@@ -22,6 +22,11 @@ timeout:
2222 - " -la"
2323
2424functions :
25+ " assume secrets manager role " &assume_secrets_manager_role
26+ - command : ec2.assume_role
27+ params :
28+ role_arn : ${DRIVERS_SECRETS_ARN}
29+
2530 " fetch source "
2631 # Executes git clone and applies the submitted patch, if any
2732 - command : git.get_project
@@ -78,8 +83,10 @@ functions:
7883 bash ${DRIVERS_TOOLS}/.evergreen/stop-orchestration.sh
7984
8085" bootstrap mongohoused "
86+ - << : *assume_secrets_manager_role
8187 - command : shell.exec
8288 params :
89+ add_expansions_to_env : true
8390 script : |
8491 ${PREPARE_SHELL}
8592 DRIVERS_TOOLS="${DRIVERS_TOOLS}" bash ${DRIVERS_TOOLS}/.evergreen/atlas_data_lake/pull-mongohouse-image.sh
@@ -93,9 +100,7 @@ functions:
93100 docker ps
94101
95102" run tests "
96- - command : ec2.assume_role
97- params :
98- role_arn : ${DRIVERS_SECRETS_ARN}
103+ - << : *assume_secrets_manager_role
99104 - command : subprocess.exec
100105 type : test
101106 params :
@@ -133,9 +138,7 @@ functions:
133138 - command : timeout.update
134139 params :
135140 exec_timeout_secs : 1800
136- - command : ec2.assume_role
137- params :
138- role_arn : ${DRIVERS_SECRETS_ARN}
141+ - << : *assume_secrets_manager_role
139142 - command : subprocess.exec
140143 type : test
141144 params :
@@ -354,13 +357,13 @@ functions:
354357 rm -rf ./node_modules/@aws-sdk/credential-providers
355358
356359" run atlas tests "
360+ - << : *assume_secrets_manager_role
357361 # This creates secrets-export.sh, which is later sourced by run-tests.sh
358362 - command : subprocess.exec
359363 params :
360364 working_dir : " src"
361365 binary : bash
362- env :
363- DRIVERS_TOOLS : ${DRIVERS_TOOLS}
366+ add_expansions_to_env : true
364367 args :
365368 - -c
366369 - ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect
@@ -369,16 +372,12 @@ functions:
369372 params :
370373 working_dir : " src"
371374 binary : bash
372- env :
373- DRIVERS_TOOLS : ${DRIVERS_TOOLS}
374- NODE_LTS_VERSION : ${NODE_LTS_VERSION}
375+ add_expansions_to_env : true
375376 args :
376377 - .evergreen/run-atlas-tests.sh
377378
378379 " run socks5 tests "
379- - command : ec2.assume_role
380- params :
381- role_arn : ${DRIVERS_SECRETS_ARN}
380+ - << : *assume_secrets_manager_role
382381 - command : subprocess.exec
383382 type : test
384383 params :
@@ -400,9 +399,7 @@ functions:
400399 - .evergreen/run-kerberos-tests.sh
401400
402401 " run ldap tests "
403- - command : ec2.assume_role
404- params :
405- role_arn : ${DRIVERS_SECRETS_ARN}
402+ - << : *assume_secrets_manager_role
406403 - command : subprocess.exec
407404 type : test
408405 params :
@@ -441,11 +438,6 @@ functions:
441438
442439 bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh
443440
444- " assume secrets manager rule "
445- - command : ec2.assume_role
446- params :
447- role_arn : ${DRIVERS_SECRETS_ARN}
448-
449441" run aws auth test with regular aws credentials "
450442 - command : subprocess.exec
451443 type : test
@@ -623,6 +615,9 @@ functions:
623615 include_expansions_in_env :
624616 - MONGODB_URI
625617 - DRIVERS_TOOLS
618+ - AWS_SECRET_ACCESS_KEY
619+ - AWS_ACCESS_KEY_ID
620+ - AWS_SESSION_TOKEN
626621 env :
627622 AWS_CREDENTIAL_TYPE : env-creds
628623 MONGODB_AWS_SDK : " true"
@@ -728,31 +723,24 @@ functions:
728723 args :
729724 - ${PROJECT_DIRECTORY}/.evergreen/run-x509-tests.sh
730725
731- install mongodb-client-encryption :
726+ install mongodb-client-encryption from source :
732727 - command : subprocess.exec
733728 type : setup
734729 params :
735730 working_dir : " src"
736- env :
737- INSTALL_DIR : mongodb-client-encryption
738- PROJECT_DIRECTORY : ${PROJECT_DIRECTORY}
739- DRIVERS_TOOLS : ${DRIVERS_TOOLS}
731+ add_expansions_to_env : true
740732 binary : bash
741733 args :
742734 - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh
743735
744736 " build and test alpine FLE "
737+ - << : *assume_secrets_manager_role
745738 - command : subprocess.exec
746739 type : test
747740 params :
748741 working_dir : " src"
749- env :
750- INSTALL_DIR : mongodb-client-encryption
751- PROJECT_DIRECTORY : ${PROJECT_DIRECTORY}
752- DRIVERS_TOOLS : ${DRIVERS_TOOLS}
753- NODE_VERSION : ${NODE_VERSION}
754- MONGODB_URI : ${MONGODB_URI}
755742 binary : bash
743+ add_expansions_to_env : true
756744 args :
757745 - .evergreen/docker/alpine.sh
758746
@@ -777,14 +765,14 @@ tasks:
777765 params :
778766 updates :
779767 - { key: NPM_VERSION, value: "9" }
768+ - func : assume secrets manager role
780769 - func : " install dependencies"
781770 # Upload node driver to a GCP instance
782771 - command : subprocess.exec
783772 type : setup
784773 params :
785774 binary : bash
786- env :
787- DRIVERS_TOOLS : ${DRIVERS_TOOLS}
775+ add_expansions_to_env : true
788776 args :
789777 - src/.evergreen/run-deployed-gcp-kms-tests.sh
790778
@@ -819,12 +807,12 @@ tasks:
819807 updates :
820808 - { key: NPM_VERSION, value: "9" }
821809 - func : " install dependencies"
810+ - func : assume secrets manager role
822811 - command : subprocess.exec
823812 type : setup
824813 params :
825814 binary : bash
826- env :
827- DRIVERS_TOOLS : ${DRIVERS_TOOLS}
815+ add_expansions_to_env : true
828816 args :
829817 - src/.evergreen/run-deployed-azure-kms-tests.sh
830818
@@ -1051,10 +1039,12 @@ task_groups:
10511039 setup_group_timeout_secs : 1800 # 30 minutes
10521040 setup_group :
10531041 - func : fetch source
1042+ - func : assume secrets manager role
10541043 - command : subprocess.exec
10551044 params :
10561045 working_dir : " src"
10571046 binary : bash
1047+ add_expansions_to_env : true
10581048 args :
10591049 - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh
10601050
@@ -1073,12 +1063,14 @@ task_groups:
10731063 setup_group_timeout_secs : 1800 # 30 minutes
10741064 setup_group :
10751065 - func : fetch source
1066+ - func : assume secrets manager role
10761067 - command : subprocess.exec
10771068 params :
10781069 working_dir : " src"
10791070 binary : bash
10801071 env :
10811072 AZUREKMS_VMNAME_PREFIX : " NODE_DRIVER"
1073+ add_expansions_to_env : true
10821074 args :
10831075 - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh
10841076
@@ -1099,12 +1091,11 @@ task_groups:
10991091 - name : testk8soidc_task_group_eks
11001092 setup_group :
11011093 - func : fetch source
1102- - command : ec2.assume_role
1103- params :
1104- role_arn : ${DRIVERS_SECRETS_ARN}
1094+ - func : assume secrets manager role
11051095 - command : subprocess.exec
11061096 params :
11071097 binary : bash
1098+ add_expansions_to_env : true
11081099 args :
11091100 - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
11101101 teardown_group :
@@ -1122,12 +1113,11 @@ task_groups:
11221113 - name : testk8soidc_task_group_gke
11231114 setup_group :
11241115 - func : fetch source
1125- - command : ec2.assume_role
1126- params :
1127- role_arn : ${DRIVERS_SECRETS_ARN}
1116+ - func : assume secrets manager role
11281117 - command : subprocess.exec
11291118 params :
11301119 binary : bash
1120+ add_expansions_to_env : true
11311121 args :
11321122 - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
11331123 teardown_group :
@@ -1145,12 +1135,11 @@ task_groups:
11451135 - name : testk8soidc_task_group_aks
11461136 setup_group :
11471137 - func : fetch source
1148- - command : ec2.assume_role
1149- params :
1150- role_arn : ${DRIVERS_SECRETS_ARN}
1138+ - func : assume secrets manager role
11511139 - command : subprocess.exec
11521140 params :
11531141 binary : bash
1142+ add_expansions_to_env : true
11541143 args :
11551144 - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
11561145 teardown_group :
@@ -1168,9 +1157,7 @@ task_groups:
11681157 - name : testtestoidc_task_group
11691158 setup_group :
11701159 - func : fetch source
1171- - command : ec2.assume_role
1172- params :
1173- role_arn : ${DRIVERS_SECRETS_ARN}
1160+ - func : assume secrets manager role
11741161 - command : subprocess.exec
11751162 params :
11761163 binary : bash
@@ -1190,9 +1177,11 @@ task_groups:
11901177 - name : testazureoidc_task_group
11911178 setup_group :
11921179 - func : fetch source
1180+ - func : assume secrets manager role
11931181 - command : shell.exec
11941182 params :
11951183 shell : bash
1184+ add_expansions_to_env : true
11961185 script : |-
11971186 set -o errexit
11981187 ${PREPARE_SHELL}
@@ -1214,9 +1203,11 @@ task_groups:
12141203 - name : testgcpoidc_task_group
12151204 setup_group :
12161205 - func : fetch source
1206+ - func : assume secrets manager role
12171207 - command : shell.exec
12181208 params :
12191209 shell : bash
1210+ add_expansions_to_env : true
12201211 script : |-
12211212 set -o errexit
12221213 ${PREPARE_SHELL}
@@ -1238,14 +1229,19 @@ task_groups:
12381229 - name : test_atlas_task_group
12391230 setup_group :
12401231 - func : fetch source
1232+ - command : expansions.update
1233+ type : " setup"
1234+ params :
1235+ updates :
1236+ - { key: MONGODB_VERSION, value: "7.0" }
1237+ - { key: LAMBDA_STACK_NAME, value: "dbx-node-lambda" }
1238+ - { key: CLUSTER_PREFIX, value: "dbx-node-lambda" }
1239+ - func : assume secrets manager role
12411240 - command : subprocess.exec
12421241 params :
12431242 working_dir : src
12441243 binary : bash
1245- env :
1246- MONGODB_VERSION : " 7.0"
1247- LAMBDA_STACK_NAME : dbx-node-lambda
1248- CLUSTER_PREFIX : dbx-node-lambda
1244+ add_expansions_to_env : true
12491245 args :
12501246 - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh
12511247 - atlas
@@ -1268,13 +1264,18 @@ task_groups:
12681264 - name : test_atlas_task_group_search_indexes
12691265 setup_group :
12701266 - func : fetch source
1267+ - command : expansions.update
1268+ type : " setup"
1269+ params :
1270+ updates :
1271+ - { key: MONGODB_VERSION, value: "7.0" }
1272+ - { key: CLUSTER_PREFIX, value: "dbx-node-lambda" }
1273+ - func : assume secrets manager role
12711274 - command : subprocess.exec
12721275 params :
12731276 working_dir : src
12741277 binary : bash
1275- env :
1276- MONGODB_VERSION : " 7.0"
1277- CLUSTER_PREFIX : dbx-node-search
1278+ add_expansions_to_env : true
12781279 args :
12791280 - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh
12801281 - command : expansions.update
0 commit comments