DRIVERS-2672 Add OIDC machine workflow spec. (#1471)

--------- Co-authored-by: Steven Silvester <[email protected]> Co-authored-by: Anna Henningsen <[email protected]> Co-authored-by: Durran Jordan <[email protected]> Co-authored-by: Jeff Yemin <[email protected]>
mongodb · Jan 31, 2024 · a288630 · a288630
1 parent f2e4cf1
commit a288630
Show file tree

Hide file tree

Showing 17 changed files with 2,989 additions and 1,338 deletions.
diff --git a/source/auth/auth.rst b/source/auth/auth.rst
diff --git a/source/auth/tests/README.rst b/source/auth/tests/README.rst
@@ -2,17 +2,25 @@
 Auth Tests
 ==========
 
-The YAML and JSON files in this directory tree are platform-independent tests
-that drivers can use to prove their conformance to the Auth Spec at least with
-respect to connection string URI input.
+Introduction
+============
+
+This document describes the format of the driver spec tests included in the
+JSON and YAML files included in the ``legacy`` sub-directory. Tests in the
+``unified`` directory are written using the `Unified Test Format
+<../../unified-test-format/unified-test-format.rst>`_.
+
+The YAML and JSON files in the ``legacy`` directory tree are
+platform-independent tests that drivers can use to prove their conformance to
+the Auth Spec at least with respect to connection string URI input.
 
 Drivers should do additional unit testing if there are alternate ways of
 configuring credentials on a client.
 
 Driver must also conduct the prose tests in the Auth Spec test plan section.
 
 Format
-------
+======
 
 Each YAML file contains an object with a single ``tests`` key. This key is an
 array of test case objects, each of which have the following keys:

diff --git a/source/auth/tests/legacy/connection-string.json b/source/auth/tests/legacy/connection-string.json
diff --git a/source/auth/tests/legacy/connection-string.yml b/source/auth/tests/legacy/connection-string.yml
@@ -350,58 +350,7 @@ tests:
     mechanism: MONGODB-AWS
     mechanism_properties:
       AWS_SESSION_TOKEN: token!@#$%^&*()_+
-- description: should recognise the mechanism and request callback (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC
-  callback:
-  - oidcRequest
-  valid: true
-  credential:
-    username:
-    password:
-    source: "$external"
-    mechanism: MONGODB-OIDC
-    mechanism_properties:
-      REQUEST_TOKEN_CALLBACK: true
-- description: should recognise the mechanism when auth source is explicitly specified
-    and with request callback (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external
-  callback:
-  - oidcRequest
-  valid: true
-  credential:
-    username:
-    password:
-    source: "$external"
-    mechanism: MONGODB-OIDC
-    mechanism_properties:
-      REQUEST_TOKEN_CALLBACK: true
-- description: should recognise the mechanism with request and refresh callback (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC
-  callback:
-  - oidcRequest
-  - oidcRefresh
-  valid: true
-  credential:
-    username:
-    password:
-    source: "$external"
-    mechanism: MONGODB-OIDC
-    mechanism_properties:
-      REQUEST_TOKEN_CALLBACK: true
-      REFRESH_TOKEN_CALLBACK: true
-- description: should recognise the mechanism and username with request callback (MONGODB-OIDC)
-  uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC
-  callback:
-  - oidcRequest
-  valid: true
-  credential:
-    username: principalName
-    password:
-    source: "$external"
-    mechanism: MONGODB-OIDC
-    mechanism_properties:
-      REQUEST_TOKEN_CALLBACK: true
-- description: should recognise the mechanism with aws device (MONGODB-OIDC)
+- description: should recognise the mechanism with aws provider (MONGODB-OIDC)
   uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:aws
   valid: true
   credential:
@@ -411,8 +360,7 @@ tests:
     mechanism: MONGODB-OIDC
     mechanism_properties:
       PROVIDER_NAME: aws
-- description: should recognise the mechanism when auth source is explicitly specified
-    and with aws device (MONGODB-OIDC)
+- description: should recognise the mechanism when auth source is explicitly specified and with provider (MONGODB-OIDC)
   uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external&authMechanismProperties=PROVIDER_NAME:aws
   valid: true
   credential:
@@ -422,35 +370,23 @@ tests:
     mechanism: MONGODB-OIDC
     mechanism_properties:
       PROVIDER_NAME: aws
-- description: should throw an exception if username and password are specified (MONGODB-OIDC)
-  uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC
-  callback:
-  - oidcRequest
-  valid: false
-  credential:
-- description: should throw an exception if username and deviceName are specified
-    (MONGODB-OIDC)
-  uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&PROVIDER_NAME:gcp
+- description: should throw an exception if supplied a password (MONGODB-OIDC)
+  uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:aws
   valid: false
   credential:
-- description: should throw an exception if specified deviceName is not supported
-    (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:unexisted
+- description: should throw an exception if username is specified for aws (MONGODB-OIDC)
+  uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&PROVIDER_NAME:aws
   valid: false
   credential:
-- description: should throw an exception if neither deviceName nor callbacks specified
-    (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC
+- description: should throw an exception if specified provider is not supported (MONGODB-OIDC)
+  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:invalid
   valid: false
   credential:
-- description: should throw an exception when only refresh callback is specified (MONGODB-OIDC)
+- description: should throw an exception if neither provider nor callbacks specified (MONGODB-OIDC)
   uri: mongodb://localhost/?authMechanism=MONGODB-OIDC
-  callback:
-  - oidcRefresh
   valid: false
   credential:
-- description: should throw an exception when unsupported auth property is specified
-    (MONGODB-OIDC)
+- description: should throw an exception when unsupported auth property is specified (MONGODB-OIDC)
   uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=UnsupportedProperty:unexisted
   valid: false
   credential: