Skip to content

Commit 653b149

Browse files
prestonvasquezbenjirewis
prestonvasquez
and
benjirewis
authored
GODRIVER-2352 Key Management API (#975)
Co-authored-by: Benjamin Rewis <[email protected]> Co-authored-by: Benjamin Rewis <[email protected]> Co-authored-by: Benjamin Rewis <[email protected]> Co-authored-by: Benjamin Rewis <[email protected]> Co-authored-by: Benjamin Rewis <[email protected]> Co-authored-by: Benjamin Rewis <[email protected]> Co-authored-by: Benjamin Rewis <[email protected]>
1 parent 65e972a commit 653b149

File tree

150 files changed

+8572
-228
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

150 files changed

+8572
-228
lines changed

.evergreen/config.yml

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -503,6 +503,11 @@ functions:
503503
export AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}"
504504
export AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}"
505505
export AWS_DEFAULT_REGION="us-east-1"
506+
507+
# Set client-side encryption credentials.
508+
export CSFLE_TLS_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem"
509+
export CSFLE_TLS_CERTIFICATE_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem"
510+
506511
${PYTHON3_BINARY} -m venv ./venv
507512
./venv/${VENV_BIN_DIR|bin}/pip3 install boto3
508513
@@ -964,21 +969,24 @@ functions:
964969
cd ${DRIVERS_TOOLS}/.evergreen/csfle
965970
./kmstlsvenv/bin/python3 -u kms_http_server.py -v --ca_file ../x509gen/ca.pem --cert_file ../x509gen/${CERT_FILE} --port ${PORT} --require_client_cert
966971
967-
start-kms-kmip-server:
972+
start-cse-servers:
968973
- command: shell.exec
969974
params:
970975
script: |
971976
${PREPARE_SHELL}
972977
973978
cd ${DRIVERS_TOOLS}/.evergreen/csfle
974-
. ./activate_venv.sh
975-
# TODO: Stabilize this pip install with a non-forked version of PyKMIP in https://jira.mongodb.org/browse/GODRIVER-2239
976-
pip install git+https://github.com/kevinAlbs/PyKMIP.git@expand_tls12_ciphers
979+
source activate_venv.sh || :
977980
- command: shell.exec
978981
params:
979982
background: true
980983
script: |
981984
cd ${DRIVERS_TOOLS}/.evergreen/csfle
985+
. ./activate_venv.sh
986+
987+
# TODO (GODRIVER-2239): Stabilize this pip install with a non-forked version of PyKMIP in
988+
pip install git+https://github.com/kevinAlbs/PyKMIP.git@expand_tls12_ciphers
989+
982990
./kmstlsvenv/bin/python3 -u kms_kmip_server.py --port 5698
983991
984992
run-kms-tls-test:
@@ -1043,6 +1051,7 @@ pre:
10431051
- func: windows-fix
10441052
- func: fix-absolute-paths
10451053
- func: make-files-executable
1054+
- func: start-cse-servers
10461055

10471056
post:
10481057
- command: gotest.parse_files
@@ -1916,7 +1925,6 @@ tasks:
19161925
vars:
19171926
CERT_FILE: "server.pem"
19181927
PORT: 8002
1919-
- func: start-kms-kmip-server
19201928
- func: run-kmip-tests
19211929
vars:
19221930
TOPOLOGY: "server"

.evergreen/run-tests.sh

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,23 @@ if [ "${SKIP_CRYPT_SHARED_LIB_DOWNLOAD}" != "true" ]; then
9696
echo "CRYPT_SHARED_LIB_PATH=$CRYPT_SHARED_LIB_PATH"
9797
fi
9898

99+
# Ensure mock KMS servers are running before starting tests.
100+
await_server() {
101+
for i in $(seq 300); do
102+
# Exit code 7: "Failed to connect to host".
103+
if curl -s "localhost:$2"; test $? -ne 7; then
104+
return 0
105+
else
106+
sleep 1
107+
fi
108+
done
109+
echo "could not detect '$1' server on port $2"
110+
}
111+
# * List servers to await here ...
112+
await_server "KMS", 5698
113+
114+
echo "finished awaiting servers"
115+
99116
AUTH=${AUTH} \
100117
SSL=${SSL} \
101118
MONGO_GO_DRIVER_CA_FILE=${MONGO_GO_DRIVER_CA_FILE} \
@@ -117,6 +134,8 @@ AZURE_CLIENT_ID="${cse_azure_client_id}" \
117134
AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \
118135
GCP_EMAIL="${cse_gcp_email}" \
119136
GCP_PRIVATE_KEY="${cse_gcp_private_key}" \
137+
CSFLE_TLS_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem" \
138+
CSFLE_TLS_CERTIFICATE_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem" \
120139
make evg-test \
121140
PKG_CONFIG_PATH=$PKG_CONFIG_PATH \
122141
LD_LIBRARY_PATH=$LD_LIBRARY_PATH

data/client-side-encryption/aggregate.json renamed to data/client-side-encryption/legacy/aggregate.json

File renamed without changes.

data/client-side-encryption/aggregate.yml renamed to data/client-side-encryption/legacy/aggregate.yml

File renamed without changes.

data/client-side-encryption/awsTemporary.json renamed to data/client-side-encryption/legacy/awsTemporary.json

File renamed without changes.

data/client-side-encryption/awsTemporary.yml renamed to data/client-side-encryption/legacy/awsTemporary.yml

File renamed without changes.

data/client-side-encryption/azureKMS.json renamed to data/client-side-encryption/legacy/azureKMS.json

File renamed without changes.

data/client-side-encryption/azureKMS.yml renamed to data/client-side-encryption/legacy/azureKMS.yml

File renamed without changes.

data/client-side-encryption/badQueries.json renamed to data/client-side-encryption/legacy/badQueries.json

File renamed without changes.

data/client-side-encryption/badQueries.yml renamed to data/client-side-encryption/legacy/badQueries.yml

File renamed without changes.

0 commit comments

Comments
 (0)