PYTHON-5196 Convert OIDC tests to use new test scripts (#2194)

Author: blink1073

.evergreen/config.yml

@@ -289,28 +289,6 @@ functions:
           - .evergreen/scripts/run-with-env.sh
           - .evergreen/scripts/run-atlas-tests.sh
 
-  "run oidc auth test with test credentials":
-    - command: subprocess.exec
-      type: test
-      params:
-        working_dir: "src"
-        binary: bash
-        include_expansions_in_env: ["DRIVERS_TOOLS", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
-        args:
-          - .evergreen/run-mongodb-oidc-test.sh
-
-  "run oidc k8s auth test":
-    - command: subprocess.exec
-      type: test
-      params:
-        binary: bash
-        working_dir: src
-        env:
-          OIDC_ENV: k8s
-        include_expansions_in_env: ["DRIVERS_TOOLS", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "K8S_VARIANT"]
-        args:
-          - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh
-
   "cleanup":
     - command: subprocess.exec
       params:
@@ -417,96 +395,6 @@ task_groups:
     tasks:
       - ".serverless"
 
-  - name: testazureoidc_task_group
-    setup_group:
-      - func: fetch source
-      - func: setup system
-      - command: subprocess.exec
-        params:
-          binary: bash
-          env:
-            AZUREOIDC_VMNAME_PREFIX: "PYTHON_DRIVER"
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
-    teardown_task:
-      - command: subprocess.exec
-        params:
-          binary: bash
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/delete-vm.sh
-    setup_group_can_fail_task: true
-    setup_group_timeout_secs: 1800
-    tasks:
-      - oidc-auth-test-azure
-
-  - name: testgcpoidc_task_group
-    setup_group:
-      - func: fetch source
-      - func: setup system
-      - command: subprocess.exec
-        params:
-          binary: bash
-          env:
-            GCPOIDC_VMNAME_PREFIX: "PYTHON_DRIVER"
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/setup.sh
-    teardown_task:
-      - command: subprocess.exec
-        params:
-          binary: bash
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/teardown.sh
-    setup_group_can_fail_task: true
-    setup_group_timeout_secs: 1800
-    tasks:
-      - oidc-auth-test-gcp
-
-  - name: testk8soidc_task_group
-    setup_group:
-      - func: fetch source
-      - func: setup system
-      - command: ec2.assume_role
-        params:
-          role_arn: ${aws_test_secrets_role}
-          duration_seconds: 1800
-      - command: subprocess.exec
-        params:
-          binary: bash
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
-    teardown_task:
-      - command: subprocess.exec
-        params:
-          binary: bash
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/teardown.sh
-    setup_group_can_fail_task: true
-    setup_group_timeout_secs: 1800
-    tasks:
-      - oidc-auth-test-k8s
-
-  - name: testoidc_task_group
-    setup_group:
-      - func: fetch source
-      - func: setup system
-      - func: "assume ec2 role"
-      - command: subprocess.exec
-        params:
-          binary: bash
-          include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/setup.sh
-    teardown_task:
-      - command: subprocess.exec
-        params:
-          binary: bash
-          args:
-            - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/teardown.sh
-    setup_group_can_fail_task: true
-    setup_group_timeout_secs: 1800
-    tasks:
-      - oidc-auth-test
-
   - name: test_aws_lambda_task_group
     setup_group:
       - func: fetch source
@@ -659,47 +547,6 @@ tasks:
             env:
               TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/test/lambda
 
-    - name: "oidc-auth-test"
-      commands:
-      - func: "run oidc auth test with test credentials"
-
-    - name: "oidc-auth-test-azure"
-      commands:
-      - command: subprocess.exec
-        type: test
-        params:
-          binary: bash
-          working_dir: src
-          env:
-            OIDC_ENV: azure
-          include_expansions_in_env: ["DRIVERS_TOOLS"]
-          args:
-            - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh
-
-    - name: "oidc-auth-test-gcp"
-      commands:
-      - command: subprocess.exec
-        type: test
-        params:
-          binary: bash
-          working_dir: src
-          env:
-            OIDC_ENV: gcp
-          include_expansions_in_env: ["DRIVERS_TOOLS"]
-          args:
-            - ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-oidc-remote-test.sh
-
-    - name: "oidc-auth-test-k8s"
-      commands:
-        - func: "run oidc k8s auth test"
-          vars:
-            K8S_VARIANT: eks
-        - func: "run oidc k8s auth test"
-          vars:
-            K8S_VARIANT: gke
-        - func: "run oidc k8s auth test"
-          vars:
-            K8S_VARIANT: aks
 # }}}
     - name: "coverage-report"
       tags: ["coverage"]

.evergreen/generated_configs/tasks.yml

@@ -1042,6 +1042,50 @@ tasks:
           TEST_NAME: ocsp
     tags: [ocsp, ocsp-rsa]
 
+  # Oidc tests
+  - name: test-auth-oidc-default
+    commands:
+      - func: run tests
+        vars:
+          TEST_NAME: auth_oidc
+          SUB_TEST_NAME: default
+    tags: [auth_oidc]
+  - name: test-auth-oidc-azure
+    commands:
+      - func: run tests
+        vars:
+          TEST_NAME: auth_oidc
+          SUB_TEST_NAME: azure
+    tags: [auth_oidc, auth_oidc_remote]
+  - name: test-auth-oidc-gcp
+    commands:
+      - func: run tests
+        vars:
+          TEST_NAME: auth_oidc
+          SUB_TEST_NAME: gcp
+    tags: [auth_oidc, auth_oidc_remote]
+  - name: test-auth-oidc-eks
+    commands:
+      - func: run tests
+        vars:
+          TEST_NAME: auth_oidc
+          SUB_TEST_NAME: eks
+    tags: [auth_oidc, auth_oidc_remote]
+  - name: test-auth-oidc-aks
+    commands:
+      - func: run tests
+        vars:
+          TEST_NAME: auth_oidc
+          SUB_TEST_NAME: aks
+    tags: [auth_oidc, auth_oidc_remote]
+  - name: test-auth-oidc-gke
+    commands:
+      - func: run tests
+        vars:
+          TEST_NAME: auth_oidc
+          SUB_TEST_NAME: gke
+    tags: [auth_oidc, auth_oidc_remote]
+
   # Server tests
   - name: test-4.0-standalone-auth-ssl-sync
     commands:

.evergreen/generated_configs/variants.yml

@@ -920,24 +920,21 @@ buildvariants:
   # Oidc auth tests
   - name: auth-oidc-ubuntu-22
     tasks:
-      - name: testoidc_task_group
-      - name: testazureoidc_task_group
-      - name: testgcpoidc_task_group
-      - name: testk8soidc_task_group
+      - name: .auth_oidc
     display_name: Auth OIDC Ubuntu-22
     run_on:
       - ubuntu2204-small
     batchtime: 10080
   - name: auth-oidc-macos
     tasks:
-      - name: testoidc_task_group
+      - name: .auth_oidc !.auth_oidc_remote
     display_name: Auth OIDC macOS
     run_on:
       - macos-14
     batchtime: 10080
   - name: auth-oidc-win64
     tasks:
-      - name: testoidc_task_group
+      - name: .auth_oidc !.auth_oidc_remote
     display_name: Auth OIDC Win64
     run_on:
       - windows-64-vsMulti-small

.evergreen/run-mongodb-oidc-remote-test.sh

@@ -3,31 +3,14 @@
 set +x          # Disable debug trace
 set -eu
 
-echo "Running MONGODB-OIDC authentication tests"
-
-OIDC_ENV=${OIDC_ENV:-"test"}
-
-if [ $OIDC_ENV == "test" ]; then
-    # Make sure DRIVERS_TOOLS is set.
-    if [ -z "$DRIVERS_TOOLS" ]; then
-        echo "Must specify DRIVERS_TOOLS"
-        exit 1
-    fi
-    source ${DRIVERS_TOOLS}/.evergreen/auth_oidc/secrets-export.sh
-
-elif [ $OIDC_ENV == "azure" ]; then
-    source ./env.sh
-
-elif [ $OIDC_ENV == "gcp" ]; then
-    source ./secrets-export.sh
-
-elif [ $OIDC_ENV == "k8s" ]; then
-    echo "Running oidc on k8s"
+echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}..."
 
+if [ ${OIDC_ENV} == "k8s" ]; then
+    SUB_TEST_NAME=$K8S_VARIANT-remote
 else
-    echo "Unrecognized OIDC_ENV $OIDC_ENV"
-    exit 1
+    SUB_TEST_NAME=$OIDC_ENV-remote
 fi
-
-COVERAGE=1 bash ./.evergreen/just.sh setup-tests auth_oidc
+bash ./.evergreen/just.sh setup-tests auth_oidc $SUB_TEST_NAME
 bash ./.evergreen/just.sh run-tests "${@:1}"
+
+echo "Running MONGODB-OIDC authentication tests on ${OIDC_ENV}... done."

.evergreen/run-mongodb-oidc-test.sh

@@ -26,6 +26,7 @@ fi
 
 # Source the local secrets export file if available.
 if [ -f "./secrets-export.sh" ]; then
+  echo "Sourcing local secrets file"
   . "./secrets-export.sh"
 fi
 

.evergreen/run-tests.sh

@@ -663,11 +663,11 @@ def create_serverless_variants():
 
 def create_oidc_auth_variants():
     variants = []
-    other_tasks = ["testazureoidc_task_group", "testgcpoidc_task_group", "testk8soidc_task_group"]
     for host_name in ["ubuntu22", "macos", "win64"]:
-        tasks = ["testoidc_task_group"]
         if host_name == "ubuntu22":
-            tasks += other_tasks
+            tasks = [".auth_oidc"]
+        else:
+            tasks = [".auth_oidc !.auth_oidc_remote"]
         host = HOSTS[host_name]
         variants.append(
             create_variant(
@@ -884,6 +884,19 @@ def create_aws_tasks():
     return tasks
 
 
+def create_oidc_tasks():
+    tasks = []
+    for sub_test in ["default", "azure", "gcp", "eks", "aks", "gke"]:
+        vars = dict(TEST_NAME="auth_oidc", SUB_TEST_NAME=sub_test)
+        test_func = FunctionCall(func="run tests", vars=vars)
+        task_name = f"test-auth-oidc-{sub_test}"
+        tags = ["auth_oidc"]
+        if sub_test != "default":
+            tags.append("auth_oidc_remote")
+        tasks.append(EvgTask(name=task_name, tags=tags, commands=[test_func]))
+    return tasks
+
+
 def _create_ocsp_task(algo, variant, server_type, base_task_name):
     file_name = f"{algo}-basic-tls-ocsp-{variant}.json"