Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Unknown
Fix Version/s: None
Component/s: Authentication
Labels:

Driver Changes:
Needed
Quarter:
- FY23Q3
- FY24Q1
Downstream Changes Summary:
Hide

Summary of required changes

Add support for AssumeRoleWithWebIdentity in AWS Auth

Add integration tests to verify usage

Use the credentials found in this document

Additional background

Please see https://github.com/mongodb/specifications/commit/bc4257fed21186ba9b53e2c0b7e92482da196882 for the specification change and https://github.com/mongodb/specifications/commit/cdd93a4c7639014c8837d34a3e26e408d7b14d5b for a clarification.

Please see https://github.com/mongodb/mongo-csharp-driver/commit/daa88998837aace9296b7c1f599c901f3cdac86f for a reference implementation in C#.

Integration test

Drivers are expected to add an integration test as described in the specification change
Show
Summary of required changes Add support for AssumeRoleWithWebIdentity in AWS Auth Add integration tests to verify usage Use the credentials found in this document Additional background Please see https://github.com/mongodb/specifications/commit/bc4257fed21186ba9b53e2c0b7e92482da196882 for the specification change and https://github.com/mongodb/specifications/commit/cdd93a4c7639014c8837d34a3e26e408d7b14d5b for a clarification. Please see https://github.com/mongodb/mongo-csharp-driver/commit/daa88998837aace9296b7c1f599c901f3cdac86f for a reference implementation in C#. Integration test Drivers are expected to add an integration test as described in the specification change
Case:

Driver Compliance:

$i18n.getText("admin.common.words.hide")

Key	Status/Resolution	FixVersion
CDRIVER-4081	Fixed	1.24.0
CXX-2307	Works as Designed	3.8.0
CSHARP-3740	Fixed	2.19.0
GODRIVER-2081	Fixed	1.12.0
JAVA-4234	Fixed	4.8.0
NODE-3445	Fixed	5.1.0
MOTOR-773	Duplicate
PYTHON-2818	Fixed	4.4
PHPC-1895	Won't Do
RUBY-2732	Fixed	2.19.0
RUST-906	Fixed	2.6.0
SWIFT-1258	Won't Do
NODE-5135	Duplicate

$i18n.getText("admin.common.words.show")

#scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-4081 Fixed 1.24.0 CXX-2307 Works as Designed 3.8.0 CSHARP-3740 Fixed 2.19.0 GODRIVER-2081 Fixed 1.12.0 JAVA-4234 Fixed 4.8.0 NODE-3445 Fixed 5.1.0 MOTOR-773 Duplicate PYTHON-2818 Fixed 4.4 PHPC-1895 Won't Do RUBY-2732 Fixed 2.19.0 RUST-906 Fixed 2.6.0 SWIFT-1258 Won't Do NODE-5135 Duplicate

Currently drivers support authenticating against a database using AWS IAM roles for applications running on EC2 or ECS tasks.

In scope of ~~DRIVERS-2011~~ (and already implemented in Java driver in scope of ~~JAVA-4118~~), applications will be able to supply a callback which will allow it to supply credentials for any type of service, including Elastic Kubernetes Service (EKS).

This ticket would add support for EKS natively to our drivers, without requiring use of an application-supplied callback.

This improvement would be useful for those who are running on Kubernetes in AWS and reduce friction by supporting EKS natively in our drivers

Note

EKS IAM Roles for service accounts give pods an IAM role, this is exposed as an environment variable with an open id connect token that can get handed to AWS sts for a set of temporary creds (much like ECS/EC2).

is depended on by

JAVA-4118 Add support for EKS when using AWS Iam roles for database authentication

Closed

is related to

JAVA-4292 AWS credential refreshing

Released

related to

DRIVERS-2945 Support for AWS EKS Pod Identity

Backlog

DRIVERS-2011 On-demand callback for AWS credentials

Closed

DRIVERS-1941 Add MONGODB-AWS Support for EKS Service Account Auth

Closed

split to

CDRIVER-4081 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

CSHARP-3740 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

CXX-2307 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

GODRIVER-2081 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

JAVA-4234 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

MOTOR-773 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

NODE-3445 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

NODE-5135 [Node] Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

PHPC-1895 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

PYTHON-2818 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

RUBY-2732 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

RUST-906 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

links to

Digit.co Request for EKS IAM for Node/Go

mentioned in: Page Loading...; Page Loading...

(12 split to, 1 links to, 2 mentioned in)

Assignee:: Steve Silvester

Reporter:: Ross Lawley

Votes:: 9 Vote for this issue

Watchers:: 37 Start watching this issue

Created:: May 11 2021 08:54:12 AM UTC

Updated:: Jul 22 2024 04:12:56 PM UTC

Resolved:: Jan 29 2024 07:24:54 PM UTC

Start date:: 28/Nov/22

Details

Description

Attachments

Issue Links

Activity

People

Dates