From 0800fb367db7cb565f229a36d1edd2d5e1c2a698 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 1 Mar 2023 09:57:05 -0500 Subject: [PATCH 01/17] chore: add files --- .evergreen/config.in.yml | 82 +++++++++ .evergreen/config.yml | 126 ++++++++++++++ .evergreen/copy-driver-to-azure.sh | 24 +++ .evergreen/generate_evergreen_tasks.js | 8 + .evergreen/run-azure-kms-mock-server.sh | 9 + .evergreen/run-azure-kms-tests.sh | 20 +++ .evergreen/run-gcp-kms-tests.sh | 2 +- .evergreen/run-serverless-tests.sh | 2 +- .evergreen/run-tests.sh | 2 +- .evergreen/setup-azure-vm.sh | 20 +++ src/deps.ts | 3 +- ...ion.prose.18.azure_kms_mock_server.test.ts | 156 ++++++++++++++++++ ...ncryption.prose.19.on_demand_azure.test.ts | 73 ++++++++ 13 files changed, 523 insertions(+), 4 deletions(-) create mode 100644 .evergreen/copy-driver-to-azure.sh create mode 100644 .evergreen/run-azure-kms-mock-server.sh create mode 100644 .evergreen/run-azure-kms-tests.sh create mode 100644 .evergreen/setup-azure-vm.sh create mode 100644 test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts create mode 100644 test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 452bbc2fba8..efb83551818 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -95,6 +95,17 @@ functions: env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} + "bootstrap azure idms server": + - command: subprocess.exec + params: + background: true + working_dir: src + binary: bash + args: + - .evergreen/run-azure-kms-mock-server.sh + env: + DRIVERS_TOOLS: ${DRIVERS_TOOLS} + "bootstrap oidc": - command: ec2.assume_role params: @@ -1063,6 +1074,7 @@ tasks: commands: - func: install dependencies - func: bootstrap kms servers + - func: bootstrap azure idms server - func: "run serverless tests" - name: run-spec-benchmark-tests @@ -1136,6 +1148,49 @@ tasks: args: - src/.evergreen/run-gcp-kms-tests.sh + + - name: "test-azurekms-task" + commands: + - func: "install dependencies" + - command: subprocess.exec + type: setup + params: + binary: bash + add_expansions_to_env: true + env: + # AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey + args: + - src/.evergreen/copy-driver-to-azure.sh + - command: subprocess.exec + type: test + params: + working_dir: src + binary: bash + add_expansions_to_env: true + env: + # AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey + AZUREKMS_CMD: "ls && env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh" + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh + + - name: "test-azurekms-fail-task" + commands: + - func: "install dependencies" + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + TOPOLOGY: server + AUTH: noauth + - command: subprocess.exec + type: test + params: + binary: bash + env: + EXPECTED_AZUREKMS_OUTCOME: "failure" + args: + - src/.evergreen/run-azure-kms-tests.sh + + task_groups: - name: serverless_task_group setup_group_can_fail_task: true @@ -1208,6 +1263,33 @@ task_groups: tasks: - test-gcpkms-task + - name: test_azurekms_task_group + setup_group_can_fail_task: true + setup_group_timeout_secs: 1800 # 30 minutes + setup_group: + - func: fetch source + - command: subprocess.exec + params: + working_dir: "src" + binary: bash + add_expansions_to_env: true + args: + - .evergreen/setup-azure-vm.sh + - command: expansions.update + # Load AZUREKMS_VMNAME into the expansions. + params: + file: src/testazurekms-expansions.yml + + teardown_group: + - command: subprocess.exec + params: + binary: bash + add_expansions_to_env: true + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/delete-vm.sh + tasks: + - test-azurekms-task + pre: - func: "fetch source" - func: "windows fix" diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 0507ff27f9c..6cab7622845 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -68,6 +68,16 @@ functions: - .evergreen/run-kms-servers.sh env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} + bootstrap azure idms server: + - command: subprocess.exec + params: + background: true + working_dir: src + binary: bash + args: + - .evergreen/run-azure-kms-mock-server.sh + env: + DRIVERS_TOOLS: ${DRIVERS_TOOLS} bootstrap oidc: - command: ec2.assume_role params: @@ -1003,6 +1013,7 @@ tasks: commands: - func: install dependencies - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run serverless tests - name: run-spec-benchmark-tests tags: @@ -1067,6 +1078,43 @@ tasks: EXPECTED_GCPKMS_OUTCOME: failure args: - src/.evergreen/run-gcp-kms-tests.sh + - name: test-azurekms-task + commands: + - func: install dependencies + - command: subprocess.exec + type: setup + params: + binary: bash + add_expansions_to_env: true + env: null + args: + - src/.evergreen/copy-driver-to-azure.sh + - command: subprocess.exec + type: test + params: + working_dir: src + binary: bash + add_expansions_to_env: true + env: + AZUREKMS_CMD: ls && env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh + - name: test-azurekms-fail-task + commands: + - func: install dependencies + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + TOPOLOGY: server + AUTH: noauth + - command: subprocess.exec + type: test + params: + binary: bash + env: + EXPECTED_AZUREKMS_OUTCOME: failure + args: + - src/.evergreen/run-azure-kms-tests.sh - name: test-latest-server tags: - latest @@ -1079,6 +1127,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-latest-replica_set tags: @@ -1092,6 +1141,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-latest-sharded_cluster tags: @@ -1105,6 +1155,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-rapid-server tags: @@ -1118,6 +1169,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-rapid-replica_set tags: @@ -1131,6 +1183,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-rapid-sharded_cluster tags: @@ -1144,6 +1197,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-6.0-server tags: @@ -1157,6 +1211,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-6.0-replica_set tags: @@ -1170,6 +1225,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-6.0-sharded_cluster tags: @@ -1183,6 +1239,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-5.0-server tags: @@ -1196,6 +1253,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-5.0-replica_set tags: @@ -1209,6 +1267,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-5.0-sharded_cluster tags: @@ -1222,6 +1281,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.4-server tags: @@ -1235,6 +1295,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.4-replica_set tags: @@ -1248,6 +1309,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.4-sharded_cluster tags: @@ -1261,6 +1323,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.2-server tags: @@ -1274,6 +1337,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.2-replica_set tags: @@ -1287,6 +1351,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.2-sharded_cluster tags: @@ -1300,6 +1365,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.0-server tags: @@ -1313,6 +1379,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.0-replica_set tags: @@ -1326,6 +1393,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.0-sharded_cluster tags: @@ -1339,6 +1407,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-3.6-server tags: @@ -1352,6 +1421,7 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-3.6-replica_set tags: @@ -1365,6 +1435,7 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-3.6-sharded_cluster tags: @@ -1378,6 +1449,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-latest-server-v1-api tags: @@ -2578,6 +2650,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-latest-replica_set-noauth tags: @@ -2592,6 +2665,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-latest-sharded_cluster-noauth tags: @@ -2606,6 +2680,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-rapid-server-noauth tags: @@ -2620,6 +2695,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-rapid-replica_set-noauth tags: @@ -2634,6 +2710,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-rapid-sharded_cluster-noauth tags: @@ -2648,6 +2725,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-6.0-server-noauth tags: @@ -2662,6 +2740,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-6.0-replica_set-noauth tags: @@ -2676,6 +2755,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-6.0-sharded_cluster-noauth tags: @@ -2690,6 +2770,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-5.0-server-noauth tags: @@ -2704,6 +2785,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-5.0-replica_set-noauth tags: @@ -2718,6 +2800,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-5.0-sharded_cluster-noauth tags: @@ -2732,6 +2815,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.4-server-noauth tags: @@ -2746,6 +2830,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.4-replica_set-noauth tags: @@ -2760,6 +2845,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.4-sharded_cluster-noauth tags: @@ -2774,6 +2860,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.2-server-noauth tags: @@ -2788,6 +2875,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.2-replica_set-noauth tags: @@ -2802,6 +2890,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.2-sharded_cluster-noauth tags: @@ -2816,6 +2905,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.0-server-noauth tags: @@ -2830,6 +2920,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.0-replica_set-noauth tags: @@ -2844,6 +2935,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-4.0-sharded_cluster-noauth tags: @@ -2858,6 +2950,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-3.6-server-noauth tags: @@ -2872,6 +2965,7 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-3.6-replica_set-noauth tags: @@ -2886,6 +2980,7 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-3.6-sharded_cluster-noauth tags: @@ -2900,6 +2995,7 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers + - func: bootstrap azure idms server - func: run tests - name: test-lambda-example tags: @@ -3088,6 +3184,30 @@ task_groups: - ${DRIVERS_TOOLS}/.evergreen/csfle/gcpkms/delete-instance.sh tasks: - test-gcpkms-task + - name: test_azurekms_task_group + setup_group_can_fail_task: true + setup_group_timeout_secs: 1800 + setup_group: + - func: fetch source + - command: subprocess.exec + params: + working_dir: src + binary: bash + add_expansions_to_env: true + args: + - .evergreen/setup-azure-vm.sh + - command: expansions.update + params: + file: src/testazurekms-expansions.yml + teardown_group: + - command: subprocess.exec + params: + binary: bash + add_expansions_to_env: true + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/delete-vm.sh + tasks: + - test-azurekms-task pre: - func: fetch source - func: windows fix @@ -3557,6 +3677,12 @@ buildvariants: tasks: - test_gcpkms_task_group - test-gcpkms-fail-task + - name: debian11-test-azure-kms + display_name: Azure KMS Test + run_on: debian11-small + tasks: + - test_azurekms_task_group + - test-azurekms-fail-task - name: rhel8-no-auth-tests display_name: No Auth Tests run_on: rhel80-large diff --git a/.evergreen/copy-driver-to-azure.sh b/.evergreen/copy-driver-to-azure.sh new file mode 100644 index 00000000000..d66605bd4cc --- /dev/null +++ b/.evergreen/copy-driver-to-azure.sh @@ -0,0 +1,24 @@ +#! /usr/bin/env bash + +set -o errexit + +if [ -z ${AZUREKMS_RESOURCEGROUP+omitted} ]; then echo "AZUREKMS_RESOURCEGROUP is unset" && exit 1; fi +if [ -z ${AZUREKMS_VMNAME+omitted} ]; then echo "AZUREKMS_VMNAME is unset" && exit 1; fi +if [ -z ${AZUREKMS_PRIVATEKEYPATH+omitted} ]; then echo "AZUREKMS_PRIVATEKEYPATH is unset" && exit 1; fi + +source "${PROJECT_DIRECTORY}/.evergreen/init-nvm.sh" + +echo "compressing node driver source ... begin" +tar -czf node-driver-source.tgz src +echo "compressing node driver source ... end" + +export AZUREKMS_SRC=node-driver-source.tgz +export AZUREKMS_DST="./" +echo "copying node driver tar ... begin" +"${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/copy-file.sh" +echo "copying node driver tar ... end" + +echo "decompressing node driver tar on azure ... begin" +export AZUREKMS_CMD="tar xf node-driver-source.tgz" +"${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh" +echo "decompressing node driver tar on azure ... end" diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 654aba5c765..d2aefd5155b 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -54,6 +54,7 @@ function makeTask({ mongoVersion, topology, tags = [], auth = 'auth' }) { } }, { func: 'bootstrap kms servers' }, + { func: 'bootstrap azure idms server' }, { func: 'run tests' } ] }; @@ -668,6 +669,13 @@ BUILD_VARIANTS.push({ tasks: ['test_gcpkms_task_group', 'test-gcpkms-fail-task'] }); +BUILD_VARIANTS.push({ + name: 'debian11-test-azure-kms', + display_name: 'Azure KMS Test', + run_on: 'debian11-small', + tasks: ['test_azurekms_task_group', 'test-azurekms-fail-task'] +}); + BUILD_VARIANTS.push({ name: 'rhel8-no-auth-tests', display_name: 'No Auth Tests', diff --git a/.evergreen/run-azure-kms-mock-server.sh b/.evergreen/run-azure-kms-mock-server.sh new file mode 100644 index 00000000000..06d07236e91 --- /dev/null +++ b/.evergreen/run-azure-kms-mock-server.sh @@ -0,0 +1,9 @@ +#! /user/bin/env bash + +if [ -z ${DRIVERS_TOOLS+omitted} ]; then echo "DRIVERS_TOOLS is unset" && exit 1; fi + +set -o errexit + +python3 $DRIVERS_TOOLS/.evergreen/csfle/bottle.py fake_azure:imds & + +echo "Running Azure KMS idms server on port 8080" diff --git a/.evergreen/run-azure-kms-tests.sh b/.evergreen/run-azure-kms-tests.sh new file mode 100644 index 00000000000..dd0ce2dea68 --- /dev/null +++ b/.evergreen/run-azure-kms-tests.sh @@ -0,0 +1,20 @@ +#! /usr/bin/env bash + +set -o errexit + +pushd "src" +PROJECT_DIRECTORY="$(pwd)" +export PROJECT_DIRECTORY +source ".evergreen/init-nvm.sh" + +set -o xtrace + +npm install 'mongodb-client-encryption@2.7.0-alpha.0' + +export MONGODB_URI="mongodb://localhost:27017" + +export EXPECTED_AZUREKMS_OUTCOME=${EXPECTED_AZUREKMS_OUTCOME:-omitted} +export TEST_CSFLE=true +export CSFLE_KMS_PROVIDERS='not json' + +npx mocha --config test/mocha_mongodb.json test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts diff --git a/.evergreen/run-gcp-kms-tests.sh b/.evergreen/run-gcp-kms-tests.sh index 86558b9ec46..e66bbe05c19 100644 --- a/.evergreen/run-gcp-kms-tests.sh +++ b/.evergreen/run-gcp-kms-tests.sh @@ -9,7 +9,7 @@ source ".evergreen/init-nvm.sh" set -o xtrace -npm install 'mongodb-client-encryption@2.6.0' +npm install 'mongodb-client-encryption@2.7.0-alpha.0' npm install 'gcp-metadata' export MONGODB_URI="mongodb://localhost:27017" diff --git a/.evergreen/run-serverless-tests.sh b/.evergreen/run-serverless-tests.sh index cd6fb06ffa2..12373372719 100755 --- a/.evergreen/run-serverless-tests.sh +++ b/.evergreen/run-serverless-tests.sh @@ -10,7 +10,7 @@ if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi if [ -z ${SERVERLESS_ATLAS_USER+omitted} ]; then echo "SERVERLESS_ATLAS_USER is unset" && exit 1; fi if [ -z ${SERVERLESS_ATLAS_PASSWORD+omitted} ]; then echo "SERVERLESS_ATLAS_PASSWORD is unset" && exit 1; fi -npm install mongodb-client-encryption@"2.6.0" +npm install 'mongodb-client-encryption@2.7.0-alpha.0' npx mocha \ --config test/mocha_mongodb.json \ diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 95c9750f869..1d2eca26d3c 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -52,7 +52,7 @@ else source "$DRIVERS_TOOLS"/.evergreen/csfle/set-temp-creds.sh fi -npm install mongodb-client-encryption@"2.6.0" +npm install 'mongodb-client-encryption@2.7.0-alpha.0' npm install @mongodb-js/zstd npm install snappy diff --git a/.evergreen/setup-azure-vm.sh b/.evergreen/setup-azure-vm.sh new file mode 100644 index 00000000000..a1902849bea --- /dev/null +++ b/.evergreen/setup-azure-vm.sh @@ -0,0 +1,20 @@ +#! /usr/bin/env bash + +echo "${testazurekms_publickey}" > /tmp/testazurekms_publickey +echo "${testazurekms_privatekey}" > /tmp/testazurekms_privatekey + +# Set 600 permissions on private key file. Otherwise ssh / scp may error with permissions "are too open". +chmod 600 /tmp/testazurekms_privatekey +export AZUREKMS_CLIENTID=${AZUREKMS_CLIENTID} +export AZUREKMS_TENANTID=${AZUREKMS_TENANTID} +export AZUREKMS_SECRET=${AZUREKMS_SECRET} +export AZUREKMS_DRIVERS_TOOLS=$DRIVERS_TOOLS +export AZUREKMS_RESOURCEGROUP=${AZUREKMS_RESOURCEGROUP} +export AZUREKMS_PUBLICKEYPATH=/tmp/testazurekms_publickey +export AZUREKMS_PRIVATEKEYPATH=/tmp/testazurekms_privatekey +export AZUREKMS_SCOPE=${AZUREKMS_SCOPE} +export AZUREKMS_VMNAME_PREFIX=NODEDRIVER + +$DRIVERS_TOOLS/.evergreen/csfle/azurekms/create-and-setup-vm.sh + +echo "AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey" >> testazurekms-expansions.yml diff --git a/src/deps.ts b/src/deps.ts index 1100a1c1792..6c4857270a6 100644 --- a/src/deps.ts +++ b/src/deps.ts @@ -266,7 +266,8 @@ export interface AutoEncryptionOptions { * If present, an access token to authenticate with Azure. */ accessToken: string; - }; + } + | Record; /** Configuration options for using 'gcp' as your KMS provider */ gcp?: | { diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts new file mode 100644 index 00000000000..5918613ad5e --- /dev/null +++ b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts @@ -0,0 +1,156 @@ +import { expect } from 'chai'; +import { get } from 'http'; + +import { Document } from '../../mongodb'; + +const BASE_URL = new URL(`http://127.0.0.1:8080/metadata/identity/oauth2/token`); + +async function mockServerIsSetup() { + const url = (() => { + const copiedURL = new URL(BASE_URL); + + // minimum configuration for the mock server not to throw an error when responding. + copiedURL.searchParams.append('api-version', '2018-02-01'); + copiedURL.searchParams.append('resource', 'https://vault.azure.net'); + return copiedURL; + })(); + return new Promise((resolve, reject) => { + get(url, res => { + if (res.statusCode === 200) { + return resolve(); + } + return reject('server not running'); + }) + .on('error', error => reject(error)) + .end(); + }); +} + +class KMSRequestOptions { + url: URL = BASE_URL; + headers: Document; + constructor(testCase?: 'empty-json' | 'bad-json' | '404' | '500' | 'slow') { + this.headers = + testCase != null + ? { + 'X-MongoDB-HTTP-TestParams': `case=${testCase}` + } + : {}; + } +} + +context('Azure KMS Mock Server Tests', function () { + let fetchAzureKMSToken: (options: { + url: URL; + headers: Document; + }) => Promise<{ accessToken: string }>; + let KMSRequestFailedError: Error; + + const AZURE_KMS_TEST_EXPORTS = '___azureKMSProseTestExports'; + beforeEach(async function () { + try { + await mockServerIsSetup(); + } catch { + this.currentTest.skipReason = 'Test requires mock azure identity endpoint to be running.'; + this.test?.skip(); + } + + fetchAzureKMSToken = this.configuration.mongodbClientEncryption[AZURE_KMS_TEST_EXPORTS]; + KMSRequestFailedError = + this.configuration.mongodbClientEncryption.MongoCryptAzureKMSRequestError; + }); + + context('Case 1: Success', function () { + // Do not set an ``X-MongoDB-HTTP-TestParams`` header. + + // Upon receiving a response from ``fake_azure``, the driver must decode the + // following information: + + // 1. HTTP status will be ``200 Okay``. + // 2. The HTTP body will be a valid JSON string. + // 3. The access token will be the string ``"magic-cookie"``. + // 4. The expiry duration of the token will be seventy seconds. + // 5. The token will have a resource of ``"https://vault.azure.net"`` + + it('returns a properly formatted access token', async () => { + const credentials = await fetchAzureKMSToken(new KMSRequestOptions()); + expect(credentials).to.have.property('accessToken', 'magic-cookie'); + }); + }); + + context('Case 2: Empty JSON', function () { + // This case addresses a server returning valid JSON with invalid content. + // Set ``X-MongoDB-HTTP-TestParams`` to ``case=empty-json``. + // Upon receiving a response: + // 1. HTTP status will be ``200 Okay`` + // 2. The HTTP body will be a valid JSON string. + // 3. There will be no access token, expiry duration, or resource. + // The test case should ensure that this error condition is handled gracefully. + + it('returns an error', async () => { + const credentials = await fetchAzureKMSToken(new KMSRequestOptions('empty-json')).catch( + e => e + ); + + expect(credentials).to.be.instanceof(KMSRequestFailedError); + }); + }); + + context('Case 3: Bad JSON', function () { + // This case addresses a server returning malformed JSON. + // Set ``X-MongoDB-HTTP-TestParams`` to ``case=bad-json``. + // Upon receiving a response: + // 1. HTTP status will be ``200 Okay`` + // 2. The response body will contain a malformed JSON string. + // The test case should ensure that this error condition is handled gracefully. + + it('returns an error', async () => { + const credentials = await fetchAzureKMSToken(new KMSRequestOptions('bad-json')).catch(e => e); + + expect(credentials).to.be.instanceof(KMSRequestFailedError); + }); + }); + + context('Case 4: HTTP 404', function () { + // This case addresses a server returning a "Not Found" response. This is + // documented to occur spuriously within an Azure environment. + // Set ``X-MongoDB-HTTP-TestParams`` to ``case=404``. + // Upon receiving a response: + // 1. HTTP status will be ``404 Not Found``. + // 2. The response body is unspecified. + // The test case should ensure that this error condition is handled gracefully. + it('returns an error', async () => { + const credentials = await fetchAzureKMSToken(new KMSRequestOptions('404')).catch(e => e); + + expect(credentials).to.be.instanceof(KMSRequestFailedError); + }); + }); + + context('Case 5: HTTP 500', function () { + // This case addresses an IMDS server reporting an internal error. This is + // documented to occur spuriously within an Azure environment. + // Set ``X-MongoDB-HTTP-TestParams`` to ``case=500``. + // Upon receiving a response: + // 1. HTTP status code will be ``500``. + // 2. The response body is unspecified. + // The test case should ensure that this error condition is handled gracefully. + it('returns an error', async () => { + const credentials = await fetchAzureKMSToken(new KMSRequestOptions('500')).catch(e => e); + + expect(credentials).to.be.instanceof(KMSRequestFailedError); + }); + }); + + context('Case 6: Slow Response', function () { + // This case addresses an IMDS server responding very slowly. Drivers should not + // halt the application waiting on a peer to communicate. + // Set ``X-MongoDB-HTTP-TestParams`` to ``case=slow``. + // The HTTP response from the ``fake_azure`` server will take at least 1000 seconds + // to complete. The request should fail with a timeout. + it('returns an error after the request times out', async () => { + const credentials = await fetchAzureKMSToken(new KMSRequestOptions('slow')).catch(e => e); + + expect(credentials).to.be.instanceof(KMSRequestFailedError); + }); + }); +}); diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts new file mode 100644 index 00000000000..5edead88c99 --- /dev/null +++ b/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts @@ -0,0 +1,73 @@ +import { expect } from 'chai'; +import { env } from 'process'; + +import { Binary } from '../../mongodb'; + +const metadata: MongoDBMetadataUI = { + requires: { + clientSideEncryption: true + } +} as const; + +const dataKeyOptions = { + masterKey: { + keyVaultEndpoint: 'https://keyvault-drivers-2411.vault.azure.net/keys/', + keyName: 'KEY-NAME' + } +}; + +describe('19. On-demand GCP Credentials', () => { + let clientEncryption: import('mongodb-client-encryption').ClientEncryption; + let keyVaultClient; + let MongoCryptAzureKMSRequestError; + + beforeEach(async function () { + keyVaultClient = this.configuration.newClient(); + + const { ClientEncryption } = this.configuration.mongodbClientEncryption; + MongoCryptAzureKMSRequestError = + this.configuration.mongodbClientEncryption.MongoCryptAzureKMSRequestError; + + if (typeof env.AZUREKMS_VMNAME === 'string') { + // If Google cloud env is present then EXPECTED_GCPKMS_OUTCOME MUST be set + expect( + env.EXPECTED_AZUREKMS_OUTCOME, + `EXPECTED_AZUREKMS_OUTCOME must be 'success' or 'failure'` + ) + .to.be.a('string') + .that.satisfies(s => s === 'success' || s === 'failure'); + } + + clientEncryption = new ClientEncryption(keyVaultClient, { + keyVaultClient, + keyVaultNamespace: 'keyvault.datakeys', + kmsProviders: { azure: {} } + }); + }); + + afterEach(async () => { + await keyVaultClient?.close(); + }); + + it('Case 1: Failure', metadata, async function () { + if (env.EXPECTED_AZUREKMS_OUTCOME !== 'failure') { + this.skipReason = 'This test is supposed to run in the environment where failure is expected'; + this.skip(); + } + + const error = await clientEncryption + .createDataKey('azure', dataKeyOptions) + .catch(error => error); + expect(error).to.be.instanceOf(MongoCryptAzureKMSRequestError); + }); + + it('Case 2: Success', metadata, async function () { + if (env.EXPECTED_AZUREKMS_OUTCOME !== 'success') { + this.skipReason = 'This test is supposed to run in the environment where success is expected'; + this.skip(); + } + + const dk = await clientEncryption.createDataKey('azure', dataKeyOptions); + expect(dk).to.be.instanceOf(Binary); + }); +}); From af766a60513370f7be705fd68f7aedffeedcd768 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 16 Mar 2023 09:02:08 -0400 Subject: [PATCH 02/17] force downlod of mongodb-client-encryption for CI verification --- .evergreen/run-azure-kms-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/run-azure-kms-tests.sh b/.evergreen/run-azure-kms-tests.sh index dd0ce2dea68..86fe9d1de17 100644 --- a/.evergreen/run-azure-kms-tests.sh +++ b/.evergreen/run-azure-kms-tests.sh @@ -9,7 +9,7 @@ source ".evergreen/init-nvm.sh" set -o xtrace -npm install 'mongodb-client-encryption@2.7.0-alpha.0' +npm install --force 'mongodb-client-encryption@2.7.0-alpha.0' export MONGODB_URI="mongodb://localhost:27017" From 26820659c57797c66effdf60e33ed92f1599b13d Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 16 Mar 2023 09:06:15 -0400 Subject: [PATCH 03/17] chore: misc fixes --- .evergreen/config.in.yml | 3 --- .evergreen/config.yml | 2 +- .evergreen/generate_evergreen_tasks.js | 6 +++--- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index efb83551818..56478f80067 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -1157,8 +1157,6 @@ tasks: params: binary: bash add_expansions_to_env: true - env: - # AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey args: - src/.evergreen/copy-driver-to-azure.sh - command: subprocess.exec @@ -1168,7 +1166,6 @@ tasks: binary: bash add_expansions_to_env: true env: - # AZUREKMS_PRIVATEKEYPATH: /tmp/testazurekms_privatekey AZUREKMS_CMD: "ls && env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh" args: - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 6cab7622845..a08c5d2bb67 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1086,7 +1086,6 @@ tasks: params: binary: bash add_expansions_to_env: true - env: null args: - src/.evergreen/copy-driver-to-azure.sh - command: subprocess.exec @@ -3680,6 +3679,7 @@ buildvariants: - name: debian11-test-azure-kms display_name: Azure KMS Test run_on: debian11-small + batchtime: 20160 tasks: - test_azurekms_task_group - test-azurekms-fail-task diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index d2aefd5155b..090edfde40b 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -457,9 +457,8 @@ for (const { BUILD_VARIANTS.push({ name: 'macos-1100', - display_name: `MacOS 11 Node${ - versions.find(version => version.codeName === LATEST_LTS).versionNumber - }`, + display_name: `MacOS 11 Node${versions.find(version => version.codeName === LATEST_LTS).versionNumber + }`, run_on: 'macos-1100', expansions: { NODE_LTS_NAME: LATEST_LTS, @@ -673,6 +672,7 @@ BUILD_VARIANTS.push({ name: 'debian11-test-azure-kms', display_name: 'Azure KMS Test', run_on: 'debian11-small', + batchtime: 20160, tasks: ['test_azurekms_task_group', 'test-azurekms-fail-task'] }); From 50d6d1930b02bb6ea78e6536b3373b79833a8723 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 16 Mar 2023 09:44:35 -0400 Subject: [PATCH 04/17] chore: misc fixes --- .evergreen/run-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 1d2eca26d3c..19f3f474b7a 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -52,7 +52,7 @@ else source "$DRIVERS_TOOLS"/.evergreen/csfle/set-temp-creds.sh fi -npm install 'mongodb-client-encryption@2.7.0-alpha.0' +npm install --force 'mongodb-client-encryption@2.7.0-alpha.0' npm install @mongodb-js/zstd npm install snappy From c892e6272db4a245d83b4e73a2685c9c2962df68 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 16 Mar 2023 13:48:09 -0400 Subject: [PATCH 05/17] add hopeful workaround --- .evergreen/install-dependencies.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.evergreen/install-dependencies.sh b/.evergreen/install-dependencies.sh index 17148dca660..fad2e9c2061 100644 --- a/.evergreen/install-dependencies.sh +++ b/.evergreen/install-dependencies.sh @@ -74,7 +74,10 @@ echo "Node.js ${node_index_version} for ${operating_system}-${architecture} rele set -o xtrace +set +o errexit curl "${CURL_FLAGS[@]}" "${node_download_url}" --output "$node_archive_path" +if [[ $? -ne 92 ]]; then exit 1; fi +set -o errexit if [[ "$file_extension" = "zip" ]]; then unzip -q "$node_archive_path" -d "${NODE_ARTIFACTS_PATH}" From 36f4a64064944530d1796db00ccd3a18b64740e9 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 16 Mar 2023 13:52:12 -0400 Subject: [PATCH 06/17] chore: fix logic error --- .evergreen/install-dependencies.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/install-dependencies.sh b/.evergreen/install-dependencies.sh index fad2e9c2061..071a2cdead9 100644 --- a/.evergreen/install-dependencies.sh +++ b/.evergreen/install-dependencies.sh @@ -76,7 +76,7 @@ set -o xtrace set +o errexit curl "${CURL_FLAGS[@]}" "${node_download_url}" --output "$node_archive_path" -if [[ $? -ne 92 ]]; then exit 1; fi +if [[ $? -eq 92 ]]; then exit 1; fi set -o errexit if [[ "$file_extension" = "zip" ]]; then From 6dd66c7feef59bc66af8ce0119701ae418b50955 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 11:00:38 -0400 Subject: [PATCH 07/17] Apply suggestions from code review Co-authored-by: Neal Beeken --- ...ent_side_encryption.prose.18.azure_kms_mock_server.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts index 5918613ad5e..6b370f86554 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts @@ -44,7 +44,7 @@ context('Azure KMS Mock Server Tests', function () { url: URL; headers: Document; }) => Promise<{ accessToken: string }>; - let KMSRequestFailedError: Error; + let MongoCryptAzureKMSRequestError: Error; const AZURE_KMS_TEST_EXPORTS = '___azureKMSProseTestExports'; beforeEach(async function () { @@ -88,7 +88,7 @@ context('Azure KMS Mock Server Tests', function () { // The test case should ensure that this error condition is handled gracefully. it('returns an error', async () => { - const credentials = await fetchAzureKMSToken(new KMSRequestOptions('empty-json')).catch( + const error = await fetchAzureKMSToken(new KMSRequestOptions('empty-json')).catch( e => e ); From 76ff4438bef6fb6e4ff443e83aed879d83b6bef5 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 11:00:26 -0400 Subject: [PATCH 08/17] chore: fix wording --- .../client_side_encryption.prose.19.on_demand_azure.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts index 5edead88c99..4c70172f2e2 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.19.on_demand_azure.test.ts @@ -16,7 +16,7 @@ const dataKeyOptions = { } }; -describe('19. On-demand GCP Credentials', () => { +describe('19. On-demand Azure Credentials', () => { let clientEncryption: import('mongodb-client-encryption').ClientEncryption; let keyVaultClient; let MongoCryptAzureKMSRequestError; @@ -29,7 +29,7 @@ describe('19. On-demand GCP Credentials', () => { this.configuration.mongodbClientEncryption.MongoCryptAzureKMSRequestError; if (typeof env.AZUREKMS_VMNAME === 'string') { - // If Google cloud env is present then EXPECTED_GCPKMS_OUTCOME MUST be set + // If azure cloud env is present then EXPECTED_AZUREKMS_OUTCOME MUST be set expect( env.EXPECTED_AZUREKMS_OUTCOME, `EXPECTED_AZUREKMS_OUTCOME must be 'success' or 'failure'` From 619bdc1401a4b7260ced3f1efba3faef0cf75de0 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 11:01:28 -0400 Subject: [PATCH 09/17] mockServerIsSetup -> isMockServerSetup --- ...side_encryption.prose.18.azure_kms_mock_server.test.ts | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts index 6b370f86554..081af950fc0 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts @@ -5,7 +5,7 @@ import { Document } from '../../mongodb'; const BASE_URL = new URL(`http://127.0.0.1:8080/metadata/identity/oauth2/token`); -async function mockServerIsSetup() { +async function isMockServerSetup() { const url = (() => { const copiedURL = new URL(BASE_URL); @@ -49,7 +49,7 @@ context('Azure KMS Mock Server Tests', function () { const AZURE_KMS_TEST_EXPORTS = '___azureKMSProseTestExports'; beforeEach(async function () { try { - await mockServerIsSetup(); + await isMockServerSetup(); } catch { this.currentTest.skipReason = 'Test requires mock azure identity endpoint to be running.'; this.test?.skip(); @@ -88,9 +88,7 @@ context('Azure KMS Mock Server Tests', function () { // The test case should ensure that this error condition is handled gracefully. it('returns an error', async () => { - const error = await fetchAzureKMSToken(new KMSRequestOptions('empty-json')).catch( - e => e - ); + const error = await fetchAzureKMSToken(new KMSRequestOptions('empty-json')).catch(e => e); expect(credentials).to.be.instanceof(KMSRequestFailedError); }); From 2639bdb7789609cea0958dbe4409567edccd0179 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 13:36:21 -0400 Subject: [PATCH 10/17] bump mongodb-client-encryption version to latest --- .evergreen/run-azure-kms-tests.sh | 2 +- .evergreen/run-gcp-kms-tests.sh | 2 +- .evergreen/run-serverless-tests.sh | 2 +- .evergreen/run-tests.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.evergreen/run-azure-kms-tests.sh b/.evergreen/run-azure-kms-tests.sh index 86fe9d1de17..9e715e1bee8 100644 --- a/.evergreen/run-azure-kms-tests.sh +++ b/.evergreen/run-azure-kms-tests.sh @@ -9,7 +9,7 @@ source ".evergreen/init-nvm.sh" set -o xtrace -npm install --force 'mongodb-client-encryption@2.7.0-alpha.0' +npm install --force 'mongodb-client-encryption@latest' export MONGODB_URI="mongodb://localhost:27017" diff --git a/.evergreen/run-gcp-kms-tests.sh b/.evergreen/run-gcp-kms-tests.sh index e66bbe05c19..fe77ea1dfde 100644 --- a/.evergreen/run-gcp-kms-tests.sh +++ b/.evergreen/run-gcp-kms-tests.sh @@ -9,7 +9,7 @@ source ".evergreen/init-nvm.sh" set -o xtrace -npm install 'mongodb-client-encryption@2.7.0-alpha.0' +npm install 'mongodb-client-encryption@latest' npm install 'gcp-metadata' export MONGODB_URI="mongodb://localhost:27017" diff --git a/.evergreen/run-serverless-tests.sh b/.evergreen/run-serverless-tests.sh index 12373372719..c226c5b707c 100755 --- a/.evergreen/run-serverless-tests.sh +++ b/.evergreen/run-serverless-tests.sh @@ -10,7 +10,7 @@ if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi if [ -z ${SERVERLESS_ATLAS_USER+omitted} ]; then echo "SERVERLESS_ATLAS_USER is unset" && exit 1; fi if [ -z ${SERVERLESS_ATLAS_PASSWORD+omitted} ]; then echo "SERVERLESS_ATLAS_PASSWORD is unset" && exit 1; fi -npm install 'mongodb-client-encryption@2.7.0-alpha.0' +npm install 'mongodb-client-encryption@latest' npx mocha \ --config test/mocha_mongodb.json \ diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 19f3f474b7a..12fd10ffc10 100755 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -52,7 +52,7 @@ else source "$DRIVERS_TOOLS"/.evergreen/csfle/set-temp-creds.sh fi -npm install --force 'mongodb-client-encryption@2.7.0-alpha.0' +npm install 'mongodb-client-encryption@latest' npm install @mongodb-js/zstd npm install snappy From bacfd7de8770b993d1bc14d8f3ab7dc6dcf1109d Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 13:40:24 -0400 Subject: [PATCH 11/17] refactor: move test skipping into filter --- global.d.ts | 1 + ...ion.prose.18.azure_kms_mock_server.test.ts | 66 ++++++------------- .../runner/filters/idms_mock_server_filter.js | 59 +++++++++++++++++ test/types/encryption.test-d.ts | 5 +- 4 files changed, 83 insertions(+), 48 deletions(-) create mode 100644 test/tools/runner/filters/idms_mock_server_filter.js diff --git a/global.d.ts b/global.d.ts index 83c66eace0d..010e123336b 100644 --- a/global.d.ts +++ b/global.d.ts @@ -11,6 +11,7 @@ declare global { clientSideEncryption?: boolean; serverless?: 'forbid' | 'allow' | 'require'; auth?: 'enabled' | 'disabled'; + idmsMockServer?: true; }; sessions?: { diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts index 081af950fc0..2d5382c0134 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts @@ -1,31 +1,8 @@ import { expect } from 'chai'; -import { get } from 'http'; import { Document } from '../../mongodb'; const BASE_URL = new URL(`http://127.0.0.1:8080/metadata/identity/oauth2/token`); - -async function isMockServerSetup() { - const url = (() => { - const copiedURL = new URL(BASE_URL); - - // minimum configuration for the mock server not to throw an error when responding. - copiedURL.searchParams.append('api-version', '2018-02-01'); - copiedURL.searchParams.append('resource', 'https://vault.azure.net'); - return copiedURL; - })(); - return new Promise((resolve, reject) => { - get(url, res => { - if (res.statusCode === 200) { - return resolve(); - } - return reject('server not running'); - }) - .on('error', error => reject(error)) - .end(); - }); -} - class KMSRequestOptions { url: URL = BASE_URL; headers: Document; @@ -39,28 +16,27 @@ class KMSRequestOptions { } } +const metadata: MongoDBMetadataUI = { + requires: { + clientSideEncryption: true, + idmsMockServer: true + } +}; + context('Azure KMS Mock Server Tests', function () { let fetchAzureKMSToken: (options: { url: URL; headers: Document; }) => Promise<{ accessToken: string }>; - let MongoCryptAzureKMSRequestError: Error; + let MongoCryptAzureKMSRequestError; - const AZURE_KMS_TEST_EXPORTS = '___azureKMSProseTestExports'; beforeEach(async function () { - try { - await isMockServerSetup(); - } catch { - this.currentTest.skipReason = 'Test requires mock azure identity endpoint to be running.'; - this.test?.skip(); - } - - fetchAzureKMSToken = this.configuration.mongodbClientEncryption[AZURE_KMS_TEST_EXPORTS]; - KMSRequestFailedError = + fetchAzureKMSToken = this.configuration.mongodbClientEncryption['___azureKMSProseTestExports']; + MongoCryptAzureKMSRequestError = this.configuration.mongodbClientEncryption.MongoCryptAzureKMSRequestError; }); - context('Case 1: Success', function () { + context('Case 1: Success', metadata, function () { // Do not set an ``X-MongoDB-HTTP-TestParams`` header. // Upon receiving a response from ``fake_azure``, the driver must decode the @@ -78,7 +54,7 @@ context('Azure KMS Mock Server Tests', function () { }); }); - context('Case 2: Empty JSON', function () { + context('Case 2: Empty JSON', metadata, function () { // This case addresses a server returning valid JSON with invalid content. // Set ``X-MongoDB-HTTP-TestParams`` to ``case=empty-json``. // Upon receiving a response: @@ -90,11 +66,11 @@ context('Azure KMS Mock Server Tests', function () { it('returns an error', async () => { const error = await fetchAzureKMSToken(new KMSRequestOptions('empty-json')).catch(e => e); - expect(credentials).to.be.instanceof(KMSRequestFailedError); + expect(error).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); - context('Case 3: Bad JSON', function () { + context('Case 3: Bad JSON', metadata, function () { // This case addresses a server returning malformed JSON. // Set ``X-MongoDB-HTTP-TestParams`` to ``case=bad-json``. // Upon receiving a response: @@ -105,11 +81,11 @@ context('Azure KMS Mock Server Tests', function () { it('returns an error', async () => { const credentials = await fetchAzureKMSToken(new KMSRequestOptions('bad-json')).catch(e => e); - expect(credentials).to.be.instanceof(KMSRequestFailedError); + expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); - context('Case 4: HTTP 404', function () { + context('Case 4: HTTP 404', metadata, function () { // This case addresses a server returning a "Not Found" response. This is // documented to occur spuriously within an Azure environment. // Set ``X-MongoDB-HTTP-TestParams`` to ``case=404``. @@ -120,11 +96,11 @@ context('Azure KMS Mock Server Tests', function () { it('returns an error', async () => { const credentials = await fetchAzureKMSToken(new KMSRequestOptions('404')).catch(e => e); - expect(credentials).to.be.instanceof(KMSRequestFailedError); + expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); - context('Case 5: HTTP 500', function () { + context('Case 5: HTTP 500', metadata, function () { // This case addresses an IMDS server reporting an internal error. This is // documented to occur spuriously within an Azure environment. // Set ``X-MongoDB-HTTP-TestParams`` to ``case=500``. @@ -135,11 +111,11 @@ context('Azure KMS Mock Server Tests', function () { it('returns an error', async () => { const credentials = await fetchAzureKMSToken(new KMSRequestOptions('500')).catch(e => e); - expect(credentials).to.be.instanceof(KMSRequestFailedError); + expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); - context('Case 6: Slow Response', function () { + context('Case 6: Slow Response', metadata, function () { // This case addresses an IMDS server responding very slowly. Drivers should not // halt the application waiting on a peer to communicate. // Set ``X-MongoDB-HTTP-TestParams`` to ``case=slow``. @@ -148,7 +124,7 @@ context('Azure KMS Mock Server Tests', function () { it('returns an error after the request times out', async () => { const credentials = await fetchAzureKMSToken(new KMSRequestOptions('slow')).catch(e => e); - expect(credentials).to.be.instanceof(KMSRequestFailedError); + expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); }); diff --git a/test/tools/runner/filters/idms_mock_server_filter.js b/test/tools/runner/filters/idms_mock_server_filter.js new file mode 100644 index 00000000000..c334c915792 --- /dev/null +++ b/test/tools/runner/filters/idms_mock_server_filter.js @@ -0,0 +1,59 @@ +'use strict'; + +const { get } = require('http'); + +async function isMockServerSetup() { + const url = (() => { + const url = new URL(`http://127.0.0.1:8080/metadata/identity/oauth2/token`); + + // minimum configuration for the mock server not to throw an error when responding. + url.searchParams.append('api-version', '2018-02-01'); + url.searchParams.append('resource', 'https://vault.azure.net'); + return url; + })(); + return new Promise((resolve, reject) => { + get(url, res => { + if (res.statusCode === 200) { + return resolve(); + } + return reject('server not running'); + }) + .on('error', error => reject(error)) + .end(); + }); +} + +/** + * Filter for tests that require the mock idms server to be running. + * + * example: + * metadata: { + * requires: { + * idmsMockServer: true + * } + * } + */ +class IDMSMockServerFilter { + initializeFilter(client, context, callback) { + isMockServerSetup() + .then( + () => (this.isRunning = true), + () => (this.isRunning = false) + ) + .then(() => callback()); + } + + filter(test) { + if (!test.metadata) return true; + if (!test.metadata.requires) return true; + if (!test.metadata.requires.idmsMockServer) return true; + + const requiresMockServer = test.metadata.requires.idmsMockServer; + if (!requiresMockServer) { + return true; + } + return this.isRunning; + } +} + +module.exports = IDMSMockServerFilter; diff --git a/test/types/encryption.test-d.ts b/test/types/encryption.test-d.ts index 390b9307f2f..a22400e6190 100644 --- a/test/types/encryption.test-d.ts +++ b/test/types/encryption.test-d.ts @@ -1,4 +1,4 @@ -import { expectAssignable, expectNotAssignable } from 'tsd'; +import { expectAssignable } from 'tsd'; import type { AutoEncryptionOptions } from '../mongodb'; @@ -10,8 +10,7 @@ expectAssignable({ } }); -// TODO(NODE-4537): Azure support -expectNotAssignable({ +expectAssignable({ kmsProviders: { azure: {} } From 278ac8ec1eb83856a2dc73099d70a0cb41cb83cd Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 13:50:37 -0400 Subject: [PATCH 12/17] chore: add logic to check to TEST_CSFLE --- test/tools/runner/filters/idms_mock_server_filter.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/tools/runner/filters/idms_mock_server_filter.js b/test/tools/runner/filters/idms_mock_server_filter.js index c334c915792..04998541897 100644 --- a/test/tools/runner/filters/idms_mock_server_filter.js +++ b/test/tools/runner/filters/idms_mock_server_filter.js @@ -52,6 +52,9 @@ class IDMSMockServerFilter { if (!requiresMockServer) { return true; } + if (process.env.TEST_CSFLE && !this.isRunning) { + throw new Error('Expected Azure KMS server to be running.'); + } return this.isRunning; } } From 3a1c9797d417cffb0cd9ddba37fd1a1ebcb3486d Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 13:52:25 -0400 Subject: [PATCH 13/17] adjustl ogic --- .evergreen/config.in.yml | 3 -- .evergreen/config.yml | 50 -------------------------- .evergreen/generate_evergreen_tasks.js | 1 - 3 files changed, 54 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 56478f80067..067f1162c04 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -94,8 +94,6 @@ functions: - .evergreen/run-kms-servers.sh env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} - - "bootstrap azure idms server": - command: subprocess.exec params: background: true @@ -1074,7 +1072,6 @@ tasks: commands: - func: install dependencies - func: bootstrap kms servers - - func: bootstrap azure idms server - func: "run serverless tests" - name: run-spec-benchmark-tests diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a08c5d2bb67..a2776990818 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -68,7 +68,6 @@ functions: - .evergreen/run-kms-servers.sh env: DRIVERS_TOOLS: ${DRIVERS_TOOLS} - bootstrap azure idms server: - command: subprocess.exec params: background: true @@ -1013,7 +1012,6 @@ tasks: commands: - func: install dependencies - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run serverless tests - name: run-spec-benchmark-tests tags: @@ -1126,7 +1124,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-latest-replica_set tags: @@ -1140,7 +1137,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-latest-sharded_cluster tags: @@ -1154,7 +1150,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-rapid-server tags: @@ -1168,7 +1163,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-rapid-replica_set tags: @@ -1182,7 +1176,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-rapid-sharded_cluster tags: @@ -1196,7 +1189,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-6.0-server tags: @@ -1210,7 +1202,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-6.0-replica_set tags: @@ -1224,7 +1215,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-6.0-sharded_cluster tags: @@ -1238,7 +1228,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-5.0-server tags: @@ -1252,7 +1241,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-5.0-replica_set tags: @@ -1266,7 +1254,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-5.0-sharded_cluster tags: @@ -1280,7 +1267,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.4-server tags: @@ -1294,7 +1280,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.4-replica_set tags: @@ -1308,7 +1293,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.4-sharded_cluster tags: @@ -1322,7 +1306,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.2-server tags: @@ -1336,7 +1319,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.2-replica_set tags: @@ -1350,7 +1332,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.2-sharded_cluster tags: @@ -1364,7 +1345,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.0-server tags: @@ -1378,7 +1358,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.0-replica_set tags: @@ -1392,7 +1371,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.0-sharded_cluster tags: @@ -1406,7 +1384,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-3.6-server tags: @@ -1420,7 +1397,6 @@ tasks: TOPOLOGY: server AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-3.6-replica_set tags: @@ -1434,7 +1410,6 @@ tasks: TOPOLOGY: replica_set AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-3.6-sharded_cluster tags: @@ -1448,7 +1423,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: auth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-latest-server-v1-api tags: @@ -2649,7 +2623,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-latest-replica_set-noauth tags: @@ -2664,7 +2637,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-latest-sharded_cluster-noauth tags: @@ -2679,7 +2651,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-rapid-server-noauth tags: @@ -2694,7 +2665,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-rapid-replica_set-noauth tags: @@ -2709,7 +2679,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-rapid-sharded_cluster-noauth tags: @@ -2724,7 +2693,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-6.0-server-noauth tags: @@ -2739,7 +2707,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-6.0-replica_set-noauth tags: @@ -2754,7 +2721,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-6.0-sharded_cluster-noauth tags: @@ -2769,7 +2735,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-5.0-server-noauth tags: @@ -2784,7 +2749,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-5.0-replica_set-noauth tags: @@ -2799,7 +2763,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-5.0-sharded_cluster-noauth tags: @@ -2814,7 +2777,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.4-server-noauth tags: @@ -2829,7 +2791,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.4-replica_set-noauth tags: @@ -2844,7 +2805,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.4-sharded_cluster-noauth tags: @@ -2859,7 +2819,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.2-server-noauth tags: @@ -2874,7 +2833,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.2-replica_set-noauth tags: @@ -2889,7 +2847,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.2-sharded_cluster-noauth tags: @@ -2904,7 +2861,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.0-server-noauth tags: @@ -2919,7 +2875,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.0-replica_set-noauth tags: @@ -2934,7 +2889,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-4.0-sharded_cluster-noauth tags: @@ -2949,7 +2903,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-3.6-server-noauth tags: @@ -2964,7 +2917,6 @@ tasks: TOPOLOGY: server AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-3.6-replica_set-noauth tags: @@ -2979,7 +2931,6 @@ tasks: TOPOLOGY: replica_set AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-3.6-sharded_cluster-noauth tags: @@ -2994,7 +2945,6 @@ tasks: TOPOLOGY: sharded_cluster AUTH: noauth - func: bootstrap kms servers - - func: bootstrap azure idms server - func: run tests - name: test-lambda-example tags: diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 090edfde40b..82ee2cb4cdb 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -54,7 +54,6 @@ function makeTask({ mongoVersion, topology, tags = [], auth = 'auth' }) { } }, { func: 'bootstrap kms servers' }, - { func: 'bootstrap azure idms server' }, { func: 'run tests' } ] }; From d4b482279d8df4ff8c017f26645ad293572e6fe8 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 14:03:19 -0400 Subject: [PATCH 14/17] chore: remove curl error workaround --- .evergreen/install-dependencies.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/.evergreen/install-dependencies.sh b/.evergreen/install-dependencies.sh index 071a2cdead9..17148dca660 100644 --- a/.evergreen/install-dependencies.sh +++ b/.evergreen/install-dependencies.sh @@ -74,10 +74,7 @@ echo "Node.js ${node_index_version} for ${operating_system}-${architecture} rele set -o xtrace -set +o errexit curl "${CURL_FLAGS[@]}" "${node_download_url}" --output "$node_archive_path" -if [[ $? -eq 92 ]]; then exit 1; fi -set -o errexit if [[ "$file_extension" = "zip" ]]; then unzip -q "$node_archive_path" -d "${NODE_ARTIFACTS_PATH}" From 01b747313d192d66d1135c082478d93807300c9d Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 14:04:07 -0400 Subject: [PATCH 15/17] fix variable names --- ...yption.prose.18.azure_kms_mock_server.test.ts | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts index 2d5382c0134..69b4c8aa593 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts +++ b/test/integration/client-side-encryption/client_side_encryption.prose.18.azure_kms_mock_server.test.ts @@ -79,9 +79,9 @@ context('Azure KMS Mock Server Tests', function () { // The test case should ensure that this error condition is handled gracefully. it('returns an error', async () => { - const credentials = await fetchAzureKMSToken(new KMSRequestOptions('bad-json')).catch(e => e); + const error = await fetchAzureKMSToken(new KMSRequestOptions('bad-json')).catch(e => e); - expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); + expect(error).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); @@ -94,9 +94,9 @@ context('Azure KMS Mock Server Tests', function () { // 2. The response body is unspecified. // The test case should ensure that this error condition is handled gracefully. it('returns an error', async () => { - const credentials = await fetchAzureKMSToken(new KMSRequestOptions('404')).catch(e => e); + const error = await fetchAzureKMSToken(new KMSRequestOptions('404')).catch(e => e); - expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); + expect(error).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); @@ -109,9 +109,9 @@ context('Azure KMS Mock Server Tests', function () { // 2. The response body is unspecified. // The test case should ensure that this error condition is handled gracefully. it('returns an error', async () => { - const credentials = await fetchAzureKMSToken(new KMSRequestOptions('500')).catch(e => e); + const error = await fetchAzureKMSToken(new KMSRequestOptions('500')).catch(e => e); - expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); + expect(error).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); @@ -122,9 +122,9 @@ context('Azure KMS Mock Server Tests', function () { // The HTTP response from the ``fake_azure`` server will take at least 1000 seconds // to complete. The request should fail with a timeout. it('returns an error after the request times out', async () => { - const credentials = await fetchAzureKMSToken(new KMSRequestOptions('slow')).catch(e => e); + const error = await fetchAzureKMSToken(new KMSRequestOptions('slow')).catch(e => e); - expect(credentials).to.be.instanceof(MongoCryptAzureKMSRequestError); + expect(error).to.be.instanceof(MongoCryptAzureKMSRequestError); }); }); }); From cdfa84620889e735f712d9e521eb0d8ec86521be Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 14:41:51 -0400 Subject: [PATCH 16/17] update pinned commit --- .evergreen/config.yml | 6 +++--- .evergreen/generate_evergreen_tasks.js | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a2776990818..979e283d763 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -2534,7 +2534,7 @@ tasks: - func: bootstrap kms servers - func: run custom csfle tests vars: - CSFLE_GIT_REF: 77b51c00ab4ff58916dd39f55657e1ecc0af281c + CSFLE_GIT_REF: cd7e938619aa52ce652d13690780df5f383bbef0 - name: run-custom-csfle-tests-5.0-master tags: - run-custom-dependency-tests @@ -2564,7 +2564,7 @@ tasks: - func: bootstrap kms servers - func: run custom csfle tests vars: - CSFLE_GIT_REF: 77b51c00ab4ff58916dd39f55657e1ecc0af281c + CSFLE_GIT_REF: cd7e938619aa52ce652d13690780df5f383bbef0 - name: run-custom-csfle-tests-rapid-master tags: - run-custom-dependency-tests @@ -2594,7 +2594,7 @@ tasks: - func: bootstrap kms servers - func: run custom csfle tests vars: - CSFLE_GIT_REF: 77b51c00ab4ff58916dd39f55657e1ecc0af281c + CSFLE_GIT_REF: cd7e938619aa52ce652d13690780df5f383bbef0 - name: run-custom-csfle-tests-latest-master tags: - run-custom-dependency-tests diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js index 82ee2cb4cdb..c10fb270612 100644 --- a/.evergreen/generate_evergreen_tasks.js +++ b/.evergreen/generate_evergreen_tasks.js @@ -595,7 +595,7 @@ BUILD_VARIANTS.push({ const oneOffFuncAsTasks = []; -const FLE_PINNED_COMMIT = '77b51c00ab4ff58916dd39f55657e1ecc0af281c'; +const FLE_PINNED_COMMIT = 'cd7e938619aa52ce652d13690780df5f383bbef0'; for (const version of ['5.0', 'rapid', 'latest']) { for (const ref of [FLE_PINNED_COMMIT, 'master']) { From 13b8520927d4e3b3628663b2fda754b0628e5b3c Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 20 Mar 2023 18:02:56 -0400 Subject: [PATCH 17/17] bump mongodb-client-encryption version to latest --- .evergreen/config.in.yml | 2 +- .evergreen/config.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml index 067f1162c04..21461f23173 100644 --- a/.evergreen/config.in.yml +++ b/.evergreen/config.in.yml @@ -1163,7 +1163,7 @@ tasks: binary: bash add_expansions_to_env: true env: - AZUREKMS_CMD: "ls && env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh" + AZUREKMS_CMD: "env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh" args: - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 979e283d763..8ffdfc86cf4 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1093,7 +1093,7 @@ tasks: binary: bash add_expansions_to_env: true env: - AZUREKMS_CMD: ls && env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh + AZUREKMS_CMD: env EXPECTED_AZUREKMS_OUTCOME=success bash src/.evergreen/run-azure-kms-tests.sh args: - ${DRIVERS_TOOLS}/.evergreen/csfle/azurekms/run-command.sh - name: test-azurekms-fail-task