Use secrets manager to read serverless credentials #1237
Conversation
| bash ${DRIVERS_TOOLS}/.evergreen/serverless/create-instance.sh | ||
| binary: bash | ||
| args: | ||
| - ${DRIVERS_TOOLS}/.evergreen/serverless/create-instance.sh |
There was a problem hiding this comment.
setup-secrets is now automatically called in create-instance
| export PATH="${PHP_PATH}/bin:$PATH" | ||
|
|
||
| . ${DRIVERS_TOOLS}/.evergreen/serverless/secrets-export.sh |
There was a problem hiding this comment.
This file is created by setup-secrets and contains the secrets needed to run tests
| export MONGODB_USERNAME=$SERVERLESS_ATLAS_USER | ||
| export MONGODB_PASSWORD=$SERVERLESS_ATLAS_PASSWORD |
There was a problem hiding this comment.
FYI, it took me too long to remember that $FOO refers to an environment variable named FOO, whereas ${FOO} refers to an evergreen expansion named FOO 🤦♂️
.evergreen/config/functions.yml
Outdated
| @@ -274,12 +274,15 @@ functions: | |||
| export KMS_TLS_CA_FILE="${client_side_encryption_kms_tls_ca_file}" | |||
| export KMS_TLS_CERTIFICATE_KEY_FILE="${client_side_encryption_kms_tls_certificate_key_file}" | |||
| export MONGODB_IS_SERVERLESS=on | |||
| export MONGODB_USERNAME=${SERVERLESS_ATLAS_USER} | |||
| export MONGODB_PASSWORD=${SERVERLESS_ATLAS_PASSWORD} | |||
| export MONGODB_URI="${SERVERLESS_URI}" | |||
There was a problem hiding this comment.
Why was this moved to an export instead of a direct env var for calling run-tests.sh?
There was a problem hiding this comment.
No particular reason TBH, I was moving some stuff around in the process which may have stuck.
|
Just reconfigured the patch build to include both serverless tasks: https://spruce.mongodb.com/version/65de3efcc9ec44736b863734/tasks |
alcaeus
force-pushed
the
fix-serverless-credentials
branch
from
8d7c739 to
b0b64e4
Compare
|
Rebased on v1.17 and re-scheduled the two serverless tasks in the PR patch. |
There was a problem hiding this comment.
My question in #1237 (comment) is outstanding but I won't argue with the build status.
|
evergreen keep-definitions |
* v1.17: Use secrets manager to read serverless credentials (#1237)
This fixes the serverless build after the credentials were rotated.
Note: the change to use subprocess.exec instead of shell.exec is not related to the original issue, but it's recommended by the evergreen team.