mongodb
diff --git a/‎.evergreen/config.yml
Lines changed: 12 additions & 68 deletions b/‎.evergreen/config.yml
Lines changed: 12 additions & 68 deletions
diff --git a/‎.evergreen/run-tests.sh
Lines changed: 110 additions & 0 deletions b/‎.evergreen/run-tests.sh
Lines changed: 110 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 20 additions & 5 deletions b/‎README.md
Lines changed: 20 additions & 5 deletions
diff --git a/‎data/certificates/ca.pem
Lines changed: 0 additions & 21 deletions b/‎data/certificates/ca.pem
Lines changed: 0 additions & 21 deletions
diff --git a/‎data/certificates/client-pkcs8-encrypted.pem
Lines changed: 0 additions & 52 deletions b/‎data/certificates/client-pkcs8-encrypted.pem
Lines changed: 0 additions & 52 deletions
@@ -190,11 +190,6 @@ functions:
         script: |
           ${PREPARE_SHELL}
 
-          cp ${PROJECT_DIRECTORY}/data/certificates/server.pem ${DRIVERS_TOOLS}/.evergreen/x509gen/server.pem
-          cp ${PROJECT_DIRECTORY}/data/certificates/ca.pem ${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem
-          cp ${PROJECT_DIRECTORY}/data/certificates/client.pem ${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem
-          cp ${PROJECT_DIRECTORY}/data/certificates/client.pem ${MONGO_ORCHESTRATION_HOME}/lib/client.pem
-
           MONGODB_VERSION=${VERSION} \
           TOPOLOGY=${TOPOLOGY} \
           AUTH=${AUTH} \
@@ -211,7 +206,6 @@ functions:
       params:
         script: |
           ${PREPARE_SHELL}
-          cp ${PROJECT_DIRECTORY}/data/certificates/client.pem ${MONGO_ORCHESTRATION_HOME}/lib/client.pem
 
           MONGODB_VERSION=${VERSION} \
           TOPOLOGY=${TOPOLOGY} \
@@ -257,6 +251,8 @@ functions:
             cat $i | tr -d '\r' > $i.new
             mv $i.new $i
           done
+          # Copy client certificate because symlinks do not work on Windows.
+          cp ${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem ${MONGO_ORCHESTRATION_HOME}/lib/client.pem
 
   make-files-executable:
     - command: shell.exec
@@ -281,68 +277,10 @@ functions:
       type: test
       params:
         working_dir: src/go.mongodb.org/mongo-driver
+        add_expansions_to_env: true
         script: |
           ${PREPARE_SHELL}
-
-          if [ ${SSL} = "ssl" ]; then
-              export MONGO_GO_DRIVER_CA_FILE="$PROJECT_DIRECTORY/data/certificates/ca.pem"
-
-              if [ "Windows_NT" = "$OS" ]; then # Magic variable in cygwin
-                  export MONGO_GO_DRIVER_CA_FILE=$(cygpath -m $MONGO_GO_DRIVER_CA_FILE)
-              fi
-          fi
-
-          # Set temp credentials for AWS if python3 is available.
-          #
-          # Using python3-venv in Ubuntu 14.04 (an OS required for legacy server version
-          # tasks) requires the use of apt-get, which we wish to avoid. So, we do not set
-          # a python3 binary on Ubuntu 14.04. Setting AWS temp credentials for legacy
-          # server version tasks is unneccesary, as temp credentials are only needed on 4.2+.
-          if [ ! -z ${PYTHON3_BINARY} ]; then
-            export AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}"
-            export AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}"
-            export AWS_DEFAULT_REGION="us-east-1"
-            ${PYTHON3_BINARY} -m venv ./venv
-
-            # Set the PYTHON environment variable to point to the active python3 binary. This is used by the
-            # set-temp-creds.sh script.
-            if [ "Windows_NT" = "$OS" ]; then
-              export PYTHON="$(pwd)/venv/Scripts/python"
-            else
-              export PYTHON="$(pwd)/venv/bin/python"
-            fi
-
-            ./venv/${VENV_BIN_DIR|bin}/pip3 install boto3
-            . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh
-          fi
-
-          # If GO_BUILD_TAGS is not set, set the default Go build tags to "cse" to enable
-          # client-side encryption, which requires linking the libmongocrypt C library.
-          if [ -z ${GO_BUILD_TAGS+x} ]; then
-            GO_BUILD_TAGS="cse"
-          fi
-
-          export GOFLAGS=-mod=vendor
-          AUTH=${AUTH} \
-          SSL=${SSL} \
-          MONGODB_URI="${MONGODB_URI}" \
-          TOPOLOGY=${TOPOLOGY} \
-          MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \
-          BUILD_TAGS="-tags ${GO_BUILD_TAGS}" \
-          AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" \
-          AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" \
-          AWS_DEFAULT_REGION="us-east-1" \
-          CSFLE_AWS_TEMP_ACCESS_KEY_ID="$CSFLE_AWS_TEMP_ACCESS_KEY_ID" \
-          CSFLE_AWS_TEMP_SECRET_ACCESS_KEY="$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY" \
-          CSFLE_AWS_TEMP_SESSION_TOKEN="$CSFLE_AWS_TEMP_SESSION_TOKEN" \
-          AZURE_TENANT_ID="${cse_azure_tenant_id}" \
-          AZURE_CLIENT_ID="${cse_azure_client_id}" \
-          AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \
-          GCP_EMAIL="${cse_gcp_email}" \
-          GCP_PRIVATE_KEY="${cse_gcp_private_key}" \
-          make evg-test \
-          PKG_CONFIG_PATH=$PKG_CONFIG_PATH \
-          LD_LIBRARY_PATH=$LD_LIBRARY_PATH
+          sh ${PROJECT_DIRECTORY}/.evergreen/run-tests.sh
 
   send-perf-data:
     - command: json.send
@@ -530,9 +468,15 @@ functions:
           ${PREPARE_SHELL}
 
           if [ ${SSL} = "ssl" ]; then
-              export MONGO_GO_DRIVER_CA_FILE="$PROJECT_DIRECTORY/data/certificates/ca.pem"
+              export MONGO_GO_DRIVER_CA_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem"
+              export MONGO_GO_DRIVER_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client.pem"
+              export MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client-pkcs8-encrypted.pem"
+              export MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE="$DRIVERS_TOOLS/.evergreen/x509gen/client-pkcs8-unencrypted.pem"
               if [ "Windows_NT" = "$OS" ]; then # Magic variable in cygwin
                   export MONGO_GO_DRIVER_CA_FILE=$(cygpath -m $MONGO_GO_DRIVER_CA_FILE)
+                  export MONGO_GO_DRIVER_KEY_FILE=$(cygpath -m $MONGO_GO_DRIVER_KEY_FILE)
+                  export MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE=$(cygpath -m $MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE)
+                  export MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE=$(cygpath -m $MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE)
               fi
           fi
 
@@ -666,7 +610,7 @@ functions:
     - command: shell.exec
       params:
         script: |
-          DRIVERS_TOOLS=${DRIVERS_TOOLS} bash ${DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh stop
+          DRIVERS_TOOLS=${DRIVERS_TOOLS} MONGODB_URI=${MONGODB_URI} bash ${DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh stop
 
   add-aws-auth-variables-to-file:
     - command: shell.exec
 
@@ -0,0 +1,110 @@
+#!/bin/bash
+
+set -o errexit
+
+export GOPATH=$(dirname $(dirname $(dirname `pwd`)))
+export GOCACHE="$(pwd)/.cache"
+export DRIVERS_TOOLS="$(pwd)/../drivers-tools"
+
+if [ "Windows_NT" = "$OS" ]; then
+    export GOPATH=$(cygpath -m $GOPATH)
+    export GOCACHE=$(cygpath -m $GOCACHE)
+    export DRIVERS_TOOLS=$(cygpath -m $DRIVERS_TOOLS)
+
+    if [ ! -d "c:/libmongocrypt/include" ]; then
+        mkdir -p c:/libmongocrypt/include
+        mkdir -p c:/libmongocrypt/bin
+        curl https://s3.amazonaws.com/mciuploads/libmongocrypt/windows/latest_release/libmongocrypt.tar.gz --output libmongocrypt.tar.gz
+        tar -xvzf libmongocrypt.tar.gz
+        cp ./bin/mongocrypt.dll c:/libmongocrypt/bin
+        cp ./include/mongocrypt/*.h c:/libmongocrypt/include
+        export PATH=$PATH:/cygdrive/c/libmongocrypt/bin
+    fi
+else
+    if [ ! -d "libmongocrypt" ]; then
+        git clone https://github.com/mongodb/libmongocrypt
+        ./libmongocrypt/.evergreen/compile.sh
+    fi
+fi
+
+export GOROOT="${GOROOT}"
+export PATH="${GOROOT}/bin:${GCC_PATH}:$GOPATH/bin:$PATH"
+export PROJECT="${project}"
+export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib/pkgconfig:$(pwd)/install/mongo-c-driver/lib/pkgconfig
+export LD_LIBRARY_PATH=$(pwd)/install/libmongocrypt/lib
+export GOFLAGS=-mod=vendor
+
+SSL=${SSL:-nossl}
+if [ "$SSL" != "nossl" ]; then
+    export MONGO_GO_DRIVER_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+    export MONGO_GO_DRIVER_KEY_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+    export MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client-pkcs8-encrypted.pem"
+    export MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client-pkcs8-unencrypted.pem"
+
+    if [ "Windows_NT" = "$OS" ]; then
+        export MONGO_GO_DRIVER_CA_FILE=$(cygpath -m $MONGO_GO_DRIVER_CA_FILE)
+        export MONGO_GO_DRIVER_KEY_FILE=$(cygpath -m $MONGO_GO_DRIVER_KEY_FILE)
+        export MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE=$(cygpath -m $MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE)
+        export MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE=$(cygpath -m $MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE)
+    fi
+fi
+
+if [ -z ${AWS_ACCESS_KEY_ID+x} ]; then
+  export AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}"
+  export AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}"
+fi
+
+# Set temp credentials for AWS if python3 is available.
+#
+# Using python3-venv in Ubuntu 14.04 (an OS required for legacy server version
+# tasks) requires the use of apt-get, which we wish to avoid. So, we do not set
+# a python3 binary on Ubuntu 14.04. Setting AWS temp credentials for legacy
+# server version tasks is unneccesary, as temp credentials are only needed on 4.2+.
+if [ ! -z ${PYTHON3_BINARY} ]; then
+  export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
+  export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
+  export AWS_DEFAULT_REGION="us-east-1"
+  ${PYTHON3_BINARY} -m venv ./venv
+
+  # Set the PYTHON environment variable to point to the active python3 binary. This is used by the
+  # set-temp-creds.sh script.
+  if [ "Windows_NT" = "$OS" ]; then
+    export PYTHON="$(pwd)/venv/Scripts/python"
+  else
+    export PYTHON="$(pwd)/venv/bin/python"
+  fi
+
+  ./venv/${VENV_BIN_DIR:-bin}/pip3 install boto3
+  . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh
+fi
+
+# If GO_BUILD_TAGS is not set, set the default Go build tags to "cse" to enable
+# client-side encryption, which requires linking the libmongocrypt C library.
+if [ -z ${GO_BUILD_TAGS+x} ]; then
+  GO_BUILD_TAGS="cse"
+fi
+
+AUTH=${AUTH} \
+SSL=${SSL} \
+MONGO_GO_DRIVER_CA_FILE=${MONGO_GO_DRIVER_CA_FILE} \
+MONGO_GO_DRIVER_KEY_FILE=${MONGO_GO_DRIVER_KEY_FILE} \
+MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE=${MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE} \
+MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE=${MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE} \
+MONGODB_URI="${MONGODB_URI}" \
+TOPOLOGY=${TOPOLOGY} \
+MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \
+BUILD_TAGS="-tags ${GO_BUILD_TAGS}" \
+AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
+AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
+AWS_DEFAULT_REGION="us-east-1" \
+CSFLE_AWS_TEMP_ACCESS_KEY_ID="$CSFLE_AWS_TEMP_ACCESS_KEY_ID" \
+CSFLE_AWS_TEMP_SECRET_ACCESS_KEY="$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY" \
+CSFLE_AWS_TEMP_SESSION_TOKEN="$CSFLE_AWS_TEMP_SESSION_TOKEN" \
+AZURE_TENANT_ID="${cse_azure_tenant_id}" \
+AZURE_CLIENT_ID="${cse_azure_client_id}" \
+AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \
+GCP_EMAIL="${cse_gcp_email}" \
+GCP_PRIVATE_KEY="${cse_gcp_private_key}" \
+make evg-test \
+PKG_CONFIG_PATH=$PKG_CONFIG_PATH \
+LD_LIBRARY_PATH=$LD_LIBRARY_PATH
@@ -171,21 +171,36 @@ MONGODB_URI="mongodb://localhost:27017,localhost:27018,localhost:27019/?replicaS
 
 ### Testing Auth and TLS
 
-To test authentication and TLS, first set up a MongoDB cluster with auth and TLS configured. Testing authentication requires a user with the `root` role on the `admin` database. The Go Driver repository comes with example certificates in the `data/certificates` directory. These certs can be used for testing. Here is an example command that would run a mongod with TLS correctly configured for tests:
+To test authentication and TLS, first set up a MongoDB cluster with auth and TLS configured. Testing authentication requires a user with the `root` role on the `admin` database. Here is an example command that would run a mongod with TLS correctly configured for tests. Either set or replace PATH_TO_SERVER_KEY_FILE and PATH_TO_CA_FILE with paths to their respective files:
 
 ```
 mongod \
 --auth \
 --tlsMode requireTLS \
---tlsCertificateKeyFile $(pwd)/data/certificates/server.pem \
---tlsCAFile $(pwd)/data/certificates/ca.pem \
+--tlsCertificateKeyFile $PATH_TO_SERVER_KEY_FILE \
+--tlsCAFile $PATH_TO_CA_FILE \
 --tlsAllowInvalidCertificates
 ```
 
-To run the tests with `make`, set `MONGO_GO_DRIVER_CA_FILE` to the location of the CA file used by the database, set `MONGODB_URI` to the connection string of the server, set `AUTH=auth`, and set `SSL=ssl`. For example:
+To run the tests with `make`, set:
+- `MONGO_GO_DRIVER_CA_FILE` to the location of the CA file used by the database
+- `MONGO_GO_DRIVER_KEY_FILE` to the location of the client key file
+- `MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE` to the location of the pkcs8 client key file encrypted with the password string: `password` 
+- `MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE` to the location of the unencrypted pkcs8 key file
+- `MONGODB_URI` to the connection string of the server
+- `AUTH=auth`
+- `SSL=ssl`
+
+For example:
 
 ```
-AUTH=auth SSL=ssl MONGO_GO_DRIVER_CA_FILE=$(pwd)/data/certificates/ca.pem  MONGODB_URI="mongodb://user:password@localhost:27017/?authSource=admin" make
+AUTH=auth SSL=ssl \
+MONGO_GO_DRIVER_CA_FILE=$PATH_TO_CA_FILE \
+MONGO_GO_DRIVER_KEY_FILE=$PATH_TO_CLIENT_KEY_FILE \
+MONGO_GO_DRIVER_PKCS8_ENCRYPTED_KEY_FILE=$PATH_TO_ENCRYPTED_KEY_FILE \
+MONGO_GO_DRIVER_PKCS8_UNENCRYPTED_KEY_FILE=$PATH_TO_UNENCRYPTED_KEY_FILE \
+MONGODB_URI="mongodb://user:password@localhost:27017/?authSource=admin" \
+make
 ```
 
 Notes: