DRIVERS-2672 Rename OIDC integration name and values.

matthewdale · matthewdale · commit dde06323313e · 2024-03-06T17:19:09.000-08:00
diff --git a/source/auth/auth.md b/source/auth/auth.md
@@ -1215,9 +1215,9 @@ in the MONGODB-OIDC specification, including sections or blocks that specificall
 
 - mechanism_properties
 
-  - PROVIDER_NAME\
-    Drivers MUST allow the user to specify the name of a built-in OIDC provider integration to use to
-    obtain credentials. If provided, the value MUST be one of `["aws"]`. If both `PROVIDER_NAME` and an
+  - OIDC_ENV\
+    Drivers MUST allow the user to specify the name of a built-in OIDC application environment integration to
+    use to obtain credentials. If provided, the value MUST be one of `["k8s"]`. If both `OIDC_ENV` and an
     [OIDC Callback](#oidc-callback) or [OIDC Human Callback](#oidc-human-callback) are provided for the same
     `MongoClient`, the driver MUST raise an error.
 
@@ -1246,20 +1246,27 @@ in the MONGODB-OIDC specification, including sections or blocks that specificall
     performed after SRV record resolution, if applicable. This property is only required for drivers that support the
     [Human Authentication Flow](#human-authentication-flow).
 
-#### Built-in Provider Integrations
+#### Built-in OIDC Environment Integrations
 
-Drivers MUST support all of the following built-in OIDC providers.
+Drivers MUST support all of the following built-in OIDC application environment integrations.
 
-####### AWS
+####### Kubernetes
 
-The AWS provider is enabled by setting auth mechanism property `PROVIDER_NAME:aws`.
+The Kubernetes integration is enabled by setting auth mechanism property `OIDC_ENV:k8s`.
 
 If enabled, drivers MUST read the file path from environment variable `AWS_WEB_IDENTITY_TOKEN_FILE` and then read the
 OIDC access token from that file. The driver MUST use the contents of that file as value in the `jwt` field of the
 `saslStart` payload.
 
-Drivers MAY implement the AWS provider so that it conforms to the function signature of the
-[OIDC Callback](#oidc-callback) to prevent having to re-implement the AWS provider logic in the OIDC prose tests.
+> \[!NOTE\]
+>
+> The Kubernetes integration currently only supports the AWS-hosted EKS Kubernetes environment. Drivers MUST document
+> that the "k8s" integration currently only supports AWS EKS, but will support more Kubernetes environments in the
+> future.
+
+Drivers MAY implement the Kubernetes integration so that it conforms to the function signature of the
+[OIDC Callback](#oidc-callback) to prevent having to re-implement the Kubernetes integration logic in the OIDC prose
+tests.
 
 #### OIDC Callback
 
diff --git a/source/auth/tests/legacy/connection-string.json b/source/auth/tests/legacy/connection-string.json
diff --git a/source/auth/tests/legacy/connection-string.yml b/source/auth/tests/legacy/connection-string.yml
@@ -351,35 +351,35 @@ tests:
     mechanism_properties:
       AWS_SESSION_TOKEN: token!@#$%^&*()_+
 - description: should recognise the mechanism with aws provider (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:aws
+  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=OIDC_ENV:aws
   valid: true
   credential:
     username:
     password:
     source: "$external"
     mechanism: MONGODB-OIDC
     mechanism_properties:
-      PROVIDER_NAME: aws
+      OIDC_ENV: aws
 - description: should recognise the mechanism when auth source is explicitly specified and with provider (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external&authMechanismProperties=PROVIDER_NAME:aws
+  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external&authMechanismProperties=OIDC_ENV:aws
   valid: true
   credential:
     username:
     password:
     source: "$external"
     mechanism: MONGODB-OIDC
     mechanism_properties:
-      PROVIDER_NAME: aws
+      OIDC_ENV: aws
 - description: should throw an exception if supplied a password (MONGODB-OIDC)
-  uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:aws
+  uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=OIDC_ENV:aws
   valid: false
   credential:
 - description: should throw an exception if username is specified for aws (MONGODB-OIDC)
-  uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&PROVIDER_NAME:aws
+  uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&OIDC_ENV:aws
   valid: false
   credential:
 - description: should throw an exception if specified provider is not supported (MONGODB-OIDC)
-  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=PROVIDER_NAME:invalid
+  uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=OIDC_ENV:invalid
   valid: false
   credential:
 - description: should throw an exception if neither provider nor callbacks specified (MONGODB-OIDC)
diff --git a/source/auth/tests/mongodb-oidc.md b/source/auth/tests/mongodb-oidc.md
@@ -27,7 +27,7 @@ configured with `retryReads=false`.
 > \[!NOTE\]
 >
 > For test cases that create fail points, drivers MUST either use a unique `appName` or explicitly remove the fail point
-> after the test to prevent interaction between test cases.
+> aOIDC_ENV to prevent interaction between test cases.
 
 Note that typically the preconfigured Atlas Dev clusters are used for testing, in Evergreen and locally. The URIs can be
 fetched from the `drivers/oidc` Secrets vault, see
@@ -36,7 +36,7 @@ Use `OIDC_ATLAS_URI_SINGLE` for the `MONGODB_URI`. If using local servers is pre
 [Local Testing](https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/auth_oidc/README.md#local-testing)
 method, use `mongodb://localhost/?authMechanism=MONGODB-OIDC` for `MONGODB_URI`.
 
-### (1) OIDC Callback Authentication
+###OIDC_ENVlback Authentication
 
 **1.1 Callback is called during authentication**
 
@@ -101,7 +101,7 @@ method, use `mongodb://localhost/?authMechanism=MONGODB-OIDC` for `MONGODB_URI`.
 - Create a `MongoClient` configured with an OIDC callback that implements the AWS provider logic.
 - Set a fail point for `find` commands of the form:
 
-```javascript
+```javascriptOIDC_ENV
 {
   configureFailPoint: "failCommand",
   mode: {
diff --git a/source/auth/tests/unified/mongodb-oidc-no-retry.yml b/source/auth/tests/unified/mongodb-oidc-no-retry.yml
@@ -16,7 +16,7 @@ createEntities:
       # The $$placeholder document should be replaced by auth mechanism
       # properties that enable OIDC auth on the target cloud platform. For
       # example, when running the test on AWS, replace the $$placeholder
-      # document with {"PROVIDER_NAME": "aws"}.
+      # document with {"OIDC_ENV": "aws"}.
       authMechanismProperties: { $$placeholder: 1 }
       retryReads: false
       retryWrites: false
diff --git a/source/unified-test-format/unified-test-format.md b/source/unified-test-format/unified-test-format.md
@@ -422,7 +422,7 @@ The structure of this object is as follows:
     uriOptions:
       authMechanism: "MONGODB-OIDC"
       authMechanismProperties:
-        PROVIDER_NAME: { $$placeholder: 1 }
+        OIDC_ENV: { $$placeholder: 1 }
     ```
 
   <div id="entity_client_useMultipleMongoses">
