Add 8.0 and Auth + SSL Testing

[Jibola]

Adding tests:

• MongoDB SERVER Version 8.0
• Auth SSL

This creates 4 test variants total:

• 5.0 -- NoAuth NoSSL
• 5.0 -- Auth SSL
• 8.0 -- NoAuth NoSSL
• 8.0 -- Auth SSL

Acceptance Criteria:
EVG tests pass

[timgraham]

Evergreen stopped running on PRs some time ago, possibly due to the repo rename.

[aclark4life]

I'll discuss with @blink1073

[blink1073]

evergreen retry

[blink1073]

Re-enabled, it shows this error: project fails validation: sync with base branch & run evergreen validate -p <project>

[Jibola]

Bah, I cannot validate it locally. I get:

evergreen validate -p django-mongodb .evergreen/config.yml 
...
[evergreen] 2025/01/16 12:44:55 [p=error]: Automatic CLI update failed! Continuing with command execution. Error: permission denied
.evergreen/config.yml is valid

[blink1073]

toggling to check on RTD

[blink1073]

[evergreen] 2025/01/16 13:05:49 [p=info]: Fetching update from https://evg-bucket-evergreen.s3.amazonaws.com/evergreen/clients/evergreen_d3f98b4cbbaa8d9e8d9cea5738c778a29a653e75/darwin_arm64/evergreen
Upgraded binary downloaded to /tmp/251895727 - verifying
[evergreen] 2025/01/16 13:05:53 [p=info]: Upgraded binary successfully downloaded to temporary file: /tmp/251895727
[evergreen] 2025/01/16 13:05:53 [p=info]: Unlinking existing binary at /Users/steve.silvester/bin/evergreen
[evergreen] 2025/01/16 13:05:53 [p=info]: Moving upgraded binary to /Users/steve.silvester/bin/evergreen
[evergreen] 2025/01/16 13:05:53 [p=info]: Setting binary permissions...
[evergreen] 2025/01/16 13:05:53 [p=info]: Upgrade complete!
ERROR: buildvariant 'tests-8-noauth-nossl' already exists
.evergreen/config.yml is an invalid configuration

[timgraham]

What are the SSL configurations testing? Naively, I would think Django's settings would need to be configured to connect via SSL, but at that point, we'd basically just be testing pymongo's SSL support.

[blink1073]

I would have thought that we'd need to pass the AUTH/SSL information on to the connection string. It is odd to me that this would pass as-is.

[aclark4life]

Right. Perhaps we just need to know more about what those variants add to the environment and that use that information to update our settings to test our backend. e.g. user/pass, SSL port. Settings are copied from here AFAICT and only include ENGINE and NAME. The tests presumably pass because even though you CAN test auth + ssl in these variants you, again presumably, don't HAVE to test auth + ssl in these variants.

[blink1073]

We shouldn't be able to connect without proper TLS, or do any CRUD operations without auth...

[Jibola]

@timgraham @blink1073 I expected the auth and ssl to fail for the first run as well. I dug in and figured out the failure is because of the evergreen expansions change. I need to use include_expansions_in_env which should then include auth and ssl properly.

[timgraham]

While it's a bit more verbose, I think it would be clearer to separate the two paths.

if uri := os.getenv("MONGODB_URI"):
    # Settings for the evergreen builds.
    databases_settings = parse_uri(uri)
    # Workaround for https://github.com/mongodb-labs/mongo-orchestration/issues/268
    if databases_settings["USER"] and databases_settings["PASSWORD"]:
        databases_settings["OPTIONS"].update({"tls": True, "tlsAllowInvalidCertificates": True})
    DATABASES["default"] = DATABASES["other"] = databases_settings
    DATABASES["default"]["NAME"] = "djangotests"
    DATABASES["other"]["NAME"] = "djangotests-other"
else:
    # Settings for the Github actions build.
    DATABASES = {...existing code...}

My only question is whether it's necessary to check both username and password since it seems unlikely one would be set without the either (or at least a password without a user).

[Jibola]

Sure

[blink1073]

LGTM!