Documentation Improvements (mongodb-labs#420)

* Clean up docs * fix docker cleanup * Update .evergreen/secrets_handling/README.md Co-authored-by: Noah Stapp <[email protected]> --------- Co-authored-by: Noah Stapp <[email protected]>
blink1073 · Mar 25, 2024 · 836be37 · 836be37
1 parent f42e8dc
commit 836be37
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 69 deletions.
diff --git a/.evergreen/auth_oidc/azure/README.md b/.evergreen/auth_oidc/azure/README.md
@@ -72,6 +72,10 @@ An example task group would look like:
 
 ```yaml
 - name: testazureoidc_task_group
+  setup_group_can_fail_task: true
+  setup_group_timeout_secs: 1800
+  teardown_group_can_fail_task: true
+  teardown_group_timeout_secs: 1800
   setup_group:
     - func: fetch source
     - func: other setup function
@@ -82,16 +86,14 @@ An example task group would look like:
         set -o errexit
         ${PREPARE_SHELL}
         export AZUREOIDC_VMNAME_PREFIX="PYTHON_DRIVER"
-        $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
+        $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/setup.sh
   teardown_task:
-    - command: shell.exec
+    - command: subprocess.exec
       params:
-        shell: bash
-        script: |-
-        ${PREPARE_SHELL}
-        $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
-  setup_group_can_fail_task: true
-  setup_group_timeout_secs: 1800
+        binary: bash
+        args:
+          - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/azure/teardown.sh
+    - func: other teardown function
   tasks:
     - oidc-auth-test-azure-latest
 ```

diff --git a/.evergreen/auth_oidc/gcp/README.md b/.evergreen/auth_oidc/gcp/README.md
@@ -11,7 +11,7 @@ They build on top of the scripts used in `csfle/gcpkms`.
 
 See [Secrets Handling](../secrets_handling/README.md) for details on how the script accesses the `drivers/gcpoidc` vault.
 
-See the "Overview of GCP Infrastructure" section of the GCP OIDC Configuration [wiki](https://wiki.corp.mongodb.com/display/KERNEL/external_auth_oidc_gcp+Evergreen+Test+Suite) for more information about the GCP integration.
+See the "GCP IMDS" section OIDC Configuration [wiki](https://wiki.corp.mongodb.com/display/ENG/OIDC+Configuration#OIDCConfiguration-GCPIMDS) for more information about the GCP integration.
 
 ## Usage
 
@@ -56,27 +56,29 @@ $DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/delete-instance.sh
 An example task group would look like:
 
 ```yaml
-- name: testgcpeoidc_task_group
+- name: testgcpoidc_task_group
+  setup_group_can_fail_task: true
+  setup_group_timeout_secs: 1800
+  teardown_group_can_fail_task: true
+  teardown_group_timeout_secs: 1800
   setup_group:
     - func: fetch source
     - func: other setup function
     - command: shell.exec
     params:
         shell: bash
         script: |-
-        set -o errexit
-        ${PREPARE_SHELL}
-        export GCPOIDC_VMNAME_PREFIX="PYTHON_DRIVER"
-        $DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/create-and-setup-instance.sh
-  teardown_task:
-    - command: shell.exec
+          set -o errexit
+          ${PREPARE_SHELL}
+          export GCPOIDC_VMNAME_PREFIX="PYTHON_DRIVER"
+          $DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/setup.sh
+  teardown_group:
+    - command: subprocess.exec
       params:
-        shell: bash
-        script: |-
-        ${PREPARE_SHELL}
-        $DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/delete-instance.sh
-  setup_group_can_fail_task: true
-  setup_group_timeout_secs: 1800
+        binary: bash
+        args:
+          - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/gcp/teardown.sh
+    - func: other teardown function
   tasks:
     - oidc-auth-test-gcp-latest
 ```

diff --git a/.evergreen/csfle/azurekms/README.md b/.evergreen/csfle/azurekms/README.md
@@ -32,26 +32,27 @@ Your Evergreen config should look something like:
 
 ```yaml
 - name: testazurekms_task_group
-setup_group:
+  setup_group_can_fail_task: true
+  setup_group_timeout_secs: 1800
+  teardown_group_can_fail_task: true
+  teardown_group_timeout_secs: 1800
+  setup_group:
     - func: fetch source
     - func: prepare resources
     - command: subprocess.exec
       params:
         binary: bash
         args:
-          - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/create-and-setup-vm.sh
-teardown_group:
+          - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/setup.sh
+  teardown_group:
     - command: subprocess.exec
       params:
         binary: bash
         args:
-          - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/delete-vm.sh
+          - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/teardown.sh
     - func: "upload test results"
-setup_group_can_fail_task: true
-teardown_group_can_fail_task: true
-setup_group_timeout_secs: 1800
-tasks:
-- testazurekms-task
+  tasks:
+  - testazurekms-task
 ```
 
 And your task should include a script that does something like:

diff --git a/.evergreen/csfle/gcpkms/README.md b/.evergreen/csfle/gcpkms/README.md
@@ -17,26 +17,27 @@ from the `drivers/gcpkms` vault.
 
 ```yaml
 - name: testgcpkms_task_group
-setup_group:
-    - func: fetch source
-    - func: prepare resources
-    - command: subprocess.exec
-      params:
-        binary: bash
-        args:
-          - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/create-and-setup-instance.sh
-teardown_group:
-    - command: subprocess.exec
-      params:
-        binary: bash
-        args:
-          - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/delete-instance.sh
-    - func: "upload test results"
-setup_group_can_fail_task: true
-teardown_group_can_fail_task: true
-setup_group_timeout_secs: 1800
-tasks:
-- testgcpkms-task
+  setup_group_can_fail_task: true
+  setup_group_timeout_secs: 1800
+  teardown_group_can_fail_task: true
+  teardown_group_timeout_secs: 1800
+  setup_group:
+      - func: fetch source
+      - func: prepare resources
+      - command: subprocess.exec
+        params:
+          binary: bash
+          args:
+            - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/setup.sh
+  teardown_group:
+      - command: subprocess.exec
+        params:
+          binary: bash
+          args:
+            - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/teardown.sh
+      - func: "upload test results"
+  tasks:
+  - testgcpkms-task
 ```
 
 And your task should include a script that does something like:

diff --git a/.evergreen/docker/run-server.sh b/.evergreen/docker/run-server.sh
@@ -22,7 +22,7 @@ pushd $DRIVERS_TOOLS
 
 # Remove existing mongodb and orchestration files
 rm -rf $SCRIPT_DIR/$IMAGE/mongodb
-rm -f $SCRIPT_DIR/$IMAGE/orchestration
+rm -rf $SCRIPT_DIR/$IMAGE/orchestration
 
 # Handle environment variables.
 AUTH=${AUTH:-noauth}

diff --git a/.evergreen/secrets_handling/README.md b/.evergreen/secrets_handling/README.md
@@ -1,6 +1,7 @@
 # Secrets Handling
 
-This folder has a script that can be used to access the drivers [AWS Vaults](https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets).
+This folder has a script that can be used to access the drivers AWS Vaults, see
+[Using AWS Secrets Manager to Store Testing Secrets wiki](https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets) for more information.
 
 Many of the sibling folders like `csfle` have their own `setup-secrets.sh` script that should be used
 to ensure the proper secrets are written to that folder for local usage.
@@ -13,20 +14,20 @@ The `setup-secrets.sh` script in this folder can be used for other vaults such a
 
 | Vault                     | Usage |
 | -----                     | ------|
-| drivers/adl               | Used in `../atlas_data_lake` for Atlas Data Lake testing. |
-| drivers/atlas             | Used in `../atlas` to launch an atlas cluster. |
+| drivers/adl               | Used in [`atlas_data_lake`](../atlas_data_lake/README.md) for Atlas Data Lake testing. |
+| drivers/atlas             | Used in [`atlas`](../atlas/README.md) to launch an atlas cluster. |
 | drivers/atlas_connect     | Has the URIs used in the Atlas Connect Drivers tests. |
-| drivers/aws_auth          | Used in `../auth_aws`  for AWS Auth testing. |
-| drives/azurekms           | Used in `../csfle/azurekms` for Azure KMS testing. |
-| drivers/azure_oidc        | Used in `../auth_oidc/azure` for OIDC Testing on Azure. |
-| drivers/comment-bot       | Used in `../github_app` for the DBX Comment bot. |
-| drivers/csfle             | Used in `../csfle` for encryption related tests. |
+| drivers/aws_auth          | Used in [`auth_aws`](../auth_aws/README.md)  for AWS Auth testing. |
+| drives/azurekms           | Used in [`csfle/azurekms`](../csfle/azurekms/README.md) for Azure KMS testing. |
+| drivers/azure_oidc        | Used in [`auth_oidc/azure`](../auth_oidc/azure/README.md) for OIDC Testing on Azure. |
+| drivers/comment-bot       | Used in [`github_app`](../github_app/README.md) for the DBX Comment bot. |
+| drivers/csfle             | Used in [`cslfe`](../csfle/README.md) for encryption related tests. |
 | drivers/enterprise_auth   | Has the creds needed for Enterprise Auth testing. |
-| drivers/gcpkms            | Used in `../csfle/gcpkms` for GCP KMS testing. |
-| drivers/gcpoidc           | Used in `../auth_oidc/gcp` for OIDC Testing on GCP. |
-| drivers/oidc              | Used in `../oidc` for OIDC Auth testing. |
-| drivers/serverless        | Used in `../serverless` for serverless testing. |
-| drivers/serverless_next   | Used in `../serverless` for serverless proxy testing. |
+| drivers/gcpkms            | Used in [`cslfe/gcpkms`](../csfle/gcpkms/README.md) for GCP KMS testing. |
+| drivers/gcpoidc           | Used in [`auth_oidc/gcp`](../auth_oidc/gcp/README.md) for OIDC Testing on GCP. |
+| drivers/oidc              | Used in [`oidc`](../oidc/README.md) for OIDC Auth testing. |
+| drivers/serverless        | Used in [`serverless`](../serverless/README.md) for serverless testing. |
+| drivers/serverless_next   | Used in [`serverless`](../serverless/README.md) for serverless proxy testing. |
 
 ## Evergreen Secrets Handling
 

diff --git a/.evergreen/serverless/README.md b/.evergreen/serverless/README.md
@@ -38,8 +38,10 @@ is `serverless` or `serverless_next`:
 
 ```yaml
   - name: serverless_task_group
-    setup_group_can_fail_task: true
-    setup_group_timeout_secs: 1800 # 30 minutes
+  setup_group_can_fail_task: true
+  setup_group_timeout_secs: 1800
+  teardown_group_can_fail_task: true
+  teardown_group_timeout_secs: 1800
     setup_group:
       - func: "fetch source"
       - func: "prepare resources"
@@ -49,13 +51,13 @@ is `serverless` or `serverless_next`:
           env:
             VAULT_NAME: ${VAULT_NAME}
           args: |
-            - ${DRIVERS_TOOLS}/.evergreen/serverless/create-instance.sh
+            - ${DRIVERS_TOOLS}/.evergreen/serverless/setup.sh
     teardown_task:
       - command: subprocess.exec
         params:
           binary: bash
           args: |
-            - ${DRIVERS_TOOLS}/.evergreen/serverless/delete-instance.sh
+            - ${DRIVERS_TOOLS}/.evergreen/serverless/teardown.sh
       - func: "upload test results"
     tasks:
       - ".serverless"

diff --git a/README.md b/README.md
@@ -121,6 +121,12 @@ Subfolders that have setup and teardown requirements are encouraged to also prov
 NOTE: The subfolder setup/teardown scripts requires users to have configured
 support for [Secrets Handling](./.evergreen/secrets_handling/README.md).
 
+
+## Secrets Handling
+
+See the Secrets Handling [readme](./.evergreen/secrets_handling/README.md) for more information on how secrets are managed
+locally and on on Evergreen.
+
 ## evergreen_config_generator
 
 This repo also contains a Python package for use in scripts that generate