where the OIDC access and refresh token are obtained via some kind of local machine metadata URI

To achieve this, we will need to do some orchestration of GCP VMs from our evergreen instances running in AWS. A starting point for what this kind of thing looks like is the AWS IAM external auth jstests (https://github.com/10gen/mongo-enterprise-modules/tree/master/jstests/external_auth_aws): these use the AWS python API to construct a temporary container instance in AWS Fargate, deploy test code to this, run the tests on the remote container instance while getting access to a local machine-specific token, and then clean up this newly-created infrastructure.

We will want to essentially port this approach to GCP.


Generated at Thu Feb 08 06:36:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.