forked from mongodb/mongo-tools-common
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaws_e2e_assume_role.js
More file actions
65 lines (50 loc) · 1.65 KB
/
aws_e2e_assume_role.js
File metadata and controls
65 lines (50 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
/**
* Verify the AWS IAM Auth works with temporary credentials from sts:AssumeRole
*/
load("lib/aws_e2e_lib.js");
(function() {
"use strict";
const ASSUMED_ROLE = "arn:aws:sts::557821124784:assumed-role/authtest_user_assume_role/*";
function getAssumeCredentials() {
const config = readSetupJson();
const env = {
AWS_ACCESS_KEY_ID: config["iam_auth_assume_aws_account"],
AWS_SECRET_ACCESS_KEY: config["iam_auth_assume_aws_secret_access_key"],
};
const role_name = config["iam_auth_assume_role_name"];
const python_command = getPython3Binary() +
` -u lib/aws_assume_role.py --role_name=${role_name} > creds.json`;
const ret = runShellCmdWithEnv(python_command, env);
assert.eq(ret, 0, "Failed to assume role on the current machine");
const result = cat("creds.json");
try {
return JSON.parse(result);
} catch (e) {
jsTestLog("Failed to parse: " + result);
throw e;
}
}
const credentials = getAssumeCredentials();
// Connect to the mongod that's currently running on port 33333
const mongo = Mongo("localhost:33333");
const adminDB = mongo.getDB("admin");
adminDB.createUser({
user: "bob",
pwd: "pwd123",
roles: ['__system'],
});
assert(adminDB.auth("bob", "pwd123"));
const externalDB = mongo.getDB("$external");
assert.commandWorked(externalDB.runCommand({
createUser: ASSUMED_ROLE,
roles:[
{role: 'read', db: "aws_test_db"},
]
}));
assert(externalDB.auth({
user: credentials["AccessKeyId"],
pwd: credentials["SecretAccessKey"],
awsIamSessionToken: credentials["SessionToken"],
mechanism: 'MONGODB-AWS'
}));
}());