@@ -78,8 +78,12 @@ functions:
7878 bash ${DRIVERS_TOOLS}/.evergreen/stop-orchestration.sh
7979
8080" bootstrap mongohoused "
81+ - command : ec2.assume_role
82+ params :
83+ role_arn : ${DRIVERS_SECRETS_ARN}
8184 - command : shell.exec
8285 params :
86+ add_expansions_to_env : true
8387 script : |
8488 ${PREPARE_SHELL}
8589 DRIVERS_TOOLS="${DRIVERS_TOOLS}" bash ${DRIVERS_TOOLS}/.evergreen/atlas_data_lake/pull-mongohouse-image.sh
@@ -354,13 +358,17 @@ functions:
354358 rm -rf ./node_modules/@aws-sdk/credential-providers
355359
356360" run atlas tests "
361+ - command : ec2.assume_role
362+ params :
363+ role_arn : ${DRIVERS_SECRETS_ARN}
357364 # This creates secrets-export.sh, which is later sourced by run-tests.sh
358365 - command : subprocess.exec
359366 params :
360367 working_dir : " src"
361368 binary : bash
362369 env :
363370 DRIVERS_TOOLS : ${DRIVERS_TOOLS}
371+ add_expansions_to_env : true
364372 args :
365373 - -c
366374 - ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/atlas_connect
@@ -441,7 +449,7 @@ functions:
441449
442450 bash ${PROJECT_DIRECTORY}/.evergreen/run-tls-tests.sh
443451
444- " assume secrets manager rule "
452+ " assume secrets manager rule " &secrets-manager-role
445453 - command : ec2.assume_role
446454 params :
447455 role_arn : ${DRIVERS_SECRETS_ARN}
@@ -623,6 +631,9 @@ functions:
623631 include_expansions_in_env :
624632 - MONGODB_URI
625633 - DRIVERS_TOOLS
634+ - AWS_SECRET_ACCESS_KEY
635+ - AWS_ACCESS_KEY_ID
636+ - AWS_SESSION_TOKEN
626637 env :
627638 AWS_CREDENTIAL_TYPE : env-creds
628639 MONGODB_AWS_SDK : " true"
@@ -742,6 +753,9 @@ functions:
742753 - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh
743754
744755 " build and test alpine FLE "
756+ - command : ec2.assume_role
757+ params :
758+ role_arn : ${DRIVERS_SECRETS_ARN}
745759 - command : subprocess.exec
746760 type : test
747761 params :
@@ -753,6 +767,7 @@ functions:
753767 NODE_VERSION : ${NODE_VERSION}
754768 MONGODB_URI : ${MONGODB_URI}
755769 binary : bash
770+ add_expansions_to_env : true
756771 args :
757772 - .evergreen/docker/alpine.sh
758773
@@ -777,12 +792,13 @@ tasks:
777792 params :
778793 updates :
779794 - { key: NPM_VERSION, value: "9" }
780- - func : " install dependencies "
795+ - func : assume secrets manager rule
781796 # Upload node driver to a GCP instance
782797 - command : subprocess.exec
783798 type : setup
784799 params :
785800 binary : bash
801+ add_expansions_to_env : true
786802 env :
787803 DRIVERS_TOOLS : ${DRIVERS_TOOLS}
788804 args :
@@ -813,6 +829,7 @@ tasks:
813829
814830 - name : " test-azurekms-task"
815831 commands :
832+ - func : assume secrets manager rule
816833 - command : expansions.update
817834 type : setup
818835 params :
@@ -825,6 +842,7 @@ tasks:
825842 binary : bash
826843 env :
827844 DRIVERS_TOOLS : ${DRIVERS_TOOLS}
845+ add_expansions_to_env : true
828846 args :
829847 - src/.evergreen/run-deployed-azure-kms-tests.sh
830848
@@ -1051,10 +1069,14 @@ task_groups:
10511069 setup_group_timeout_secs : 1800 # 30 minutes
10521070 setup_group :
10531071 - func : fetch source
1072+ - command : ec2.assume_role
1073+ params :
1074+ role_arn : ${DRIVERS_SECRETS_ARN}
10541075 - command : subprocess.exec
10551076 params :
10561077 working_dir : " src"
10571078 binary : bash
1079+ add_expansions_to_env : true
10581080 args :
10591081 - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh
10601082
@@ -1073,12 +1095,16 @@ task_groups:
10731095 setup_group_timeout_secs : 1800 # 30 minutes
10741096 setup_group :
10751097 - func : fetch source
1098+ - command : ec2.assume_role
1099+ params :
1100+ role_arn : ${DRIVERS_SECRETS_ARN}
10761101 - command : subprocess.exec
10771102 params :
10781103 working_dir : " src"
10791104 binary : bash
10801105 env :
10811106 AZUREKMS_VMNAME_PREFIX : " NODE_DRIVER"
1107+ add_expansions_to_env : true
10821108 args :
10831109 - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh
10841110
@@ -1105,6 +1131,7 @@ task_groups:
11051131 - command : subprocess.exec
11061132 params :
11071133 binary : bash
1134+ add_expansions_to_env : true
11081135 args :
11091136 - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
11101137 teardown_group :
@@ -1128,6 +1155,7 @@ task_groups:
11281155 - command : subprocess.exec
11291156 params :
11301157 binary : bash
1158+ add_expansions_to_env : true
11311159 args :
11321160 - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
11331161 teardown_group :
@@ -1151,6 +1179,7 @@ task_groups:
11511179 - command : subprocess.exec
11521180 params :
11531181 binary : bash
1182+ add_expansions_to_env : true
11541183 args :
11551184 - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/k8s/setup.sh
11561185 teardown_group :
@@ -1190,9 +1219,13 @@ task_groups:
11901219 - name : testazureoidc_task_group
11911220 setup_group :
11921221 - func : fetch source
1222+ - command : ec2.assume_role
1223+ params :
1224+ role_arn : ${DRIVERS_SECRETS_ARN}
11931225 - command : shell.exec
11941226 params :
11951227 shell : bash
1228+ add_expansions_to_env : true
11961229 script : |-
11971230 set -o errexit
11981231 ${PREPARE_SHELL}
@@ -1214,9 +1247,13 @@ task_groups:
12141247 - name : testgcpoidc_task_group
12151248 setup_group :
12161249 - func : fetch source
1250+ - command : ec2.assume_role
1251+ params :
1252+ role_arn : ${DRIVERS_SECRETS_ARN}
12171253 - command : shell.exec
12181254 params :
12191255 shell : bash
1256+ add_expansions_to_env : true
12201257 script : |-
12211258 set -o errexit
12221259 ${PREPARE_SHELL}
@@ -1268,13 +1305,17 @@ task_groups:
12681305 - name : test_atlas_task_group_search_indexes
12691306 setup_group :
12701307 - func : fetch source
1308+ - command : ec2.assume_role
1309+ params :
1310+ role_arn : ${DRIVERS_SECRETS_ARN}
12711311 - command : subprocess.exec
12721312 params :
12731313 working_dir : src
12741314 binary : bash
12751315 env :
12761316 MONGODB_VERSION : " 7.0"
12771317 CLUSTER_PREFIX : dbx-node-search
1318+ add_expansions_to_env : true
12781319 args :
12791320 - ${DRIVERS_TOOLS}/.evergreen/atlas/setup-atlas-cluster.sh
12801321 - command : expansions.update
0 commit comments