diff --git a/.evergreen/run-oidc-prose-tests.sh b/.evergreen/run-oidc-prose-tests.sh index 0be8b1e0dce..1e5716b0c8b 100755 --- a/.evergreen/run-oidc-prose-tests.sh +++ b/.evergreen/run-oidc-prose-tests.sh @@ -15,20 +15,11 @@ if [ -z "${MONGODB_URI_SINGLE}" ]; then exit 1 fi -if [ "$ENVIRONMENT" = "azure" ]; then - npm run check:oidc-azure -elif [ "$ENVIRONMENT" = "gcp" ]; then - npm run check:oidc-gcp -elif [ "$ENVIRONMENT" = "test" ]; then +if [ "$ENVIRONMENT" = "test" ]; then if [ -z "${OIDC_TOKEN_FILE}" ]; then echo "Must specify OIDC_TOKEN_FILE" exit 1 fi - npm run check:oidc-test -else - if [ -z "${K8S_VARIANT}" ]; then - echo "Must specify K8S_VARIANT" - exit 1 - fi - npm run check:oidc-k8s fi + +npm run check:oidc-test \ No newline at end of file diff --git a/package.json b/package.json index 3f7c7f83666..769745ce1b1 100644 --- a/package.json +++ b/package.json @@ -147,9 +147,6 @@ "check:aws": "nyc mocha --config test/mocha_mongodb.js test/integration/auth/mongodb_aws.test.ts test/integration/auth/mongodb_aws.prose.test.ts", "check:oidc-auth": "nyc mocha --config test/mocha_mongodb.js test/integration/auth/auth.spec.test.ts", "check:oidc-test": "nyc mocha --config test/mocha_mongodb.js test/integration/auth/mongodb_oidc.prose.test.ts", - "check:oidc-azure": "nyc mocha --config test/mocha_mongodb.js test/integration/auth/mongodb_oidc_azure.prose.05.test.ts", - "check:oidc-gcp": "nyc mocha --config test/mocha_mongodb.js test/integration/auth/mongodb_oidc_gcp.prose.06.test.ts", - "check:oidc-k8s": "nyc mocha --config test/mocha_mongodb.js test/integration/auth/mongodb_oidc_k8s.prose.07.test.ts", "check:kerberos": "nyc mocha --config test/manual/mocharc.js test/manual/kerberos.test.ts", "check:tls": "nyc mocha --config test/manual/mocharc.js test/manual/tls_support.test.ts", "check:ldap": "nyc mocha --config test/manual/mocharc.js test/manual/ldap.test.ts", diff --git a/test/integration/auth/mongodb_oidc.prose.test.ts b/test/integration/auth/mongodb_oidc.prose.test.ts index dceb41f2723..66aabda7e84 100644 --- a/test/integration/auth/mongodb_oidc.prose.test.ts +++ b/test/integration/auth/mongodb_oidc.prose.test.ts @@ -9,10 +9,11 @@ import { type ClientSession, type Collection, MongoClient, + type MongoClientOptions, type OIDCCallbackParams, type OIDCResponse } from '../../../src'; -import { type MongoDBOIDC } from '../../../src/cmap/auth/mongodb_oidc'; +import { type MongoDBOIDC, type OIDCCallbackFunction } from '../../../src/cmap/auth/mongodb_oidc'; const createCallback = (tokenFile = 'test_user1', expiresInSeconds?: number, extraFields?: any) => { return async (params: OIDCCallbackParams) => { @@ -38,10 +39,45 @@ const generateResult = (token: string, expiresInSeconds?: number, extraFields?: return response; }; +const DEFAULT_URI = 'mongodb://127.0.0.1:27017'; +const URI_SINGLE = process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI; +const isCallbackTest = process.env.ENVIRONMENT === 'test'; + +const getClientOptions = (callbackSpy?: OIDCCallbackFunction) => { + const options: MongoClientOptions = {}; + options.retryReads = false; + if (process.env.AZUREOIDC_RESOURCE) { + options.authMechanismProperties = { TOKEN_RESOURCE: process.env.AZUREOIDC_RESOURCE }; + } + if (process.env.AZUREOIDC_USERNAME) { + options.auth = { username: process.env.AZUREOIDC_USERNAME, password: undefined }; + } + if (process.env.GCPOIDC_AUDIENCE) { + options.authMechanismProperties = { TOKEN_RESOURCE: process.env.GCPOIDC_AUDIENCE }; + } + if (isCallbackTest && callbackSpy) { + options.authMechanismProperties = { OIDC_CALLBACK: callbackSpy }; + } + return options; +}; + +const getProviderLookupProperties = (callbackSpy?: OIDCCallbackFunction) => { + if (isCallbackTest && callbackSpy) { + return { OIDC_CALLBACK: callbackSpy }; + } + return { ENVIRONMENT: process.env.ENVIRONMENT }; +}; + +const getClient = (extraOptions: MongoClientOptions = {}, callbackSpy?: OIDCCallbackFunction) => { + const options = getClientOptions(callbackSpy); + const mergedOptions = extraOptions ? { ...options, ...extraOptions } : options; + return new MongoClient(URI_SINGLE, mergedOptions); +}; + describe('OIDC Auth Spec Tests', function () { beforeEach(function () { - if (process.env.ENVIRONMENT !== 'test') { - this.skipReason = 'GCP OIDC prose tests require a Test OIDC environment.'; + if (!process.env.ENVIRONMENT) { + this.skipReason = 'OIDC prose tests require a Test OIDC environment.'; this.skip(); } }); @@ -61,21 +97,18 @@ describe('OIDC Auth Spec Tests', function () { const callbackSpy = sinon.spy(createCallback('test_machine')); // Create an OIDC configured client. // Perform a find operation that succeeds. - // Assert that the callback was called 1 time. + // `[callback-only]` Assert that the callback was called 1 time. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + client = getClient({}, callbackSpy); collection = client.db('test').collection('test'); }); it('successfully authenticates', async function () { await collection.findOne(); - expect(callbackSpy).to.have.been.calledOnce; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledOnce; + } }); }); @@ -83,15 +116,10 @@ describe('OIDC Auth Spec Tests', function () { const callbackSpy = sinon.spy(createCallback()); // Create an OIDC configured client. // Start 10 threads and run 100 find operations in each thread that all succeed. - // Assert that the callback was called 1 time. + // `[callback-only]` Assert that the callback was called 1 time. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + client = getClient({}, callbackSpy); collection = client.db('test').collection('test'); }); @@ -99,15 +127,24 @@ describe('OIDC Auth Spec Tests', function () { for (let i = 0; i < 100; i++) { await collection.findOne(); } - expect(callbackSpy).to.have.been.calledOnce; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledOnce; + } }); }); }); - describe('2. OIDC Callback Validation', function () { + describe('2. `[callback-only]` OIDC Callback Validation', function () { let client: MongoClient; let collection: Collection; + beforeEach(function () { + if (!isCallbackTest) { + this.skipReason = 'Callback validation tests only run in test environment'; + this.skip(); + } + }); + afterEach(async function () { await client?.close(); }); @@ -119,12 +156,7 @@ describe('OIDC Auth Spec Tests', function () { // Assert that the OIDC callback was called with the appropriate inputs, including the timeout parameter if possible. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + client = getClient({}, callbackSpy); collection = client.db('test').collection('test'); }); @@ -141,12 +173,7 @@ describe('OIDC Auth Spec Tests', function () { // Perform a find operation that fails. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + client = getClient({}, callbackSpy); collection = client.db('test').collection('test'); }); @@ -164,12 +191,7 @@ describe('OIDC Auth Spec Tests', function () { // Perform a find operation that fails. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + client = getClient({}, callbackSpy); collection = client.db('test').collection('test'); }); @@ -185,13 +207,7 @@ describe('OIDC Auth Spec Tests', function () { // Assert it returns a client configuration error. it('fails validation', async function () { try { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy, - ENVIRONMENT: 'test' - }, - retryReads: false - }); + client = getClient({}, callbackSpy); } catch (error) { expect(error).to.exist; } @@ -212,29 +228,27 @@ describe('OIDC Auth Spec Tests', function () { // Create an OIDC configured client. // Poison the Client Cache with an invalid access token. // Perform a find operation that succeeds. - // Assert that the callback was called 1 time. + // `[callback-only]` Assert that the callback was called 1 time. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); - const provider = client.s.authProviders.getOrCreateProvider('MONGODB-OIDC', { - OIDC_CALLBACK: callbackSpy - }) as MongoDBOIDC; + client = getClient({}, callbackSpy); + const provider = client.s.authProviders.getOrCreateProvider( + 'MONGODB-OIDC', + getProviderLookupProperties(callbackSpy) + ) as MongoDBOIDC; provider.workflow.cache.put({ idpServerResponse: { accessToken: 'bad' } }); collection = client.db('test').collection('test'); }); it('successfully authenticates', async function () { await collection.findOne(); - expect(callbackSpy).to.have.been.calledOnce; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledOnce; + } }); }); - describe('3.2 Authentication failures without cached tokens return an error', function () { + describe('3.2 `[callback-only]` Authentication failures without cached tokens return an error', function () { const callbackSpy = sinon.spy(() => { return { accessToken: 'bad' }; }); @@ -243,12 +257,11 @@ describe('OIDC Auth Spec Tests', function () { // Assert that the callback was called 1 time. // Close the client. beforeEach(function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + if (!isCallbackTest) { + this.skipReason = 'Callback validation tests only run in test environment'; + this.skip(); + } + client = getClient({}, callbackSpy); const provider = client.s.authProviders.getOrCreateProvider('MONGODB-OIDC', { OIDC_CALLBACK: callbackSpy }) as MongoDBOIDC; @@ -281,23 +294,13 @@ describe('OIDC Auth Spec Tests', function () { // } // } // Perform a find operation that fails. - // Assert that the callback has been called once. + // `[callback-only]` Assert that the callback has been called once. // Perform a find operation that succeeds. - // Assert that the callback has been called once. + // `[callback-only]` Assert that the callback has been called once. // Close the client. beforeEach(async function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); - utilClient = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: createCallback() - }, - retryReads: false - }); + client = getClient({}, callbackSpy); + utilClient = getClient({}, createCallback()); collection = client.db('test').collection('test'); await utilClient .db() @@ -325,9 +328,13 @@ describe('OIDC Auth Spec Tests', function () { it('successfully authenticates the second time', async function () { const error = await collection.findOne().catch(error => error); expect(error).to.exist; - expect(callbackSpy).to.have.been.calledOnce; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledOnce; + } await collection.findOne(); - expect(callbackSpy).to.have.been.calledOnce; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledOnce; + } }); }); }); @@ -373,21 +380,11 @@ describe('OIDC Auth Spec Tests', function () { // } // } // Perform a find operation that succeeds. - // Assert that the callback was called 2 times (once during the connection handshake, and again during reauthentication). + // `[callback-only]` Assert that the callback was called 2 times (once during the connection handshake, and again during reauthentication). // Close the client. beforeEach(async function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); - utilClient = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: createCallback() - }, - retryReads: false - }); + client = getClient({}, callbackSpy); + utilClient = getClient({}, createCallback()); collection = client.db('test').collection('test'); await utilClient .db() @@ -414,7 +411,9 @@ describe('OIDC Auth Spec Tests', function () { it('successfully authenticates', async function () { await collection.findOne(); - expect(callbackSpy).to.have.been.calledTwice; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledTwice; + } }); }); @@ -436,22 +435,11 @@ describe('OIDC Auth Spec Tests', function () { // } // } // Perform a find operation that succeeds. - // Assert that the callback was called 2 times (once during the connection handshake, and again during reauthentication). + // `[callback-only]` Assert that the callback was called 2 times (once during the connection handshake, and again during reauthentication). // Close the client. beforeEach(async function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false, - promoteValues: false - }); - utilClient = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: createCallback() - }, - retryReads: false - }); + client = getClient({ promoteValues: false }, callbackSpy); + utilClient = getClient({ promoteValues: false }, createCallback()); collection = client.db('test').collection('test'); await utilClient .db() @@ -478,11 +466,13 @@ describe('OIDC Auth Spec Tests', function () { it('successfully authenticates', async function () { await collection.findOne(); - expect(callbackSpy).to.have.been.calledTwice; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledTwice; + } }); }); - describe('4.2 Read Commands Fail If Reauthentication Fails', function () { + describe('4.2 `[callback-only]` Read Commands Fail If Reauthentication Fails', function () { let utilClient: MongoClient; const callbackSpy = sinon.spy(createBadCallback()); // Create a MongoClient whose OIDC callback returns one good token and then bad tokens after the first call. @@ -504,12 +494,11 @@ describe('OIDC Auth Spec Tests', function () { // Assert that the callback was called 2 times. // Close the client. beforeEach(async function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + if (!isCallbackTest) { + this.test.skipReason = 'Callback validation tests only run in test environment'; + this.test.skip(); + } + client = getClient({}, callbackSpy); utilClient = new MongoClient(uriSingle, { authMechanismProperties: { OIDC_CALLBACK: createCallback() @@ -533,11 +522,11 @@ describe('OIDC Auth Spec Tests', function () { }); afterEach(async function () { - await utilClient.db().admin().command({ + await utilClient?.db().admin().command({ configureFailPoint: 'failCommand', mode: 'off' }); - await utilClient.close(); + await utilClient?.close(); }); it('does not successfully authenticate', async function () { @@ -547,7 +536,7 @@ describe('OIDC Auth Spec Tests', function () { }); }); - describe('4.3 Write Commands Fail If Reauthentication Fails', function () { + describe('4.3 `[callback-only]` Write Commands Fail If Reauthentication Fails', function () { let utilClient: MongoClient; const callbackSpy = sinon.spy(createBadCallback()); // Create a MongoClient whose OIDC callback returns one good token and then bad tokens after the first call. @@ -569,12 +558,11 @@ describe('OIDC Auth Spec Tests', function () { // Assert that the callback was called 2 times. // Close the client. beforeEach(async function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); + if (!isCallbackTest) { + this.test.skipReason = 'Callback validation tests only run in test environment'; + this.test.skip(); + } + client = getClient({}, callbackSpy); utilClient = new MongoClient(uriSingle, { authMechanismProperties: { OIDC_CALLBACK: createCallback() @@ -599,11 +587,11 @@ describe('OIDC Auth Spec Tests', function () { }); afterEach(async function () { - await utilClient.db().admin().command({ + await utilClient?.db().admin().command({ configureFailPoint: 'failCommand', mode: 'off' }); - await utilClient.close(); + await utilClient?.close(); }); it('does not successfully authenticate', async function () { @@ -619,6 +607,7 @@ describe('OIDC Auth Spec Tests', function () { const saslStarts = []; // - Create an OIDC configured client. // - Populate the *Client Cache* with a valid access token to enforce Speculative Authentication. + // - This may be done by authenticating a temporary OIDC configured client and copying the cached token. // - Perform an `insert` operation that succeeds. // - Assert that the callback was not called. // - Assert there were no `SaslStart` commands executed. @@ -638,52 +627,45 @@ describe('OIDC Auth Spec Tests', function () { // } // ``` // - Perform an `insert` operation that succeeds. - // - Assert that the callback was called once. + // - `[callback-only]` Assert that the callback was called once. // - Assert there were `SaslStart` commands executed. // - Close the client. beforeEach(async function () { - utilClient = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: createCallback() - }, - retryReads: false - }); - - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false, - monitorCommands: true - }); + utilClient = getClient({}, createCallback()); + client = getClient({ monitorCommands: true }, callbackSpy); client.on('commandStarted', event => { if (event.commandName === 'saslStart') { saslStarts.push(event); } }); - const provider = client.s.authProviders.getOrCreateProvider('MONGODB-OIDC', { - OIDC_CALLBACK: callbackSpy - }) as MongoDBOIDC; - const token = await readFile(path.join(process.env.OIDC_TOKEN_DIR, 'test_user1'), { - encoding: 'utf8' - }); + if (isCallbackTest) { + const provider = client.s.authProviders.getOrCreateProvider( + 'MONGODB-OIDC', + getProviderLookupProperties(callbackSpy) + ) as MongoDBOIDC; + const token = await readFile(path.join(process.env.OIDC_TOKEN_DIR, 'test_user1'), { + encoding: 'utf8' + }); + provider.workflow.cache.put({ accessToken: token }); + } - provider.workflow.cache.put({ accessToken: token }); collection = client.db('test').collection('test'); }); afterEach(async function () { - await utilClient.db().admin().command({ + await utilClient?.db().admin().command({ configureFailPoint: 'failCommand', mode: 'off' }); - await utilClient.close(); + await utilClient?.close(); }); it('successfully authenticates', async function () { await collection.insertOne({ name: 'test' }); - expect(callbackSpy).to.not.have.been.called; + if (isCallbackTest) { + expect(callbackSpy).to.not.have.been.called; + } expect(saslStarts).to.be.empty; await utilClient @@ -701,7 +683,9 @@ describe('OIDC Auth Spec Tests', function () { }); await collection.insertOne({ name: 'test' }); - expect(callbackSpy).to.have.been.calledOnce; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledOnce; + } expect(saslStarts.length).to.equal(1); }); }); @@ -726,21 +710,11 @@ describe('OIDC Auth Spec Tests', function () { // } // Start a new session. // In the started session perform a find operation that succeeds. - // Assert that the callback was called 2 times (once during the connection handshake, and again during reauthentication). + // `[callback-only]` Assert that the callback was called 2 times (once during the connection handshake, and again during reauthentication). // Close the session and the client. beforeEach(async function () { - client = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: callbackSpy - }, - retryReads: false - }); - utilClient = new MongoClient(uriSingle, { - authMechanismProperties: { - OIDC_CALLBACK: createCallback() - }, - retryReads: false - }); + client = getClient({}, callbackSpy); + utilClient = getClient({}, createCallback()); collection = client.db('test').collection('test'); await utilClient .db() @@ -768,8 +742,11 @@ describe('OIDC Auth Spec Tests', function () { }); it('successfully authenticates', async function () { - await collection.findOne({}, { session }); - expect(callbackSpy).to.have.been.calledTwice; + const result = await collection.findOne({}, { session }); + expect(result).to.exist; + if (isCallbackTest) { + expect(callbackSpy).to.have.been.calledTwice; + } }); }); }); @@ -779,6 +756,13 @@ describe('OIDC Auth Spec Tests', function () { const uriSingle = process.env.MONGODB_URI_SINGLE; const uriMulti = process.env.MONGODB_URI_MULTI; + beforeEach(function () { + if (!isCallbackTest) { + this.skipReason = 'OIDC human prose tests require a Test OIDC environment.'; + this.skip(); + } + }); + describe('1. OIDC Human Callback Authentication', function () { let client: MongoClient; let collection: Collection; diff --git a/test/integration/auth/mongodb_oidc_azure.prose.05.test.ts b/test/integration/auth/mongodb_oidc_azure.prose.05.test.ts deleted file mode 100644 index f2bc91f7ebf..00000000000 --- a/test/integration/auth/mongodb_oidc_azure.prose.05.test.ts +++ /dev/null @@ -1,86 +0,0 @@ -import { expect } from 'chai'; -import * as process from 'process'; - -import { type Collection, MongoClient, type MongoClientOptions } from '../../../src'; - -const DEFAULT_URI = 'mongodb://127.0.0.1:27017'; - -describe('OIDC Auth Spec Azure Tests', function () { - describe('5. Azure Tests', function () { - let client: MongoClient; - let collection: Collection; - - beforeEach(function () { - if (!this.configuration.isOIDC(process.env.MONGODB_URI_SINGLE, 'azure')) { - this.skipReason = 'Azure OIDC tests require an Azure OIDC environment.'; - this.skip(); - } - }); - - afterEach(async function () { - await client?.close(); - }); - - describe('5.1 Azure With No Username', function () { - // Create an OIDC configured client with ENVIRONMENT:azure and a valid TOKEN_RESOURCE and no username. - // Perform a find operation that succeeds. - // Close the client. - beforeEach(function () { - const options: MongoClientOptions = {}; - if (process.env.AZUREOIDC_RESOURCE) { - options.authMechanismProperties = { TOKEN_RESOURCE: process.env.AZUREOIDC_RESOURCE }; - } - client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI, options); - collection = client.db('test').collection('test'); - }); - - it('successfully authenticates', async function () { - const result = await collection.findOne(); - expect(result).to.not.be.null; - }); - }); - - describe('5.2 Azure With Bad Username', function () { - // Create an OIDC configured client with ENVIRONMENT:azure and a valid TOKEN_RESOURCE and a username of "bad". - // Perform a find operation that fails. - // Close the client. - beforeEach(function () { - const options: MongoClientOptions = {}; - if (process.env.AZUREOIDC_USERNAME) { - options.auth = { username: 'bad', password: undefined }; - } - if (process.env.AZUREOIDC_RESOURCE) { - options.authMechanismProperties = { TOKEN_RESOURCE: process.env.AZUREOIDC_RESOURCE }; - } - client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI, options); - collection = client.db('test').collection('test'); - }); - - it('does not authenticate', async function () { - const error = await collection.findOne().catch(error => error); - expect(error.message).to.include('Azure endpoint'); - }); - }); - - describe('5.3 Azure With Valid Username', function () { - // This prose test does not exist in the spec but the new OIDC setup scripts - // have a username in the environment so worth testing. - beforeEach(function () { - const options: MongoClientOptions = {}; - if (process.env.AZUREOIDC_USERNAME) { - options.auth = { username: process.env.AZUREOIDC_USERNAME, password: undefined }; - } - if (process.env.AZUREOIDC_RESOURCE) { - options.authMechanismProperties = { TOKEN_RESOURCE: process.env.AZUREOIDC_RESOURCE }; - } - client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI, options); - collection = client.db('test').collection('test'); - }); - - it('successfully authenticates', async function () { - const result = await collection.findOne(); - expect(result).to.not.be.null; - }); - }); - }); -}); diff --git a/test/integration/auth/mongodb_oidc_gcp.prose.06.test.ts b/test/integration/auth/mongodb_oidc_gcp.prose.06.test.ts deleted file mode 100644 index cef9ad20215..00000000000 --- a/test/integration/auth/mongodb_oidc_gcp.prose.06.test.ts +++ /dev/null @@ -1,55 +0,0 @@ -import { expect } from 'chai'; -import * as process from 'process'; - -import { type Collection, MongoClient, type MongoClientOptions } from '../../../src'; - -const DEFAULT_URI = 'mongodb://127.0.0.1:27017'; - -describe('OIDC Auth Spec GCP Tests', function () { - // Note there is no spec or tests for GCP yet, these are 2 scenarios based on the - // drivers tools scripts available. - describe('6. GCP Tests', function () { - let client: MongoClient; - let collection: Collection; - - beforeEach(function () { - if (!this.configuration.isOIDC(process.env.MONGODB_URI_SINGLE, 'gcp')) { - this.skipReason = 'GCP OIDC prose tests require a GCP OIDC environment.'; - this.skip(); - } - }); - - afterEach(async function () { - await client?.close(); - }); - - describe('6.1 GCP With Valid Token Resource', function () { - beforeEach(function () { - const options: MongoClientOptions = {}; - if (process.env.GCPOIDC_AUDIENCE) { - options.authMechanismProperties = { TOKEN_RESOURCE: process.env.GCPOIDC_AUDIENCE }; - } - client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI, options); - collection = client.db('test').collection('test'); - }); - - it('successfully authenticates', async function () { - const result = await collection.findOne(); - expect(result).to.not.be.null; - }); - }); - - describe('6.2 GCP With Invalid Token Resource', function () { - beforeEach(function () { - const options: MongoClientOptions = { authMechanismProperties: { TOKEN_RESOURCE: 'bad' } }; - client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI, options); - collection = client.db('test').collection('test'); - }); - - it('successfully authenticates', async function () { - const result = await collection.findOne(); - expect(result).to.not.be.null; - }); - }); - }); -}); diff --git a/test/integration/auth/mongodb_oidc_k8s.prose.07.test.ts b/test/integration/auth/mongodb_oidc_k8s.prose.07.test.ts deleted file mode 100644 index a46a068a399..00000000000 --- a/test/integration/auth/mongodb_oidc_k8s.prose.07.test.ts +++ /dev/null @@ -1,39 +0,0 @@ -import { expect } from 'chai'; -import * as process from 'process'; - -import { type Collection, MongoClient } from '../../../src'; - -const DEFAULT_URI = 'mongodb://127.0.0.1:27017'; - -describe('OIDC Auth Spec K8s Tests', function () { - // Note there is no spec or tests for K8s, and it's optional to run the entire - // machine prose tests on the additional environments so we do 1 sanity check - // here. This same test will run in CI on AKS, EKS, and GKE. - describe('7. K8s Tests', function () { - let client: MongoClient; - let collection: Collection; - - beforeEach(function () { - if (!this.configuration.isOIDC(process.env.MONGODB_URI_SINGLE, 'k8s')) { - this.skipReason = 'K8s OIDC prose tests require a K8s OIDC environment.'; - this.skip(); - } - }); - - afterEach(async function () { - await client?.close(); - }); - - describe('7.1 K8s With Environment Set', function () { - beforeEach(function () { - client = new MongoClient(process.env.MONGODB_URI_SINGLE ?? DEFAULT_URI); - collection = client.db('test').collection('test'); - }); - - it('successfully authenticates', async function () { - const result = await collection.findOne(); - expect(result).to.not.be.null; - }); - }); - }); -});