DRIVERS-2672 Recommend OIDC_TOKEN_FILE for the env variable name (mon…

…godb-labs#416) * DRIVERS-2672 Recommend OIDC_TOKEN_FILE for the env variable name * Change TOKEN_AUDIENCE to TOKEN_RESOURCE
blink1073 · Mar 18, 2024 · 6cd2702 · 6cd2702
1 parent 0014294
commit 6cd2702
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/.evergreen/auth_oidc/README.md b/.evergreen/auth_oidc/README.md
@@ -33,7 +33,7 @@ Use the `oidc_get_tokens.sh` script to create a set of OIDC tokens in a temporar
 
 ```bash
 source ./oidc_get_tokens.sh
-AWS_WEB_IDENTITY_TOKEN_FILE="$OIDC_TOKEN_DIR/test_user1" /my/test/command
+OIDC_TOKEN_FILE="$OIDC_TOKEN_DIR/test_user1" /my/test/command
 ```
 
 ## Local Server Testing
@@ -69,7 +69,7 @@ You can then run mongo orchestration with `TOPOLOGY=replicaset` and `ORCHESTRATI
 
 To set up the server auth roles, run `mongosh setup_oidc.js`.
 
-Then, tests can be run against the server.  Set `AWS_WEB_IDENTITY_TOKEN_FILE` to either `$OIDC_TOKEN_DIR/test_user1` or `$OIDC_TOKEN_DIR/test_user2` as desired.
+Then, tests can be run against the server.  Set `OIDC_TOKEN_FILE` to either `$OIDC_TOKEN_DIR/test_user1` or `$OIDC_TOKEN_DIR/test_user2` as desired.
 
 The token in `$OIDC_TOKEN_DIR/test_user1_expires` can be used to test expired credentials.
 

diff --git a/.evergreen/auth_oidc/azure/README.md b/.evergreen/auth_oidc/azure/README.md
@@ -54,12 +54,12 @@ export AZUREOIDC_TEST_CMD="source ./env.sh && OIDC_PROVIDER_NAME=azure ./.evergr
 bash $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/run-driver-test.sh
 ```
 
-In your tests, you can use the environment variables in `env.sh` to define the `username` and `TOKEN_AUDIENCE`
+In your tests, you can use the environment variables in `env.sh` to define the `username` and `TOKEN_RESOURCE`
 auth mechanism property, e.g.
 
 ```python
 username=os.environ["AZUREOIDC_USERNAME"]
-TOKEN_AUDIENCE=os.environ["AZUREOIDC_AUDIENCE"]
+TOKEN_RESOURCE=os.environ["AZUREOIDC_RESOURCE"]
 ```
 
 Finally, we tear down the vm:
@@ -103,7 +103,7 @@ Below is an explananion of the environment variables stored in the Azure key vau
 - AZUREOIDC_AUTHPREFIX - The auth prefix used for DB user and role names.
 - AZUREOIDC_AUTHCLAIM - The object ID of the Azure Group, used in the DB role name.
 - AZUREOIDC_USERNAME - The Object (principal) ID of the Azure Manager Identity, used for the `username`.
-- AZUREOIDC_AUDIENCE - The escaped Application ID URI to use in the `TOKEN_AUDIENCE` auth mechanism property.
+- AZUREOIDC_RESOURCE - The escaped Application ID URI to use in the `TOKEN_RESOURCE` auth mechanism property.
 - AZUREOIDC_CLIENTID - The client ID of the Azure App registration, used to generate the unescaped Application ID URI.
 - AZUREOIDC_TENANTID - The tenant ID of the Azure App registration, used to derive the `issuer` URI.
 - AZUREKMS_IDENTITY - A space separated string with the Resource ID of the managed identity (`/subscriptions/...`).  Used to assign the identity to the VM.

diff --git a/.evergreen/auth_oidc/azure/handle_secrets.py b/.evergreen/auth_oidc/azure/handle_secrets.py
@@ -41,7 +41,7 @@ def main():
         fid.write(f'export AZUREOIDC_AUTHPREFIX={secrets["AUTHPREFIX"]}\n')
         fid.write(f'export AZUREKMS_IDENTITY="{secrets["IDENTITY"]}"\n')
         fid.write(f'export AZUREOIDC_USERNAME="{secrets["USERNAME"]}"\n')
-        fid.write(f'export AZUREOIDC_AUDIENCE="{secrets["AUDIENCE"]}"\n')
+        fid.write(f'export AZUREOIDC_RESOURCE="{secrets["AUDIENCE"]}"\n')
 
     if os.path.exists(private_key_file):
         os.remove(private_key_file)