Skip to content

Commit 517aca9

Browse files
gabbyasunciongabbyasuncion
authored
GODRIVER-2237: Run KMS KMIP spec and prose tests in Evergreen (#816)
1 parent 399ea1e commit 517aca9

File tree

4 files changed

+124
-1
lines changed

4 files changed

+124
-1
lines changed

.evergreen/config.yml

Lines changed: 97 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -835,7 +835,39 @@ functions:
835835
background: true
836836
script: |
837837
cd ${DRIVERS_TOOLS}/.evergreen/csfle
838-
./kmstlsvenv/bin/python3 -u kms_http_server.py -v --ca_file ../x509gen/ca.pem --cert_file ../x509gen/${CERT_FILE} --port 8000
838+
./kmstlsvenv/bin/python3 -u kms_http_server.py -v --ca_file ../x509gen/ca.pem --cert_file ../x509gen/${CERT_FILE} --port ${PORT}
839+
840+
start-kms-mock-server-require-client-cert:
841+
- command: shell.exec
842+
params:
843+
script: |
844+
${PREPARE_SHELL}
845+
846+
cd ${DRIVERS_TOOLS}/.evergreen/csfle
847+
. ./activate_venv.sh
848+
- command: shell.exec
849+
params:
850+
background: true
851+
script: |
852+
cd ${DRIVERS_TOOLS}/.evergreen/csfle
853+
./kmstlsvenv/bin/python3 -u kms_http_server.py -v --ca_file ../x509gen/ca.pem --cert_file ../x509gen/${CERT_FILE} --port ${PORT} --require_client_cert
854+
855+
start-kms-kmip-server:
856+
- command: shell.exec
857+
params:
858+
script: |
859+
${PREPARE_SHELL}
860+
861+
cd ${DRIVERS_TOOLS}/.evergreen/csfle
862+
. ./activate_venv.sh
863+
# TODO: Stabilize this pip install with a non-forked version of PyKMIP in https://jira.mongodb.org/browse/GODRIVER-2239
864+
pip install git+https://github.com/kevinAlbs/PyKMIP.git@expand_tls12_ciphers
865+
- command: shell.exec
866+
params:
867+
background: true
868+
script: |
869+
cd ${DRIVERS_TOOLS}/.evergreen/csfle
870+
./kmstlsvenv/bin/python3 -u kms_kmip_server.py --port 5698
839871
840872
run-kms-tls-test:
841873
- command: shell.exec
@@ -864,6 +896,35 @@ functions:
864896
PKG_CONFIG_PATH=$PKG_CONFIG_PATH \
865897
LD_LIBRARY_PATH=$LD_LIBRARY_PATH
866898
899+
run-kmip-tests:
900+
- command: shell.exec
901+
type: test
902+
params:
903+
working_dir: src/go.mongodb.org/mongo-driver
904+
script: |
905+
${PREPARE_SHELL}
906+
export KMS_MOCK_SERVERS_RUNNING="true"
907+
908+
export GOFLAGS=-mod=vendor
909+
AUTH="${AUTH}" \
910+
SSL="${SSL}" \
911+
MONGODB_URI="${MONGODB_URI}" \
912+
TOPOLOGY="${TOPOLOGY}" \
913+
MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \
914+
BUILD_TAGS="-tags cse" \
915+
AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" \
916+
AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" \
917+
AZURE_TENANT_ID="${cse_azure_tenant_id}" \
918+
AZURE_CLIENT_ID="${cse_azure_client_id}" \
919+
AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \
920+
GCP_EMAIL="${cse_gcp_email}" \
921+
GCP_PRIVATE_KEY="${cse_gcp_private_key}" \
922+
CSFLE_TLS_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem"
923+
CSFLE_TLS_CERTIFICATE_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem"
924+
make evg-test-kmip \
925+
PKG_CONFIG_PATH=$PKG_CONFIG_PATH \
926+
LD_LIBRARY_PATH=$LD_LIBRARY_PATH
927+
867928
pre:
868929
- func: fetch-source
869930
- func: prepare-resources
@@ -1693,6 +1754,7 @@ tasks:
16931754
- func: start-kms-mock-server
16941755
vars:
16951756
CERT_FILE: "expired.pem"
1757+
PORT: 8000
16961758
- func: run-kms-tls-test
16971759
vars:
16981760
KMS_TLS_TESTCASE: "INVALID_CERT"
@@ -1711,13 +1773,41 @@ tasks:
17111773
- func: start-kms-mock-server
17121774
vars:
17131775
CERT_FILE: "wrong-host.pem"
1776+
PORT: 8000
17141777
- func: run-kms-tls-test
17151778
vars:
17161779
KMS_TLS_TESTCASE: "INVALID_HOSTNAME"
17171780
TOPOLOGY: "server"
17181781
AUTH: "noauth"
17191782
SSL: "nossl"
17201783

1784+
- name: "test-kms-kmip"
1785+
tags: ["kms-kmip"]
1786+
commands:
1787+
- func: bootstrap-mongo-orchestration
1788+
vars:
1789+
TOPOLOGY: "server"
1790+
AUTH: "noauth"
1791+
SSL: "nossl"
1792+
- func: start-kms-mock-server
1793+
vars:
1794+
CERT_FILE: "expired.pem"
1795+
PORT: 8000
1796+
- func: start-kms-mock-server
1797+
vars:
1798+
CERT_FILE: "wrong-host.pem"
1799+
PORT: 8001
1800+
- func: start-kms-mock-server-require-client-cert
1801+
vars:
1802+
CERT_FILE: "server.pem"
1803+
PORT: 8002
1804+
- func: start-kms-kmip-server
1805+
- func: run-kmip-tests
1806+
vars:
1807+
TOPOLOGY: "server"
1808+
AUTH: "noauth"
1809+
SSL: "nossl"
1810+
17211811
- name: "test-serverless"
17221812
tags: ["serverless"]
17231813
commands:
@@ -2075,3 +2165,9 @@ buildvariants:
20752165
display_name: "Serverless ${os-ssl-40}"
20762166
tasks:
20772167
- "serverless_task_group"
2168+
2169+
- matrix_name: "kms-kmip-test"
2170+
matrix_spec: { version: ["latest"], os-ssl-40: ["ubuntu1804-64-go-1-16"] }
2171+
display_name: "KMS KMIP ${os-ssl-40}"
2172+
tasks:
2173+
- name: ".kms-kmip"

Makefile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,14 @@ evg-test-load-balancers:
171171
evg-test-kms:
172172
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/kms_tls_tests >> test.suite
173173

174+
.PHONY: evg-test-kmip
175+
evg-test-kmip:
176+
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionSpec/kmipKMS >> test.suite
177+
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/data_key_and_double_encryption >> test.suite
178+
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/corpus >> test.suite
179+
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/custom_endpoint >> test.suite
180+
go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/kms_tls_options_test >> test.suite
181+
174182
.PHONY: evg-test-serverless
175183
evg-test-serverless:
176184
go test $(BUILD_TAGS) ./mongo/integration -run TestCrudSpec -v -timeout $(TEST_TIMEOUT)s >> test.suite

mongo/integration/client_side_encryption_prose_test.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,9 @@ func TestClientSideEncryptionProse(t *testing.T) {
140140
}
141141
for _, tc := range testCases {
142142
mt.Run(tc.provider, func(mt *mtest.T) {
143+
if tc.provider == "kmip" && "" == os.Getenv("KMS_MOCK_SERVERS_RUNNING") {
144+
mt.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
145+
}
143146
var startedEvents []*event.CommandStartedEvent
144147
monitor := &event.CommandMonitor{
145148
Started: func(_ context.Context, evt *event.CommandStartedEvent) {
@@ -398,6 +401,9 @@ func TestClientSideEncryptionProse(t *testing.T) {
398401
"expected error '%v' to contain substring '%v'", errStr, viewErrSubstr)
399402
})
400403
mt.RunOpts("corpus", noClientOpts, func(mt *mtest.T) {
404+
if "" == os.Getenv("KMS_MOCK_SERVERS_RUNNING") {
405+
mt.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
406+
}
401407
corpusSchema := readJSONFile(mt, "corpus-schema.json")
402408
localSchemaMap := map[string]interface{}{
403409
"db.coll": corpusSchema,
@@ -772,6 +778,9 @@ func TestClientSideEncryptionProse(t *testing.T) {
772778
}
773779
for _, tc := range testCases {
774780
mt.Run(tc.name, func(mt *mtest.T) {
781+
if strings.Contains(tc.name, "kmip") && "" == os.Getenv("KMS_MOCK_SERVERS_RUNNING") {
782+
mt.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
783+
}
775784
cpt := setup(mt, nil, defaultKvClientOptions, validClientEncryptionOptions)
776785
defer cpt.teardown(mt)
777786

@@ -1168,6 +1177,9 @@ func TestClientSideEncryptionProse(t *testing.T) {
11681177
// These tests only run when 3 KMS HTTP servers and 1 KMS KMIP server are running. See specification for port numbers and necessary arguments:
11691178
// https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#kms-tls-options-tests
11701179
mt.RunOpts("kms tls options tests", noClientOpts, func(mt *mtest.T) {
1180+
if os.Getenv("KMS_MOCK_SERVERS_RUNNING") == "" {
1181+
mt.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
1182+
}
11711183
validKmsProviders := map[string]map[string]interface{}{
11721184
"aws": {
11731185
"accessKeyId": awsAccessKeyID,
@@ -1332,6 +1344,9 @@ func TestClientSideEncryptionProse(t *testing.T) {
13321344

13331345
for _, tc := range testCases {
13341346
mt.Run(tc.name, func(mt *mtest.T) {
1347+
if tc.name == "kmip" && "" == os.Getenv("KMS_MOCK_SERVERS_RUNNING") {
1348+
mt.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
1349+
}
13351350
// call CreateDataKey with CEO no TLS with each provider and corresponding master key
13361351
cpt := setup(mt, nil, defaultKvClientOptions, validClientEncryptionOptionsWithoutClientCert)
13371352
defer cpt.teardown(mt)

mongo/integration/client_side_encryption_spec_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
package integration
1010

1111
import (
12+
"os"
1213
"path"
1314
"testing"
1415
)
@@ -52,6 +53,9 @@ func TestClientSideEncryptionSpec(t *testing.T) {
5253

5354
for _, fileName := range jsonFilesInDir(t, path.Join(dataPath, encryptionSpecName)) {
5455
t.Run(fileName, func(t *testing.T) {
56+
if fileName == "kmipKMS.json" && "" == os.Getenv("KMS_MOCK_SERVERS_RUNNING") {
57+
t.Skipf("Skipping test as KMS_MOCK_SERVERS_RUNNING is not set")
58+
}
5559
runSpecTestFile(t, encryptionSpecName, fileName)
5660
})
5761
}

0 commit comments

Comments
 (0)