diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 3f3bebcd08..06ae6df5a6 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -548,6 +548,38 @@ jobs: ACCTEST_REGEX_RUN: '^TestAccServiceAccount' ACCTEST_PACKAGES: ./internal/provider run: make testacc + - name: Generate OAuth2 Token + id: generate-token + shell: bash + env: + MONGODB_ATLAS_BASE_URL: ${{ inputs.mongodb_atlas_base_url }} + MONGODB_ATLAS_CLIENT_ID: ${{ secrets.mongodb_atlas_client_id }} + MONGODB_ATLAS_CLIENT_SECRET: ${{ secrets.mongodb_atlas_client_secret }} + run: | + if ! ACCESS_TOKEN=$(make generate-oauth2-token); then + echo "Error: Failed to generate access token" + exit 1 + fi + if [ -z "$ACCESS_TOKEN" ]; then + echo "Error: Generated access token is empty" + exit 1 + fi + { + echo "access_token<> "$GITHUB_OUTPUT" + - name: Acceptance Tests (Access Token) + env: + MONGODB_ATLAS_PUBLIC_KEY: "" + MONGODB_ATLAS_PRIVATE_KEY: "" + MONGODB_ATLAS_CLIENT_ID: "" + MONGODB_ATLAS_CLIENT_SECRET: "" + MONGODB_ATLAS_ACCESS_TOKEN: ${{ steps.generate-token.outputs.access_token }} + MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }} + ACCTEST_REGEX_RUN: '^TestAccAccessToken' + ACCTEST_PACKAGES: ./internal/provider + run: make testacc - name: Acceptance Tests (Service Account smoke tests) # small selection of fast tests to run with SA env: MONGODB_ATLAS_PUBLIC_KEY: "" diff --git a/Makefile b/Makefile index baad669d54..6d3b27aeae 100644 --- a/Makefile +++ b/Makefile @@ -201,6 +201,10 @@ check-changelog-entry-file: ## Check a changelog entry file in a PR jira-release-version: ## Update Jira version in a release go run ./tools/jira-release-version/*.go +.PHONY: generate-oauth2-token +generate-oauth2-token: ## Generate OAuth2 access token from Service Account credentials + @go run ./tools/generate-oauth2-token/*.go + .PHONY: enable-autogen enable-autogen: ## Enable use of autogen resources in the provider $(eval filename := ./internal/provider/provider.go) diff --git a/internal/provider/provider_authentication_test.go b/internal/provider/provider_authentication_test.go index d1b0cfc90e..202d8a1baa 100644 --- a/internal/provider/provider_authentication_test.go +++ b/internal/provider/provider_authentication_test.go @@ -63,7 +63,6 @@ func TestAccServiceAccount_basic(t *testing.T) { } func TestAccAccessToken_basic(t *testing.T) { - acc.SkipTestForCI(t) // access token has a validity period of 1 hour, so it cannot be used in CI reliably acc.SkipInPAK(t, "skipping as this test is for Token credentials only") acc.SkipInSA(t, "skipping as this test is for Token credentials only") var ( diff --git a/tools/generate-oauth2-token/main.go b/tools/generate-oauth2-token/main.go new file mode 100644 index 0000000000..6410b23a97 --- /dev/null +++ b/tools/generate-oauth2-token/main.go @@ -0,0 +1,28 @@ +package main + +import ( + "context" + "fmt" + "os" + "strings" + + "github.com/mongodb/atlas-sdk-go/auth/clientcredentials" +) + +func main() { + baseURL := strings.TrimRight(os.Getenv("MONGODB_ATLAS_BASE_URL"), "/") + clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID") + clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET") + if baseURL == "" || clientID == "" || clientSecret == "" { + fmt.Fprintln(os.Stderr, "Error: MONGODB_ATLAS_BASE_URL, MONGODB_ATLAS_CLIENT_ID, and MONGODB_ATLAS_CLIENT_SECRET environment variables are required") + os.Exit(1) + } + conf := clientcredentials.NewConfig(clientID, clientSecret) + conf.TokenURL = baseURL + clientcredentials.TokenAPIPath + token, err := conf.Token(context.Background()) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate OAuth2 token: %v\n", err) + os.Exit(1) + } + fmt.Print(token.AccessToken) +}