feat(NODE-5464): OIDC machine and callback workflow (#3912)

Co-authored-by: Bailey Pearson <[email protected]>

Author: durran

Diff for: .evergreen/config.in.yml

@@ -123,58 +123,6 @@ functions:
         env:
           DRIVERS_TOOLS: ${DRIVERS_TOOLS}
 
-  "bootstrap oidc":
-    - command: ec2.assume_role
-      params:
-        role_arn: ${OIDC_AWS_ROLE_ARN}
-    - command: shell.exec
-      type: test
-      params:
-        working_dir: "src"
-        shell: bash
-        script: |
-          ${PREPARE_SHELL}
-          cd "${DRIVERS_TOOLS}"/.evergreen/auth_oidc
-
-          # This is a bit confusing but the ec2.assume_role command before
-          # this task will overwrite these variables to a different value
-          # than we have set in our evergreen project config. As these are
-          # now specific to the OIDC ARN, we re-export for the python
-          # scripts.
-          export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-          export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-          export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
-          export OIDC_TOKEN_DIR=/tmp/tokens
-
-          . ./activate-authoidcvenv.sh
-          python oidc_write_orchestration.py
-          python oidc_get_tokens.py
-
-  "setup oidc roles":
-    - command: subprocess.exec
-      params:
-        working_dir: src
-        binary: bash
-        args:
-          - .evergreen/setup-oidc-roles.sh
-        env:
-          DRIVERS_TOOLS: ${DRIVERS_TOOLS}
-
-  "run oidc tests aws":
-    - command: shell.exec
-      type: test
-      params:
-        working_dir: "src"
-        timeout_secs: 300
-        shell: bash
-        script: |
-          ${PREPARE_SHELL}
-
-          OIDC_TOKEN_DIR="/tmp/tokens" \
-          AWS_WEB_IDENTITY_TOKEN_FILE="/tmp/tokens/test_user1" \
-          PROJECT_DIRECTORY="${PROJECT_DIRECTORY}" \
-            bash ${PROJECT_DIRECTORY}/.evergreen/run-oidc-tests.sh
-
   "run tests":
     - command: shell.exec
       type: test
@@ -1260,23 +1208,75 @@ tasks:
 
   - name: "oidc-auth-test-azure-latest"
     commands:
-      - command: expansions.update
-        type: setup
-        params:
-          updates:
-            - { key: NPM_VERSION, value: "9" }
       - func: "install dependencies"
       - command: subprocess.exec
+        type: test
         params:
           working_dir: src
           binary: bash
           env:
             DRIVERS_TOOLS: ${DRIVERS_TOOLS}
             PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
-            AZUREOIDC_CLIENTID: ${testazureoidc_clientid}
-            PROVIDER_NAME: azure
+            ENVIRONMENT: azure
+            SCRIPT: run-oidc-prose-tests.sh
           args:
             - .evergreen/run-oidc-tests-azure.sh
+      - command: subprocess.exec
+        type: test
+        params:
+          working_dir: src
+          binary: bash
+          env:
+            DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+            PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+            ENVIRONMENT: azure
+            SCRIPT: run-oidc-unified-tests.sh
+          args:
+            - .evergreen/run-oidc-tests-azure.sh
+
+  - name: "oidc-auth-test-test-latest"
+    commands:
+      - func: "install dependencies"
+      - command: subprocess.exec
+        type: test
+        params:
+          working_dir: src
+          binary: bash
+          env:
+            DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+            PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+            ENVIRONMENT: test
+            SCRIPT: run-oidc-prose-tests.sh
+          args:
+            - .evergreen/run-oidc-tests-test.sh
+      - command: subprocess.exec
+        type: test
+        params:
+          working_dir: src
+          binary: bash
+          env:
+            DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+            PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+            ENVIRONMENT: test
+            SCRIPT: run-oidc-unified-tests.sh
+          args:
+            - .evergreen/run-oidc-tests-test.sh
+
+  - name: "oidc-auth-test-gcp-latest"
+    commands:
+      - func: "install dependencies"
+      - command: subprocess.exec
+        type: test
+        params:
+          working_dir: src
+          binary: bash
+          env:
+            DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+            PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+            ENVIRONMENT: gcp
+            SCRIPT: run-oidc-prose-tests.sh
+          args:
+            - .evergreen/run-oidc-tests-gcp.sh
 
   - name: "test-aws-lambda-deployed"
     commands:
@@ -1428,6 +1428,25 @@ task_groups:
     tasks:
       - test-azurekms-task
 
+  - name: testtestoidc_task_group
+    setup_group:
+      - func: fetch source
+      - command: ec2.assume_role
+        params:
+          role_arn: ${OIDC_AWS_ROLE_ARN}
+      - command: subprocess.exec
+        params:
+          binary: bash
+          include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
+          env:
+            MONGODB_VERSION: "8.0"
+          args:
+          - ${DRIVERS_TOOLS}/.evergreen/auth_oidc/setup.sh
+    setup_group_can_fail_task: true
+    setup_group_timeout_secs: 1800
+    tasks:
+      - oidc-auth-test-test-latest
+
   - name: testazureoidc_task_group
     setup_group:
       - func: fetch source
@@ -1437,25 +1456,43 @@ task_groups:
           script: |-
             set -o errexit
             ${PREPARE_SHELL}
-            export AZUREOIDC_CLIENTID="${testazureoidc_clientid}"
-            export AZUREOIDC_TENANTID="${testazureoic_tenantid}"
-            export AZUREOIDC_SECRET="${testazureoidc_secret}"
-            export AZUREOIDC_KEYVAULT=${testazureoidc_keyvault}
-            export AZUREOIDC_DRIVERS_TOOLS="$DRIVERS_TOOLS"
             export AZUREOIDC_VMNAME_PREFIX="NODE_DRIVER"
-            $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/create-and-setup-vm.sh
-    teardown_group:
+            $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/setup.sh
+    teardown_task:
       - command: shell.exec
         params:
           shell: bash
           script: |-
             ${PREPARE_SHELL}
-            $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/delete-vm.sh
+            $DRIVERS_TOOLS/.evergreen/auth_oidc/azure/teardown.sh
     setup_group_can_fail_task: true
     setup_group_timeout_secs: 1800
     tasks:
       - oidc-auth-test-azure-latest
 
+  - name: testgcpoidc_task_group
+    setup_group:
+      - func: fetch source
+      - command: shell.exec
+        params:
+          shell: bash
+          script: |-
+            set -o errexit
+            ${PREPARE_SHELL}
+            export GCPOIDC_VMNAME_PREFIX="NODE_DRIVER"
+            $DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/setup.sh
+    teardown_task:
+      - command: shell.exec
+        params:
+          shell: bash
+          script: |-
+            ${PREPARE_SHELL}
+            $DRIVERS_TOOLS/.evergreen/auth_oidc/gcp/teardown.sh
+    setup_group_can_fail_task: true
+    setup_group_timeout_secs: 1800
+    tasks:
+      - oidc-auth-test-gcp-latest
+
   - name: test_atlas_task_group
     setup_group:
       - func: fetch source
@@ -1471,7 +1508,7 @@ task_groups:
       - command: expansions.update
         params:
           file: src/atlas-expansion.yml
-    teardown_group:
+    teardown_task:
       - command: subprocess.exec
         params:
           working_dir: src
@@ -1499,7 +1536,7 @@ task_groups:
       - command: expansions.update
         params:
           file: src/atlas-expansion.yml
-    teardown_group:
+    teardown_task:
       - command: subprocess.exec
         params:
           working_dir: src