Skip to content

Commit dfbe10f

Browse files
DmitryLukyanovDmitryLukyanov
authored
CSHARP-4106: Add ClientEncryption entity and Key Management API operations to Unified Test Format. (#826)
1 parent 0d720c8 commit dfbe10f

File tree

188 files changed

+10565
-919
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

188 files changed

+10565
-919
lines changed

build.cake

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -420,7 +420,7 @@ Task("TestCsfleWithMockedKmsNet472").IsDependentOn("TestCsfleWithMockedKms");
420420
Task("TestCsfleWithMockedKmsNetStandard20").IsDependentOn("TestCsfleWithMockedKms");
421421
Task("TestCsfleWithMockedKmsNetStandard21").IsDependentOn("TestCsfleWithMockedKms");
422422

423-
Task("TestMongocryptd")
423+
Task("TestCsfleWithMongocryptd")
424424
.IsDependentOn("Build")
425425
.DoesForEach(
426426
items: GetFiles("./**/*.Tests.csproj"),
@@ -443,9 +443,9 @@ Task("TestMongocryptd")
443443
);
444444
});
445445

446-
Task("TestMongocryptdNet472").IsDependentOn("TestMongocryptd");
447-
Task("TestMongocryptdNetStandard20").IsDependentOn("TestMongocryptd");
448-
Task("TestMongocryptdNetStandard21").IsDependentOn("TestMongocryptd");
446+
Task("TestCsfleWithMongocryptdNet472").IsDependentOn("TestCsfleWithMongocryptd");
447+
Task("TestCsfleWithMongocryptdNetStandard20").IsDependentOn("TestCsfleWithMongocryptd");
448+
Task("TestCsfleWithMongocryptdNetStandard21").IsDependentOn("TestCsfleWithMongocryptd");
449449

450450
Task("Docs")
451451
.IsDependentOn("ApiDocs")

evergreen/evergreen.yml

Lines changed: 57 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -47,9 +47,12 @@ functions:
4747
4848
export DRIVERS_TOOLS="$(pwd)/../drivers-tools"
4949
50-
# Python has cygwin path problems on Windows. Detect prospective mongo-orchestration home directory
5150
if [ "Windows_NT" = "$OS" ]; then # Magic variable in cygwin
51+
# Python has cygwin path problems on Windows. Detect prospective mongo-orchestration home directory
5252
export DRIVERS_TOOLS=$(cygpath -m $DRIVERS_TOOLS)
53+
else
54+
# non windows OSs don't have dotnet in the PATH
55+
export PATH=$PATH:/usr/share/dotnet
5356
fi
5457
5558
export MONGO_ORCHESTRATION_HOME="$DRIVERS_TOOLS/.evergreen/orchestration"
@@ -80,6 +83,21 @@ functions:
8083
# See what we've done
8184
cat expansion.yml
8285
86+
# Add CSFLE variables that shouldn't be output to the logs
87+
cat <<EOT >> expansion.yml
88+
PREPARE_CSFLE: |
89+
set +o xtrace # Disable tracing.
90+
export FLE_AWS_ACCESS_KEY_ID=${FLE_AWS_ACCESS_KEY_ID}
91+
export FLE_AWS_SECRET_ACCESS_KEY=${FLE_AWS_SECRET_ACCESS_KEY}
92+
export FLE_AZURE_TENANT_ID=${FLE_AZURE_TENANT_ID}
93+
export FLE_AZURE_CLIENT_ID=${FLE_AZURE_CLIENT_ID}
94+
export FLE_AZURE_CLIENT_SECRET=${FLE_AZURE_CLIENT_SECRET}
95+
export FLE_GCP_EMAIL=${FLE_GCP_EMAIL}
96+
export FLE_GCP_PRIVATE_KEY=${FLE_GCP_PRIVATE_KEY}
97+
set -o xtrace # Enable tracing.
98+
EOT
99+
# Do not output expansion.yml contents after this point
100+
83101
# Load the expansion file to make an evergreen variable with the current unique version
84102
- command: expansions.update
85103
params:
@@ -282,13 +300,7 @@ functions:
282300
working_dir: mongo-csharp-driver
283301
script: |
284302
set +x
285-
export FLE_AWS_ACCESS_KEY_ID=${FLE_AWS_ACCESS_KEY_ID}
286-
export FLE_AWS_SECRET_ACCESS_KEY=${FLE_AWS_SECRET_ACCESS_KEY}
287-
export FLE_AZURE_TENANT_ID=${FLE_AZURE_TENANT_ID}
288-
export FLE_AZURE_CLIENT_ID=${FLE_AZURE_CLIENT_ID}
289-
export FLE_AZURE_CLIENT_SECRET=${FLE_AZURE_CLIENT_SECRET}
290-
export FLE_GCP_EMAIL=${FLE_GCP_EMAIL}
291-
export FLE_GCP_PRIVATE_KEY=${FLE_GCP_PRIVATE_KEY}
303+
${PREPARE_CSFLE}
292304
. ./evergreen/set-virtualenv.sh
293305
. ./evergreen/set-temp-fle-aws-creds.sh
294306
${PREPARE_SHELL}
@@ -310,23 +322,19 @@ functions:
310322
OS=${OS} \
311323
evergreen/cleanup-test-resources.sh
312324
313-
run-csfle-tests-with-mocked-kms:
325+
run-csfle-with-mocked-kms-tests:
314326
- command: shell.exec
315327
type: test
316328
params:
317329
working_dir: "mongo-csharp-driver"
318330
script: |
319331
set +x
320-
export FLE_AWS_ACCESS_KEY_ID=${FLE_AWS_ACCESS_KEY_ID}
321-
export FLE_AWS_SECRET_ACCESS_KEY=${FLE_AWS_SECRET_ACCESS_KEY}
322-
export FLE_AZURE_TENANT_ID=${FLE_AZURE_TENANT_ID}
323-
export FLE_AZURE_CLIENT_ID=${FLE_AZURE_CLIENT_ID}
324-
export FLE_AZURE_CLIENT_SECRET=${FLE_AZURE_CLIENT_SECRET}
325-
export FLE_GCP_EMAIL=${FLE_GCP_EMAIL}
326-
export FLE_GCP_PRIVATE_KEY=${FLE_GCP_PRIVATE_KEY}
332+
${PREPARE_CSFLE}
327333
export KMS_MOCK_SERVERS_ENABLED=true
328334
${PREPARE_SHELL}
329335
set +o xtrace
336+
OS=${OS} \
337+
. ./evergreen/fetch-crypt_shared-library.sh
330338
OS=${OS} \
331339
evergreen/add-ca-certs.sh
332340
AUTH=${AUTH} \
@@ -341,20 +349,14 @@ functions:
341349
OS=${OS} \
342350
evergreen/cleanup-test-resources.sh
343351
344-
run-mongocryptd-tests:
352+
run-csfle-with-mongocryptd-tests:
345353
- command: shell.exec
346354
type: test
347355
params:
348356
working_dir: mongo-csharp-driver
349357
script: |
350358
set +x
351-
export FLE_AWS_ACCESS_KEY_ID=${FLE_AWS_ACCESS_KEY_ID}
352-
export FLE_AWS_SECRET_ACCESS_KEY=${FLE_AWS_SECRET_ACCESS_KEY}
353-
export FLE_AZURE_TENANT_ID=${FLE_AZURE_TENANT_ID}
354-
export FLE_AZURE_CLIENT_ID=${FLE_AZURE_CLIENT_ID}
355-
export FLE_AZURE_CLIENT_SECRET=${FLE_AZURE_CLIENT_SECRET}
356-
export FLE_GCP_EMAIL=${FLE_GCP_EMAIL}
357-
export FLE_GCP_PRIVATE_KEY=${FLE_GCP_PRIVATE_KEY}
359+
${PREPARE_CSFLE}
358360
. ./evergreen/set-virtualenv.sh
359361
. ./evergreen/set-temp-fle-aws-creds.sh
360362
${PREPARE_SHELL}
@@ -368,8 +370,7 @@ functions:
368370
COMPRESSOR=${COMPRESSOR} \
369371
CLIENT_PEM=${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem \
370372
REQUIRE_API_VERSION=${REQUIRE_API_VERSION} \
371-
TEST_MONGOCRYPTD="true" \
372-
TARGET="TestMongocryptd" \
373+
TARGET="TestCsfleWithMongocryptd" \
373374
FRAMEWORK=${FRAMEWORK} \
374375
evergreen/run-tests.sh
375376
echo "Skipping certificate removal..."
@@ -872,51 +873,51 @@ tasks:
872873
vars:
873874
FRAMEWORK: netstandard21
874875

875-
- name: test-mongocryptd-net472
876+
- name: test-csfle-with-mongocryptd-net472
876877
commands:
877878
- func: bootstrap-mongo-orchestration
878-
- func: run-mongocryptd-tests
879+
- func: run-csfle-with-mongocryptd-tests
879880
vars:
880881
FRAMEWORK: net472
881882

882-
- name: test-mongocryptd-netstandard20
883+
- name: test-csfle-with-mongocryptd-netstandard20
883884
commands:
884885
- func: bootstrap-mongo-orchestration
885-
- func: run-mongocryptd-tests
886+
- func: run-csfle-with-mongocryptd-tests
886887
vars:
887888
FRAMEWORK: netstandard20
888889

889-
- name: test-mongocryptd-netstandard21
890+
- name: test-csfle-with-mongocryptd-netstandard21
890891
commands:
891892
- func: bootstrap-mongo-orchestration
892-
- func: run-mongocryptd-tests
893+
- func: run-csfle-with-mongocryptd-tests
893894
vars:
894895
FRAMEWORK: netstandard21
895896

896-
- name: test-kms-tls-mocked-net472
897+
- name: test-csfle-with-mocked-kms-tls-net472
897898
commands:
898899
- func: start-kms-mock-servers
899900
- func: start-kms-kmip-server
900901
- func: bootstrap-mongo-orchestration
901-
- func: run-csfle-tests-with-mocked-kms
902+
- func: run-csfle-with-mocked-kms-tests
902903
vars:
903904
FRAMEWORK: net472
904905

905-
- name: test-kms-tls-mocked-netstandard20
906+
- name: test-csfle-with-mocked-kms-tls-netstandard20
906907
commands:
907908
- func: start-kms-mock-servers
908909
- func: start-kms-kmip-server
909910
- func: bootstrap-mongo-orchestration
910-
- func: run-csfle-tests-with-mocked-kms
911+
- func: run-csfle-with-mocked-kms-tests
911912
vars:
912913
FRAMEWORK: netstandard20
913914

914-
- name: test-kms-tls-mocked-netstandard21
915+
- name: test-csfle-with-mocked-kms-tls-netstandard21
915916
commands:
916917
- func: start-kms-mock-servers
917918
- func: start-kms-kmip-server
918919
- func: bootstrap-mongo-orchestration
919-
- func: run-csfle-tests-with-mocked-kms
920+
- func: run-csfle-with-mocked-kms-tests
920921
vars:
921922
FRAMEWORK: netstandard21
922923

@@ -1721,40 +1722,40 @@ buildvariants:
17211722
matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
17221723
display_name: "CSFLE Mocked KMS ${version} ${os}"
17231724
tasks:
1724-
- name: test-kms-tls-mocked-net472
1725-
- name: test-kms-tls-mocked-netstandard20
1726-
- name: test-kms-tls-mocked-netstandard21
1725+
- name: test-csfle-with-mocked-kms-tls-net472
1726+
- name: test-csfle-with-mocked-kms-tls-netstandard20
1727+
- name: test-csfle-with-mocked-kms-tls-netstandard21
17271728

17281729
- matrix_name: "csfle-with-mocked-kms-tests-linux"
17291730
matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
17301731
display_name: "CSFLE Mocked KMS ${version} ${os}"
17311732
tasks:
1732-
- name: test-kms-tls-mocked-netstandard20
1733-
- name: test-kms-tls-mocked-netstandard21
1733+
- name: test-csfle-with-mocked-kms-tls-netstandard20
1734+
- name: test-csfle-with-mocked-kms-tls-netstandard21
17341735

17351736
- matrix_name: "csfle-with-mocked-kms-tests-macOS"
17361737
matrix_spec: { os: "macos-1015", ssl: "nossl", version: [ "5.0", "6.0", "rapid", "latest" ], topology: ["standalone"] }
17371738
display_name: "CSFLE Mocked KMS ${version} ${os}"
17381739
tasks:
1739-
- name: test-kms-tls-mocked-netstandard21
1740+
- name: test-csfle-with-mocked-kms-tls-netstandard21
17401741

1741-
- matrix_name: "csfle1-windows"
1742+
- matrix_name: "csfle-with-mongocryptd-windows"
17421743
matrix_spec: { os: "windows-64", ssl: "nossl", version: [ "4.2", "4.4", "5.0", "6.0", "latest" ], topology: ["replicaset"] }
1743-
display_name: "mongocryptd ${version} ${os}"
1744+
display_name: "CSFLE with mongocryptd ${version} ${os}"
17441745
tasks:
1745-
- name: test-mongocryptd-net472
1746-
- name: test-mongocryptd-netstandard20
1747-
- name: test-mongocryptd-netstandard21
1746+
- name: test-csfle-with-mongocryptd-net472
1747+
- name: test-csfle-with-mongocryptd-netstandard20
1748+
- name: test-csfle-with-mongocryptd-netstandard21
17481749

1749-
- matrix_name: "csfle1-linux"
1750+
- matrix_name: "csfle-with-mongocryptd-linux"
17501751
matrix_spec: { os: "ubuntu-1804", ssl: "nossl", version: [ "4.2", "4.4", "5.0", "6.0", "latest" ], topology: ["replicaset"] }
1751-
display_name: "mongocryptd ${version} ${os}"
1752+
display_name: "CSFLE with mongocryptd ${version} ${os}"
17521753
tasks:
1753-
- name: test-mongocryptd-netstandard20
1754-
- name: test-mongocryptd-netstandard21
1754+
- name: test-csfle-with-mongocryptd-netstandard20
1755+
- name: test-csfle-with-mongocryptd-netstandard21
17551756

1756-
- matrix_name: "csfle1-macOS"
1757+
- matrix_name: "csfle-with-mongocryptd-macOS"
17571758
matrix_spec: { os: "macos-1015", ssl: "nossl", version: [ "4.2", "4.4", "5.0", "6.0", "latest" ], topology: ["replicaset"] }
1758-
display_name: "mongocryptd ${version} ${os}"
1759+
display_name: "CSFLE with mongocryptd ${version} ${os}"
17591760
tasks:
1760-
- name: test-mongocryptd-netstandard21
1761+
- name: test-csfle-with-mongocryptd-netstandard21

evergreen/fetch-crypt_shared-library.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ set -o errexit # Exit the script with an error if any of the commands fail
1414

1515

1616
PYTHON=$(OS=${OS} ${PROJECT_DIRECTORY}/evergreen/get-python-path.sh)
17-
$PYTHON -u ${DRIVERS_TOOLS}/.evergreen/mongodl.py --component crypt_shared --out ${DRIVERS_TOOLS}/evergreen/csfle --version 6.0.0-rc8
17+
$PYTHON -u ${DRIVERS_TOOLS}/.evergreen/mongodl.py --component crypt_shared --out ${DRIVERS_TOOLS}/evergreen/csfle --version 6.0.0-rc13
1818

1919
if [[ "$OS" =~ Windows|windows ]]; then
2020
export CRYPT_SHARED_LIB_PATH="${DRIVERS_TOOLS}/evergreen/csfle/bin/mongo_crypt_v1.dll"

evergreen/run-tests.sh

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,19 @@ provision_compressor () {
6969
# Main Program #
7070
############################################
7171
echo "CRYPT_SHARED_LIB_PATH:" $CRYPT_SHARED_LIB_PATH
72-
echo "TEST_MONGOCRYPTD:" $TEST_MONGOCRYPTD
72+
73+
if [ "$TARGET" == "TestCsfleWithMongocryptd" ]; then
74+
if [ ! -z "${CRYPT_SHARED_LIB_PATH}" ]; then
75+
echo "CRYPT_SHARED_LIB_PATH must be unassigned for CSFLE tests with mongocryptd, but was ${CRYPT_SHARED_LIB_PATH}" 1>&2 # write to stderr
76+
exit 1
77+
fi
78+
else
79+
if [ -z "${CRYPT_SHARED_LIB_PATH}" ]; then
80+
echo "CRYPT_SHARED_LIB_PATH must be assigned, but wasn't" 1>&2 # write to stderr"
81+
exit 1
82+
fi
83+
fi
84+
7385
echo "Initial MongoDB URI:" $MONGODB_URI
7486
echo "Framework: " $FRAMEWORK
7587

src/MongoDB.Driver.Core/MongoDB.Driver.Core.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@
177177
<ItemGroup>
178178
<PackageReference Include="DnsClient" Version="1.6.1" />
179179
<PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.6.2" PrivateAssets="All" />
180-
<PackageReference Include="MongoDB.Libmongocrypt" Version="1.5.3" />
180+
<PackageReference Include="MongoDB.Libmongocrypt" Version="1.5.4" />
181181
<PackageReference Include="SharpCompress" Version="0.30.1" />
182182
<PackageReference Include="System.Buffers" Version="4.5.1" />
183183
<PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1">

src/MongoDB.Driver.Core/ServerErrorCode.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ internal enum ServerErrorCode
2828
FailedToSatisfyReadPreference = 133,
2929
HostNotFound = 7,
3030
HostUnreachable = 6,
31+
DuplicateKey = 11000,
3132
Interrupted = 11601,
3233
InterruptedAtShutdown = 11600,
3334
InterruptedDueToReplStateChange = 11602,

src/MongoDB.Driver/Encryption/AutoEncryptionLibMongoController.cs

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ IMongoClient CreateInternalClient()
5656
// private fields
5757
private readonly IMongoClient _internalClient;
5858
private readonly IMongoClient _metadataClient;
59-
private readonly IMongoClient _mongocryptdClient;
59+
private readonly Lazy<IMongoClient> _mongocryptdClient;
6060
private readonly MongocryptdFactory _mongocryptdFactory;
6161

6262
// constructors
@@ -75,15 +75,20 @@ private AutoEncryptionLibMongoCryptController(
7575
_internalClient = internalClient; // can be null
7676
_metadataClient = metadataClient; // can be null
7777
_mongocryptdFactory = new MongocryptdFactory(autoEncryptionOptions.ExtraOptions, autoEncryptionOptions.BypassQueryAnalysis);
78-
_mongocryptdClient = _mongocryptdFactory.CreateMongocryptdClient();
78+
_mongocryptdClient = new Lazy<IMongoClient>(() => _mongocryptdFactory.CreateMongocryptdClient(), isThreadSafe: true);
7979
}
8080

8181
// internal properties
8282
/// <summary>
83-
/// this property is used by DisposableMongoClient.Dispose to unregister the internal cluster.
83+
/// This property is used by DisposableMongoClient.Dispose to unregister the internal cluster.
8484
/// </summary>
8585
internal IMongoClient InternalClient => _internalClient;
8686

87+
/// <summary>
88+
/// This property is used by DisposableMongoClient.Dispose to unregister the mongocryptd cluster.
89+
/// </summary>
90+
internal IMongoClient MongoCryptdClient => _mongocryptdClient.IsValueCreated ? _mongocryptdClient.Value : null;
91+
8792
// public methods
8893
public byte[] DecryptFields(byte[] encryptedDocumentBytes, CancellationToken cancellationToken)
8994
{
@@ -217,7 +222,7 @@ private async Task ProcessNeedCollectionInfoStateAsync(CryptContext context, str
217222

218223
private void ProcessNeedMongoMarkingsState(CryptContext context, string databaseName, CancellationToken cancellationToken)
219224
{
220-
var database = _mongocryptdClient.GetDatabase(databaseName);
225+
var database = _mongocryptdClient.Value.GetDatabase(databaseName);
221226
var commandBytes = context.GetOperation().ToArray();
222227
var commandDocument = new RawBsonDocument(commandBytes);
223228
var command = new BsonDocumentCommand<BsonDocument>(commandDocument);
@@ -241,7 +246,7 @@ private void ProcessNeedMongoMarkingsState(CryptContext context, string database
241246

242247
private async Task ProcessNeedMongoMarkingsStateAsync(CryptContext context, string databaseName, CancellationToken cancellationToken)
243248
{
244-
var database = _mongocryptdClient.GetDatabase(databaseName);
249+
var database = _mongocryptdClient.Value.GetDatabase(databaseName);
245250
var commandBytes = context.GetOperation().ToArray();
246251
var commandDocument = new RawBsonDocument(commandBytes);
247252
var command = new BsonDocumentCommand<BsonDocument>(commandDocument);
@@ -268,7 +273,7 @@ private void WaitForMongocryptdReady()
268273
var stopwatch = Stopwatch.StartNew();
269274
while (stopwatch.Elapsed < TimeSpan.FromSeconds(5))
270275
{
271-
var clusterDescription = _mongocryptdClient.Cluster?.Description;
276+
var clusterDescription = _mongocryptdClient.Value.Cluster?.Description;
272277
var mongocryptdServer = clusterDescription?.Servers?.FirstOrDefault();
273278
if (mongocryptdServer != null && mongocryptdServer.Type != ServerType.Unknown)
274279
{
@@ -283,7 +288,7 @@ private async Task WaitForMongocryptdReadyAsync()
283288
var stopwatch = Stopwatch.StartNew();
284289
while (stopwatch.Elapsed < TimeSpan.FromSeconds(5))
285290
{
286-
var clusterDescription = _mongocryptdClient.Cluster?.Description;
291+
var clusterDescription = _mongocryptdClient.Value.Cluster?.Description;
287292
var mongocryptdServer = clusterDescription?.Servers?.FirstOrDefault();
288293
if (mongocryptdServer != null && mongocryptdServer.Type != ServerType.Unknown)
289294
{

src/MongoDB.Driver/Encryption/AutoEncryptionOptions.cs

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -271,14 +271,14 @@ public override string ToString()
271271

272272
// internal methods
273273
internal CryptClientSettings ToCryptClientSettings() =>
274-
new CryptClientSettings(
275-
_bypassQueryAnalysis,
276-
ExtraOptions.GetValueOrDefault<string, string, object>("cryptSharedLibPath"),
277-
cryptSharedLibSearchPath: _bypassAutoEncryption ? null : "$SYSTEM",
278-
_encryptedFieldsMap,
279-
ExtraOptions.GetValueOrDefault<bool?, string, object>("cryptSharedLibRequired"),
280-
_kmsProviders,
281-
_schemaMap);
274+
new CryptClientSettings(
275+
_bypassQueryAnalysis,
276+
ExtraOptions.GetValueOrDefault<string, string, object>("cryptSharedLibPath"),
277+
cryptSharedLibSearchPath: _bypassAutoEncryption ? null : "$SYSTEM",
278+
_encryptedFieldsMap,
279+
ExtraOptions.GetValueOrDefault<bool?, string, object>("cryptSharedLibRequired"),
280+
_kmsProviders,
281+
_schemaMap);
282282

283283
// private methods
284284
private bool ExtraOptionsEquals(IReadOnlyDictionary<string, object> x, IReadOnlyDictionary<string, object> y)

0 commit comments

Comments
 (0)