GODRIVER-3278 Port OIDC machine callback to master (#1712)

Co-authored-by: Patrick Meredith <pmeredit@protonmail.com>
Co-authored-by: Matt Dale <9760375+matthewdale@users.noreply.github.com>

Author: 3 people

.evergreen/config.yml

@@ -350,6 +350,23 @@ functions:
             chmod +x $i
           done
 
+  assume-ec2-role:
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
+
+  run-oidc-auth-test-with-test-credentials:
+    - command: shell.exec
+      type: test
+      params:
+        working_dir: src/go.mongodb.org/mongo-driver
+        shell: bash
+        include_expansions_in_env: ["DRIVERS_TOOLS", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
+        script: |
+          ${PREPARE_SHELL}
+          export OIDC="oidc"
+          bash ${PROJECT_DIRECTORY}/etc/run-oidc-test.sh
+
   run-make:
     - command: shell.exec
       type: test
@@ -1949,6 +1966,10 @@ tasks:
             popd
             ./.evergreen/run-deployed-lambda-aws-tests.sh
 
+  - name: "oidc-auth-test-latest"
+    commands:
+      - func: "run-oidc-auth-test-with-test-credentials"
+
   - name: "test-search-index"
     commands:
       - func: "bootstrap-mongo-orchestration"
@@ -2231,6 +2252,31 @@ task_groups:
     tasks:
       - testazurekms-task
 
+  - name: testoidc_task_group
+    setup_group:
+      - func: fetch-source
+      - func: prepare-resources
+      - func: fix-absolute-paths
+      - func: make-files-executable
+      - func: assume-ec2-role
+      - command: shell.exec
+        params:
+          shell: bash
+          include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
+          script: |
+            ${PREPARE_SHELL}
+            ${DRIVERS_TOOLS}/.evergreen/auth_oidc/setup.sh
+    teardown_task:
+      - command: subprocess.exec
+        params:
+          binary: bash
+          args:
+            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/teardown.sh
+    setup_group_can_fail_task: true
+    setup_group_timeout_secs: 1800
+    tasks:
+      - oidc-auth-test-latest
+
   - name: test-aws-lambda-task-group
     setup_group:
       - func: fetch-source
@@ -2564,3 +2610,13 @@ buildvariants:
       - name: testazurekms_task_group
         batchtime: 20160 # Use a batchtime of 14 days as suggested by the CSFLE test README
       - testazurekms-fail-task
+
+  - name: testoidc-variant
+    display_name: "OIDC"
+    run_on:
+      - ubuntu2204-large
+    expansions:
+      GO_DIST: "/opt/golang/go1.20"
+    tasks:
+      - name: testoidc_task_group
+        batchtime: 20160 # Use a batchtime of 14 days as suggested by the CSFLE test README

Makefile

@@ -127,6 +127,11 @@ evg-test-atlas-data-lake:
 evg-test-enterprise-auth:
 	go run -tags gssapi ./internal/cmd/testentauth/main.go
 
+.PHONY: evg-test-oidc-auth
+evg-test-oidc-auth:
+	go run ./internal/cmd/testoidcauth/main.go
+	go run -race ./internal/cmd/testoidcauth/main.go
+
 .PHONY: evg-test-kmip
 evg-test-kmip:
 	go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./internal/integration -run TestClientSideEncryptionSpec/kmipKMS >> test.suite

etc/run-oidc-test.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# run-oidc-test
+# Runs oidc auth tests.
+set -eu
+
+echo "Running MONGODB-OIDC authentication tests"
+
+OIDC_ENV="${OIDC_ENV:-"test"}"
+
+if [ $OIDC_ENV == "test" ]; then
+    # Make sure DRIVERS_TOOLS is set.
+    if [ -z "$DRIVERS_TOOLS" ]; then
+        echo "Must specify DRIVERS_TOOLS"
+        exit 1
+    fi
+    source ${DRIVERS_TOOLS}/.evergreen/auth_oidc/secrets-export.sh
+
+elif [ $OIDC_ENV == "azure" ]; then
+    source ./env.sh
+
+elif [ $OIDC_ENV == "gcp" ]; then
+    source ./secrets-export.sh
+
+else
+    echo "Unrecognized OIDC_ENV $OIDC_ENV"
+    exit 1
+fi
+
+export TEST_AUTH_OIDC=1
+export COVERAGE=1
+export AUTH="auth"
+
+make -s evg-test-oidc-auth