From 346dcf3c75360ee291cd6bb9aa21b6e48fe8bdc3 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 06:05:56 -0600 Subject: [PATCH 01/24] update ocsp --- .evergreen/config.yml | 373 +---------------- .evergreen/generated_configs/tasks.yml | 530 +++++++++++++++++++++++++ .evergreen/scripts/generate_config.py | 31 ++ .evergreen/scripts/run-ocsp-test.sh | 12 - .evergreen/scripts/run_server.py | 19 +- .evergreen/scripts/setup_tests.py | 13 + .evergreen/scripts/teardown_tests.py | 4 + 7 files changed, 595 insertions(+), 387 deletions(-) delete mode 100755 .evergreen/scripts/run-ocsp-test.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 3f29391373..e8ce5a7a3a 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -255,7 +255,8 @@ functions: params: include_expansions_in_env: [AUTH, SSL, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, COVERAGE, PYTHON_BINARY, LIBMONGOCRYPT_URL, MONGODB_URI, - DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG] + DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG, + OCSP_ALGORITHM, OCSP_SERVER_TYPE] binary: bash working_dir: "src" args: [.evergreen/just.sh, setup-tests, "${TEST_NAME}", "${SUB_TEST_NAME}"] @@ -320,12 +321,6 @@ functions: - .evergreen/scripts/cleanup.sh "teardown system": - - command: subprocess.exec - params: - binary: bash - working_dir: "src" - args: - - ${DRIVERS_TOOLS}/.evergreen/ocsp/teardown.sh - command: subprocess.exec params: binary: bash @@ -357,26 +352,6 @@ functions: params: file: atlas-expansion.yml - "run-ocsp-test": - - command: subprocess.exec - type: test - params: - include_expansions_in_env: ["OCSP_ALGORITHM", "OCSP_TLS_SHOULD_SUCCEED", "PYTHON_BINARY"] - binary: bash - working_dir: "src" - args: - - .evergreen/scripts/run-with-env.sh - - .evergreen/scripts/run-ocsp-test.sh - - "run-ocsp-server": - - command: subprocess.exec - params: - background: true - binary: bash - include_expansions_in_env: [SERVER_TYPE, OCSP_ALGORITHM] - args: - - ${DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh - "teardown atlas": - command: subprocess.exec params: @@ -684,350 +659,6 @@ tasks: env: TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/test/lambda - - name: test-ocsp-rsa-valid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: "valid" - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-invalid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: "revoked" - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: valid - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-soft-fail - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-valid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-delegate-invalid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-valid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-invalid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-soft-fail - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-valid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: revoked-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - SERVER_TYPE: valid-delegate - - func: "run-server" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: run-ocsp-test - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - name: "oidc-auth-test" commands: - func: "run oidc auth test with test credentials" diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 04e1451d45..5b5515ee4b 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -752,6 +752,536 @@ tasks: TEST_NAME: load_balancer tags: [load-balancer, noauth, nossl] + # Ocsp tests + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: valid-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + commands: + - func: run server + vars: + SSL: ssl + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + # Server tests - name: test-4.0-standalone-auth-ssl-sync commands: diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 03b4619899..95309e5007 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -9,6 +9,7 @@ # Note: Run this file with `pipx run`, or `uv run`. from __future__ import annotations +import os import sys from dataclasses import dataclass from inspect import getmembers, isfunction @@ -884,6 +885,36 @@ def create_aws_tasks(): return tasks +def _create_ocsp_task(file_name, server_type): + algo = file_name.split("-")[0] + + vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name) + server_func = FunctionCall(func="run server", vars=vars) + + vars = dict(OCSP_ALGORITHM=algo, OCSP_SERVER_TYPE=server_type) + test_func = FunctionCall(func="run tests", vars=vars) + + tags = ["ocsp", f"ocsp-{algo}"] + if "mustStaple" in file_name: + tags.append("ocsp-staple") + + name = file_name.replace(".json", "") + task_name = f"test-ocsp-{name}" + commands = [server_func, test_func] + return EvgTask(name=task_name, tags=tags, commands=commands) + + +def create_ocsp_tasks(): + tasks = [] + drivers_tools = os.environ["DRIVERS_TOOLS"] + config_path = Path(drivers_tools) / ".evergreen/orchestration/configs/servers" + for path in config_path.glob("*ocsp*"): + for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: + task = _create_ocsp_task(path.name, server_type) + tasks.append(task) + return tasks + + ################## # Generate Config ################## diff --git a/.evergreen/scripts/run-ocsp-test.sh b/.evergreen/scripts/run-ocsp-test.sh deleted file mode 100755 index 9c48867041..0000000000 --- a/.evergreen/scripts/run-ocsp-test.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -eu - -pushd "${PROJECT_DIRECTORY}/.evergreen" -bash scripts/setup-dev-env.sh -CA_FILE="${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem" \ - OCSP_TLS_SHOULD_SUCCEED="${OCSP_TLS_SHOULD_SUCCEED}" \ - bash scripts/setup-tests.sh ocsp -bash run-tests.sh -bash "${DRIVERS_TOOLS}"/.evergreen/ocsp/teardown.sh - -popd diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index 51fe8a67f1..f6a45c23a4 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -32,15 +32,26 @@ def start_server(): elif test_name == "load_balancer": set_env("LOAD_BALANCER") + elif test_name == "ocsp": + opts.ssl = True + if "ORCHESTRATION_FILE" not in os.environ: + found = False + for opt in extra_opts: + if opt.startswith("--orchestration-file"): + found = True + if not found: + raise ValueError("Please provide an orchestration file") + if not os.environ.get("TEST_CRYPT_SHARED"): set_env("SKIP_CRYPT_SHARED") if opts.ssl: extra_opts.append("--ssl") - certs = ROOT / "test/certificates" - set_env("TLS_CERT_KEY_FILE", certs / "client.pem") - set_env("TLS_PEM_KEY_FILE", certs / "server.pem") - set_env("TLS_CA_FILE", certs / "ca.pem") + if test_name != "ocsp": + certs = ROOT / "test/certificates" + set_env("TLS_CERT_KEY_FILE", certs / "client.pem") + set_env("TLS_PEM_KEY_FILE", certs / "server.pem") + set_env("TLS_CA_FILE", certs / "ca.pem") cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/run-orchestration.sh", *extra_opts] run_command(cmd, cwd=DRIVERS_TOOLS) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 2fa5e69cbc..1aecd9a1fc 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -239,6 +239,19 @@ def handle_test_env() -> None: cmd = f'bash "{DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh" start' run_command(cmd) + if test_name == "ocsp": + for name in ["OCSP_SERVER_TYPE", "OCSP_ALGORITHM"]: + if name not in os.environ: + raise ValueError(f"Please set {name}") + server_type = os.environ["OCSP_SERVER_TYPE"] + should_succeed = "true" if "valid" in server_type else "false" + write_env("OCSP_TLS_SHOULD_SUCCEED", should_succeed) + ocsp_algo = os.environ["OCSP_ALGORITHM"] + write_env("CA_FILE", f"{{DRIVERS_TOOLS}}/.evergreen/ocsp/{ocsp_algo}/ca.pem") + env = os.environ.copy() + env["SERVER_TYPE"] = server_type + run_command(f"bash {DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh", env=env) + if SSL != "nossl": if not DRIVERS_TOOLS: raise RuntimeError("Missing DRIVERS_TOOLS") diff --git a/.evergreen/scripts/teardown_tests.py b/.evergreen/scripts/teardown_tests.py index 824fc2c9bb..fedbdc2fe8 100644 --- a/.evergreen/scripts/teardown_tests.py +++ b/.evergreen/scripts/teardown_tests.py @@ -24,6 +24,10 @@ teardown_kms(SUB_TEST_NAME) +# Tear down ocsp if applicable. +elif TEST_NAME == "ocsp": + run_command(f"bash {DRIVERS_TOOLS}/.evergreen/teardown.sh") + # Tear down auth_aws if applicable. # We do not run web-identity hosts on macos, because the hosts lack permissions, # so there is no reason to run the teardown, which would error with a 401. From 91f7197e648a82a122a530edb289971a85a0f89c Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 06:07:12 -0600 Subject: [PATCH 02/24] fix task names --- .evergreen/generated_configs/tasks.yml | 192 ++++++++++++------------- .evergreen/scripts/generate_config.py | 2 +- 2 files changed, 97 insertions(+), 97 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 5b5515ee4b..cd1d8f5ee4 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -753,528 +753,528 @@ tasks: tags: [load-balancer, noauth, nossl] # Ocsp tests - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked-delegate commands: - func: run server vars: - SSL: ssl + TEST_NAME: ocsp ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - func: run tests vars: diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 95309e5007..939a84405f 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -899,7 +899,7 @@ def _create_ocsp_task(file_name, server_type): tags.append("ocsp-staple") name = file_name.replace(".json", "") - task_name = f"test-ocsp-{name}" + task_name = f"test-ocsp-{name}-{server_type}" commands = [server_func, test_func] return EvgTask(name=task_name, tags=tags, commands=commands) From e4d13b3a93f85cc683e01feb4f35d16aa3512d92 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 06:08:14 -0600 Subject: [PATCH 03/24] fix func name --- .evergreen/config.yml | 2 +- .evergreen/generated_configs/tasks.yml | 608 ++++++++++++------------- .evergreen/scripts/generate_config.py | 8 +- 3 files changed, 309 insertions(+), 309 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index e8ce5a7a3a..f2e0c0ef6c 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -201,7 +201,7 @@ functions: params: file: "src/xunit-results/TEST-*.xml" - "run-server": + "run server": - command: subprocess.exec params: binary: bash diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index cd1d8f5ee4..2595d86ef4 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -2,7 +2,7 @@ tasks: # Aws tests - name: test-auth-aws-4.4-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -14,7 +14,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-4.4-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -26,7 +26,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-4.4-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -38,7 +38,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-4.4-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -50,7 +50,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-4.4-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -62,7 +62,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-4.4-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -74,7 +74,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-4.4-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -86,7 +86,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-4.4-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "4.4" @@ -99,7 +99,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-5.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -111,7 +111,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-5.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -123,7 +123,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-5.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -135,7 +135,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-5.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -147,7 +147,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-5.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -159,7 +159,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-5.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -171,7 +171,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-5.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -183,7 +183,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-5.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "5.0" @@ -196,7 +196,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-6.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -208,7 +208,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-6.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -220,7 +220,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-6.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -232,7 +232,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-6.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -244,7 +244,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-6.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -256,7 +256,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-6.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -268,7 +268,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-6.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -280,7 +280,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-6.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "6.0" @@ -293,7 +293,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-7.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -305,7 +305,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-7.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -317,7 +317,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-7.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -329,7 +329,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-7.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -341,7 +341,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-7.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -353,7 +353,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-7.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -365,7 +365,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-7.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -377,7 +377,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-7.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "7.0" @@ -390,7 +390,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-8.0-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -402,7 +402,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-8.0-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -414,7 +414,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-8.0-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -426,7 +426,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-8.0-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -438,7 +438,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-8.0-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -450,7 +450,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-8.0-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -462,7 +462,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-8.0-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -474,7 +474,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-8.0-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: "8.0" @@ -487,7 +487,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-rapid-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -499,7 +499,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-rapid-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -511,7 +511,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-rapid-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -523,7 +523,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-rapid-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -535,7 +535,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-rapid-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -547,7 +547,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-rapid-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -559,7 +559,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-rapid-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -571,7 +571,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-rapid-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: rapid @@ -584,7 +584,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-latest-regular commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -596,7 +596,7 @@ tasks: tags: [auth-aws, auth-aws-regular] - name: test-auth-aws-latest-assume-role commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -608,7 +608,7 @@ tasks: tags: [auth-aws, auth-aws-assume-role] - name: test-auth-aws-latest-ec2 commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -620,7 +620,7 @@ tasks: tags: [auth-aws, auth-aws-ec2] - name: test-auth-aws-latest-env-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -632,7 +632,7 @@ tasks: tags: [auth-aws, auth-aws-env-creds] - name: test-auth-aws-latest-session-creds commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -644,7 +644,7 @@ tasks: tags: [auth-aws, auth-aws-session-creds] - name: test-auth-aws-latest-web-identity commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -656,7 +656,7 @@ tasks: tags: [auth-aws, auth-aws-web-identity] - name: test-auth-aws-latest-ecs commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -668,7 +668,7 @@ tasks: tags: [auth-aws, auth-aws-ecs] - name: test-auth-aws-latest-web-identity-session-name commands: - - func: run-server + - func: run server vars: AUTH_AWS: "1" VERSION: latest @@ -689,7 +689,7 @@ tasks: SUB_TEST_NAME: gcp - name: test-gcpkms-fail commands: - - func: run-server + - func: run server - func: run tests vars: TEST_NAME: kms @@ -702,7 +702,7 @@ tasks: SUB_TEST_NAME: azure - name: test-azurekms-fail commands: - - func: run-server + - func: run server - func: run tests vars: TEST_NAME: kms @@ -711,7 +711,7 @@ tasks: # Load balancer tests - name: test-load-balancer-auth-ssl commands: - - func: run-server + - func: run server vars: TOPOLOGY: sharded_cluster AUTH: auth @@ -725,7 +725,7 @@ tasks: tags: [load-balancer, auth, ssl] - name: test-load-balancer-noauth-ssl commands: - - func: run-server + - func: run server vars: TOPOLOGY: sharded_cluster AUTH: noauth @@ -739,7 +739,7 @@ tasks: tags: [load-balancer, noauth, ssl] - name: test-load-balancer-noauth-nossl commands: - - func: run-server + - func: run server vars: TOPOLOGY: sharded_cluster AUTH: noauth @@ -1285,7 +1285,7 @@ tasks: # Server tests - name: test-4.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1305,7 +1305,7 @@ tasks: - sync - name: test-4.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1325,7 +1325,7 @@ tasks: - async - name: test-4.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1344,7 +1344,7 @@ tasks: - sync_async - name: test-4.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1364,7 +1364,7 @@ tasks: - sync - name: test-4.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1384,7 +1384,7 @@ tasks: - async - name: test-4.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1403,7 +1403,7 @@ tasks: - sync_async - name: test-4.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1423,7 +1423,7 @@ tasks: - sync - name: test-4.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1443,7 +1443,7 @@ tasks: - async - name: test-4.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: server @@ -1462,7 +1462,7 @@ tasks: - sync_async - name: test-4.2-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1482,7 +1482,7 @@ tasks: - sync - name: test-4.2-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1502,7 +1502,7 @@ tasks: - async - name: test-4.2-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1521,7 +1521,7 @@ tasks: - sync_async - name: test-4.2-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1541,7 +1541,7 @@ tasks: - sync - name: test-4.2-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1561,7 +1561,7 @@ tasks: - async - name: test-4.2-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1580,7 +1580,7 @@ tasks: - sync_async - name: test-4.2-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1600,7 +1600,7 @@ tasks: - sync - name: test-4.2-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1620,7 +1620,7 @@ tasks: - async - name: test-4.2-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: server @@ -1639,7 +1639,7 @@ tasks: - sync_async - name: test-4.4-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1659,7 +1659,7 @@ tasks: - sync - name: test-4.4-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1679,7 +1679,7 @@ tasks: - async - name: test-4.4-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1698,7 +1698,7 @@ tasks: - sync_async - name: test-4.4-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1718,7 +1718,7 @@ tasks: - sync - name: test-4.4-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1738,7 +1738,7 @@ tasks: - async - name: test-4.4-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1757,7 +1757,7 @@ tasks: - sync_async - name: test-4.4-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1777,7 +1777,7 @@ tasks: - sync - name: test-4.4-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1797,7 +1797,7 @@ tasks: - async - name: test-4.4-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: server @@ -1816,7 +1816,7 @@ tasks: - sync_async - name: test-5.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1836,7 +1836,7 @@ tasks: - sync - name: test-5.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1856,7 +1856,7 @@ tasks: - async - name: test-5.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1875,7 +1875,7 @@ tasks: - sync_async - name: test-5.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1895,7 +1895,7 @@ tasks: - sync - name: test-5.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1915,7 +1915,7 @@ tasks: - async - name: test-5.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1934,7 +1934,7 @@ tasks: - sync_async - name: test-5.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1954,7 +1954,7 @@ tasks: - sync - name: test-5.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1974,7 +1974,7 @@ tasks: - async - name: test-5.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: server @@ -1993,7 +1993,7 @@ tasks: - sync_async - name: test-6.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2013,7 +2013,7 @@ tasks: - sync - name: test-6.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2033,7 +2033,7 @@ tasks: - async - name: test-6.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2052,7 +2052,7 @@ tasks: - sync_async - name: test-6.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2072,7 +2072,7 @@ tasks: - sync - name: test-6.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2092,7 +2092,7 @@ tasks: - async - name: test-6.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2111,7 +2111,7 @@ tasks: - sync_async - name: test-6.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2131,7 +2131,7 @@ tasks: - sync - name: test-6.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2151,7 +2151,7 @@ tasks: - async - name: test-6.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: server @@ -2170,7 +2170,7 @@ tasks: - sync_async - name: test-7.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2190,7 +2190,7 @@ tasks: - sync - name: test-7.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2210,7 +2210,7 @@ tasks: - async - name: test-7.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2229,7 +2229,7 @@ tasks: - sync_async - name: test-7.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2249,7 +2249,7 @@ tasks: - sync - name: test-7.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2269,7 +2269,7 @@ tasks: - async - name: test-7.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2288,7 +2288,7 @@ tasks: - sync_async - name: test-7.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2308,7 +2308,7 @@ tasks: - sync - name: test-7.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2328,7 +2328,7 @@ tasks: - async - name: test-7.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: server @@ -2347,7 +2347,7 @@ tasks: - sync_async - name: test-8.0-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2367,7 +2367,7 @@ tasks: - sync - name: test-8.0-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2387,7 +2387,7 @@ tasks: - async - name: test-8.0-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2406,7 +2406,7 @@ tasks: - sync_async - name: test-8.0-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2426,7 +2426,7 @@ tasks: - sync - name: test-8.0-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2446,7 +2446,7 @@ tasks: - async - name: test-8.0-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2465,7 +2465,7 @@ tasks: - sync_async - name: test-8.0-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2485,7 +2485,7 @@ tasks: - sync - name: test-8.0-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2505,7 +2505,7 @@ tasks: - async - name: test-8.0-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: server @@ -2524,7 +2524,7 @@ tasks: - sync_async - name: test-rapid-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2544,7 +2544,7 @@ tasks: - sync - name: test-rapid-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2564,7 +2564,7 @@ tasks: - async - name: test-rapid-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2583,7 +2583,7 @@ tasks: - sync_async - name: test-rapid-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2603,7 +2603,7 @@ tasks: - sync - name: test-rapid-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2623,7 +2623,7 @@ tasks: - async - name: test-rapid-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2642,7 +2642,7 @@ tasks: - sync_async - name: test-rapid-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2662,7 +2662,7 @@ tasks: - sync - name: test-rapid-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2682,7 +2682,7 @@ tasks: - async - name: test-rapid-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: server @@ -2701,7 +2701,7 @@ tasks: - sync_async - name: test-latest-standalone-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2721,7 +2721,7 @@ tasks: - sync - name: test-latest-standalone-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2741,7 +2741,7 @@ tasks: - async - name: test-latest-standalone-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2760,7 +2760,7 @@ tasks: - sync_async - name: test-latest-standalone-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2780,7 +2780,7 @@ tasks: - sync - name: test-latest-standalone-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2800,7 +2800,7 @@ tasks: - async - name: test-latest-standalone-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2819,7 +2819,7 @@ tasks: - sync_async - name: test-latest-standalone-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2839,7 +2839,7 @@ tasks: - sync - name: test-latest-standalone-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2859,7 +2859,7 @@ tasks: - async - name: test-latest-standalone-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: server @@ -2878,7 +2878,7 @@ tasks: - sync_async - name: test-4.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2898,7 +2898,7 @@ tasks: - sync - name: test-4.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2918,7 +2918,7 @@ tasks: - async - name: test-4.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2937,7 +2937,7 @@ tasks: - sync_async - name: test-4.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2957,7 +2957,7 @@ tasks: - sync - name: test-4.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2977,7 +2977,7 @@ tasks: - async - name: test-4.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -2996,7 +2996,7 @@ tasks: - sync_async - name: test-4.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -3016,7 +3016,7 @@ tasks: - sync - name: test-4.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -3036,7 +3036,7 @@ tasks: - async - name: test-4.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: replica_set @@ -3055,7 +3055,7 @@ tasks: - sync_async - name: test-4.2-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3075,7 +3075,7 @@ tasks: - sync - name: test-4.2-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3095,7 +3095,7 @@ tasks: - async - name: test-4.2-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3114,7 +3114,7 @@ tasks: - sync_async - name: test-4.2-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3134,7 +3134,7 @@ tasks: - sync - name: test-4.2-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3154,7 +3154,7 @@ tasks: - async - name: test-4.2-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3173,7 +3173,7 @@ tasks: - sync_async - name: test-4.2-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3193,7 +3193,7 @@ tasks: - sync - name: test-4.2-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3213,7 +3213,7 @@ tasks: - async - name: test-4.2-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: replica_set @@ -3232,7 +3232,7 @@ tasks: - sync_async - name: test-4.4-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3252,7 +3252,7 @@ tasks: - sync - name: test-4.4-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3272,7 +3272,7 @@ tasks: - async - name: test-4.4-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3291,7 +3291,7 @@ tasks: - sync_async - name: test-4.4-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3311,7 +3311,7 @@ tasks: - sync - name: test-4.4-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3331,7 +3331,7 @@ tasks: - async - name: test-4.4-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3350,7 +3350,7 @@ tasks: - sync_async - name: test-4.4-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3370,7 +3370,7 @@ tasks: - sync - name: test-4.4-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3390,7 +3390,7 @@ tasks: - async - name: test-4.4-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: replica_set @@ -3409,7 +3409,7 @@ tasks: - sync_async - name: test-5.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3429,7 +3429,7 @@ tasks: - sync - name: test-5.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3449,7 +3449,7 @@ tasks: - async - name: test-5.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3468,7 +3468,7 @@ tasks: - sync_async - name: test-5.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3488,7 +3488,7 @@ tasks: - sync - name: test-5.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3508,7 +3508,7 @@ tasks: - async - name: test-5.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3527,7 +3527,7 @@ tasks: - sync_async - name: test-5.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3547,7 +3547,7 @@ tasks: - sync - name: test-5.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3567,7 +3567,7 @@ tasks: - async - name: test-5.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: replica_set @@ -3586,7 +3586,7 @@ tasks: - sync_async - name: test-6.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3606,7 +3606,7 @@ tasks: - sync - name: test-6.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3626,7 +3626,7 @@ tasks: - async - name: test-6.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3645,7 +3645,7 @@ tasks: - sync_async - name: test-6.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3665,7 +3665,7 @@ tasks: - sync - name: test-6.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3685,7 +3685,7 @@ tasks: - async - name: test-6.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3704,7 +3704,7 @@ tasks: - sync_async - name: test-6.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3724,7 +3724,7 @@ tasks: - sync - name: test-6.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3744,7 +3744,7 @@ tasks: - async - name: test-6.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: replica_set @@ -3763,7 +3763,7 @@ tasks: - sync_async - name: test-7.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3783,7 +3783,7 @@ tasks: - sync - name: test-7.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3803,7 +3803,7 @@ tasks: - async - name: test-7.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3822,7 +3822,7 @@ tasks: - sync_async - name: test-7.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3842,7 +3842,7 @@ tasks: - sync - name: test-7.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3862,7 +3862,7 @@ tasks: - async - name: test-7.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3881,7 +3881,7 @@ tasks: - sync_async - name: test-7.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3901,7 +3901,7 @@ tasks: - sync - name: test-7.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3921,7 +3921,7 @@ tasks: - async - name: test-7.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: replica_set @@ -3940,7 +3940,7 @@ tasks: - sync_async - name: test-8.0-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3960,7 +3960,7 @@ tasks: - sync - name: test-8.0-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3980,7 +3980,7 @@ tasks: - async - name: test-8.0-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -3999,7 +3999,7 @@ tasks: - sync_async - name: test-8.0-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -4019,7 +4019,7 @@ tasks: - sync - name: test-8.0-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -4039,7 +4039,7 @@ tasks: - async - name: test-8.0-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -4058,7 +4058,7 @@ tasks: - sync_async - name: test-8.0-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -4078,7 +4078,7 @@ tasks: - sync - name: test-8.0-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -4098,7 +4098,7 @@ tasks: - async - name: test-8.0-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: replica_set @@ -4117,7 +4117,7 @@ tasks: - sync_async - name: test-rapid-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4137,7 +4137,7 @@ tasks: - sync - name: test-rapid-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4157,7 +4157,7 @@ tasks: - async - name: test-rapid-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4176,7 +4176,7 @@ tasks: - sync_async - name: test-rapid-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4196,7 +4196,7 @@ tasks: - sync - name: test-rapid-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4216,7 +4216,7 @@ tasks: - async - name: test-rapid-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4235,7 +4235,7 @@ tasks: - sync_async - name: test-rapid-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4255,7 +4255,7 @@ tasks: - sync - name: test-rapid-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4275,7 +4275,7 @@ tasks: - async - name: test-rapid-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: replica_set @@ -4294,7 +4294,7 @@ tasks: - sync_async - name: test-latest-replica_set-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4314,7 +4314,7 @@ tasks: - sync - name: test-latest-replica_set-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4334,7 +4334,7 @@ tasks: - async - name: test-latest-replica_set-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4353,7 +4353,7 @@ tasks: - sync_async - name: test-latest-replica_set-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4373,7 +4373,7 @@ tasks: - sync - name: test-latest-replica_set-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4393,7 +4393,7 @@ tasks: - async - name: test-latest-replica_set-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4412,7 +4412,7 @@ tasks: - sync_async - name: test-latest-replica_set-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4432,7 +4432,7 @@ tasks: - sync - name: test-latest-replica_set-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4452,7 +4452,7 @@ tasks: - async - name: test-latest-replica_set-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: replica_set @@ -4471,7 +4471,7 @@ tasks: - sync_async - name: test-4.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4491,7 +4491,7 @@ tasks: - sync - name: test-4.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4511,7 +4511,7 @@ tasks: - async - name: test-4.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4530,7 +4530,7 @@ tasks: - sync_async - name: test-4.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4550,7 +4550,7 @@ tasks: - sync - name: test-4.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4570,7 +4570,7 @@ tasks: - async - name: test-4.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4589,7 +4589,7 @@ tasks: - sync_async - name: test-4.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4609,7 +4609,7 @@ tasks: - sync - name: test-4.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4629,7 +4629,7 @@ tasks: - async - name: test-4.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.0" TOPOLOGY: sharded_cluster @@ -4648,7 +4648,7 @@ tasks: - sync_async - name: test-4.2-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4668,7 +4668,7 @@ tasks: - sync - name: test-4.2-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4688,7 +4688,7 @@ tasks: - async - name: test-4.2-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4707,7 +4707,7 @@ tasks: - sync_async - name: test-4.2-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4727,7 +4727,7 @@ tasks: - sync - name: test-4.2-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4747,7 +4747,7 @@ tasks: - async - name: test-4.2-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4766,7 +4766,7 @@ tasks: - sync_async - name: test-4.2-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4786,7 +4786,7 @@ tasks: - sync - name: test-4.2-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4806,7 +4806,7 @@ tasks: - async - name: test-4.2-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.2" TOPOLOGY: sharded_cluster @@ -4825,7 +4825,7 @@ tasks: - sync_async - name: test-4.4-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4845,7 +4845,7 @@ tasks: - sync - name: test-4.4-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4865,7 +4865,7 @@ tasks: - async - name: test-4.4-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4884,7 +4884,7 @@ tasks: - sync_async - name: test-4.4-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4904,7 +4904,7 @@ tasks: - sync - name: test-4.4-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4924,7 +4924,7 @@ tasks: - async - name: test-4.4-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4943,7 +4943,7 @@ tasks: - sync_async - name: test-4.4-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4963,7 +4963,7 @@ tasks: - sync - name: test-4.4-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -4983,7 +4983,7 @@ tasks: - async - name: test-4.4-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "4.4" TOPOLOGY: sharded_cluster @@ -5002,7 +5002,7 @@ tasks: - sync_async - name: test-5.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5022,7 +5022,7 @@ tasks: - sync - name: test-5.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5042,7 +5042,7 @@ tasks: - async - name: test-5.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5061,7 +5061,7 @@ tasks: - sync_async - name: test-5.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5081,7 +5081,7 @@ tasks: - sync - name: test-5.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5101,7 +5101,7 @@ tasks: - async - name: test-5.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5120,7 +5120,7 @@ tasks: - sync_async - name: test-5.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5140,7 +5140,7 @@ tasks: - sync - name: test-5.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5160,7 +5160,7 @@ tasks: - async - name: test-5.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "5.0" TOPOLOGY: sharded_cluster @@ -5179,7 +5179,7 @@ tasks: - sync_async - name: test-6.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5199,7 +5199,7 @@ tasks: - sync - name: test-6.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5219,7 +5219,7 @@ tasks: - async - name: test-6.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5238,7 +5238,7 @@ tasks: - sync_async - name: test-6.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5258,7 +5258,7 @@ tasks: - sync - name: test-6.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5278,7 +5278,7 @@ tasks: - async - name: test-6.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5297,7 +5297,7 @@ tasks: - sync_async - name: test-6.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5317,7 +5317,7 @@ tasks: - sync - name: test-6.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5337,7 +5337,7 @@ tasks: - async - name: test-6.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "6.0" TOPOLOGY: sharded_cluster @@ -5356,7 +5356,7 @@ tasks: - sync_async - name: test-7.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5376,7 +5376,7 @@ tasks: - sync - name: test-7.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5396,7 +5396,7 @@ tasks: - async - name: test-7.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5415,7 +5415,7 @@ tasks: - sync_async - name: test-7.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5435,7 +5435,7 @@ tasks: - sync - name: test-7.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5455,7 +5455,7 @@ tasks: - async - name: test-7.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5474,7 +5474,7 @@ tasks: - sync_async - name: test-7.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5494,7 +5494,7 @@ tasks: - sync - name: test-7.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5514,7 +5514,7 @@ tasks: - async - name: test-7.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "7.0" TOPOLOGY: sharded_cluster @@ -5533,7 +5533,7 @@ tasks: - sync_async - name: test-8.0-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5553,7 +5553,7 @@ tasks: - sync - name: test-8.0-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5573,7 +5573,7 @@ tasks: - async - name: test-8.0-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5592,7 +5592,7 @@ tasks: - sync_async - name: test-8.0-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5612,7 +5612,7 @@ tasks: - sync - name: test-8.0-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5632,7 +5632,7 @@ tasks: - async - name: test-8.0-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5651,7 +5651,7 @@ tasks: - sync_async - name: test-8.0-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5671,7 +5671,7 @@ tasks: - sync - name: test-8.0-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5691,7 +5691,7 @@ tasks: - async - name: test-8.0-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: "8.0" TOPOLOGY: sharded_cluster @@ -5710,7 +5710,7 @@ tasks: - sync_async - name: test-rapid-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5730,7 +5730,7 @@ tasks: - sync - name: test-rapid-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5750,7 +5750,7 @@ tasks: - async - name: test-rapid-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5769,7 +5769,7 @@ tasks: - sync_async - name: test-rapid-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5789,7 +5789,7 @@ tasks: - sync - name: test-rapid-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5809,7 +5809,7 @@ tasks: - async - name: test-rapid-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5828,7 +5828,7 @@ tasks: - sync_async - name: test-rapid-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5848,7 +5848,7 @@ tasks: - sync - name: test-rapid-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5868,7 +5868,7 @@ tasks: - async - name: test-rapid-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: rapid TOPOLOGY: sharded_cluster @@ -5887,7 +5887,7 @@ tasks: - sync_async - name: test-latest-sharded_cluster-auth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5907,7 +5907,7 @@ tasks: - sync - name: test-latest-sharded_cluster-auth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5927,7 +5927,7 @@ tasks: - async - name: test-latest-sharded_cluster-auth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5946,7 +5946,7 @@ tasks: - sync_async - name: test-latest-sharded_cluster-noauth-ssl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5966,7 +5966,7 @@ tasks: - sync - name: test-latest-sharded_cluster-noauth-ssl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -5986,7 +5986,7 @@ tasks: - async - name: test-latest-sharded_cluster-noauth-ssl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -6005,7 +6005,7 @@ tasks: - sync_async - name: test-latest-sharded_cluster-noauth-nossl-sync commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -6025,7 +6025,7 @@ tasks: - sync - name: test-latest-sharded_cluster-noauth-nossl-async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster @@ -6045,7 +6045,7 @@ tasks: - async - name: test-latest-sharded_cluster-noauth-nossl-sync_async commands: - - func: run-server + - func: run server vars: VERSION: latest TOPOLOGY: sharded_cluster diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 939a84405f..14081fe6f6 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -802,7 +802,7 @@ def create_server_tasks(): AUTH=auth, SSL=ssl, ) - server_func = FunctionCall(func="run-server", vars=server_vars) + server_func = FunctionCall(func="run server", vars=server_vars) test_vars = dict(AUTH=auth, SSL=ssl, SYNC=sync) if sync == "sync": test_vars["TEST_NAME"] = "default_sync" @@ -821,7 +821,7 @@ def create_load_balancer_tasks(): server_vars = dict( TOPOLOGY="sharded_cluster", AUTH=auth, SSL=ssl, TEST_NAME="load_balancer" ) - server_func = FunctionCall(func="run-server", vars=server_vars) + server_func = FunctionCall(func="run server", vars=server_vars) test_vars = dict(AUTH=auth, SSL=ssl, TEST_NAME="load_balancer") test_func = FunctionCall(func="run tests", vars=test_vars) tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func])) @@ -840,7 +840,7 @@ def create_kms_tasks(): sub_test_name += "-fail" commands = [] if not success: - commands.append(FunctionCall(func="run-server")) + commands.append(FunctionCall(func="run server")) test_vars = dict(TEST_NAME="kms", SUB_TEST_NAME=sub_test_name) test_func = FunctionCall(func="run tests", vars=test_vars) commands.append(test_func) @@ -863,7 +863,7 @@ def create_aws_tasks(): base_name = f"test-auth-aws-{version}" base_tags = ["auth-aws"] server_vars = dict(AUTH_AWS="1", VERSION=version) - server_func = FunctionCall(func="run-server", vars=server_vars) + server_func = FunctionCall(func="run server", vars=server_vars) assume_func = FunctionCall(func="assume ec2 role") for test_type in aws_test_types: tags = [*base_tags, f"auth-aws-{test_type}"] From cc9e747438571da8fe026b82a0d2b263b415d115 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 06:08:40 -0600 Subject: [PATCH 04/24] fix func name --- .evergreen/config.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index f2e0c0ef6c..11da6c946d 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -208,7 +208,7 @@ functions: working_dir: "src" include_expansions_in_env: [VERSION, TOPOLOGY, AUTH, SSL, ORCHESTRATION_FILE, STORAGE_ENGINE, REQUIRE_API_VERSION, DRIVERS_TOOLS, TEST_CRYPT_SHARED, AUTH_AWS, LOAD_BALANCER] - args: [.evergreen/just.sh, run-server, "${TEST_NAME}", "${SUB_TEST_NAME}"] + args: [.evergreen/just.sh, run server, "${TEST_NAME}", "${SUB_TEST_NAME}"] - command: expansions.update params: file: ${DRIVERS_TOOLS}/mo-expansion.yml @@ -554,7 +554,7 @@ tasks: - name: "doctests" tags: ["doctests"] commands: - - func: "run-server" + - func: "run server" - func: "run doctests" - name: "test-serverless" @@ -567,13 +567,13 @@ tasks: - name: "test-enterprise-auth" tags: ["enterprise-auth"] commands: - - func: "run-server" + - func: "run server" - func: "assume ec2 role" - func: "run enterprise auth tests" - name: "test-search-index-helpers" commands: - - func: "run-server" + - func: "run server" vars: VERSION: "6.0" TOPOLOGY: "replica_set" @@ -585,7 +585,7 @@ tasks: - name: "mod-wsgi-standalone" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" vars: TOPOLOGY: "server" - func: "run mod_wsgi tests" @@ -593,7 +593,7 @@ tasks: - name: "mod-wsgi-replica-set" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" vars: TOPOLOGY: "replica_set" - func: "run mod_wsgi tests" @@ -601,7 +601,7 @@ tasks: - name: "mod-wsgi-embedded-mode-standalone" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" - func: "run mod_wsgi tests" vars: MOD_WSGI_EMBEDDED: "1" @@ -609,7 +609,7 @@ tasks: - name: "mod-wsgi-embedded-mode-replica-set" tags: ["mod_wsgi"] commands: - - func: "run-server" + - func: "run server" vars: TOPOLOGY: "replica_set" - func: "run mod_wsgi tests" @@ -624,7 +624,7 @@ tasks: - name: "free-threading" tags: ["free-threading"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "8.0" TOPOLOGY: "replica_set" @@ -726,7 +726,7 @@ tasks: - name: "perf-6.0-standalone" tags: ["perf"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "v6.0-perf" - func: "run perf tests" @@ -736,7 +736,7 @@ tasks: - name: "perf-6.0-standalone-ssl" tags: ["perf"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "v6.0-perf" SSL: "ssl" @@ -747,7 +747,7 @@ tasks: - name: "perf-8.0-standalone" tags: ["perf"] commands: - - func: "run-server" + - func: "run server" vars: VERSION: "8.0" - func: "run perf tests" From f4ecff22066c12b09ee08853713a06274c53b4e7 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 06:16:27 -0600 Subject: [PATCH 05/24] cleanup --- .evergreen/config.yml | 2 +- .evergreen/generated_configs/tasks.yml | 264 ------------------------- .evergreen/scripts/generate_config.py | 2 + 3 files changed, 3 insertions(+), 265 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 11da6c946d..0973f5859b 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -208,7 +208,7 @@ functions: working_dir: "src" include_expansions_in_env: [VERSION, TOPOLOGY, AUTH, SSL, ORCHESTRATION_FILE, STORAGE_ENGINE, REQUIRE_API_VERSION, DRIVERS_TOOLS, TEST_CRYPT_SHARED, AUTH_AWS, LOAD_BALANCER] - args: [.evergreen/just.sh, run server, "${TEST_NAME}", "${SUB_TEST_NAME}"] + args: [.evergreen/just.sh, run-server, "${TEST_NAME}", "${SUB_TEST_NAME}"] - command: expansions.update params: file: ${DRIVERS_TOOLS}/mo-expansion.yml diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 2595d86ef4..3f1aa491c5 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -797,50 +797,6 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid-delegate - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: - func: run server @@ -885,50 +841,6 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid-delegate - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-singleEndpoint-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate - tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid commands: - func: run server @@ -1017,50 +929,6 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid-delegate - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate - tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid commands: - func: run server @@ -1105,50 +973,6 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid-delegate - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate - tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid commands: - func: run server @@ -1193,94 +1017,6 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid-delegate - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate - tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid-delegate - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling-singleEndpoint.json - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate - tags: [ocsp, ocsp-ecdsa, ocsp-staple] # Server tests - name: test-4.0-standalone-auth-ssl-sync diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 14081fe6f6..80bfa72560 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -909,6 +909,8 @@ def create_ocsp_tasks(): drivers_tools = os.environ["DRIVERS_TOOLS"] config_path = Path(drivers_tools) / ".evergreen/orchestration/configs/servers" for path in config_path.glob("*ocsp*"): + if "singleEndpoint" in path.name: + continue for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: task = _create_ocsp_task(path.name, server_type) tasks.append(task) From 9f8d8799e58e970b5e7f36602d943d24be2d63af Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 06:24:40 -0600 Subject: [PATCH 06/24] set the test name --- .evergreen/generated_configs/tasks.yml | 24 ++++++++++++++++++++++++ .evergreen/scripts/generate_config.py | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 3f1aa491c5..514cebbd24 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -763,6 +763,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked commands: @@ -774,6 +775,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid-delegate commands: @@ -785,6 +787,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked-delegate commands: @@ -796,6 +799,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: @@ -807,6 +811,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: @@ -818,6 +823,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: @@ -829,6 +835,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: @@ -840,6 +847,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid commands: @@ -851,6 +859,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked commands: @@ -862,6 +871,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate commands: @@ -873,6 +883,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: @@ -884,6 +895,7 @@ tasks: vars: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: @@ -895,6 +907,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: @@ -906,6 +919,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: @@ -917,6 +931,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: @@ -928,6 +943,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid commands: @@ -939,6 +955,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked commands: @@ -950,6 +967,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid-delegate commands: @@ -961,6 +979,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked-delegate commands: @@ -972,6 +991,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid commands: @@ -983,6 +1003,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked commands: @@ -994,6 +1015,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate commands: @@ -1005,6 +1027,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: @@ -1016,6 +1039,7 @@ tasks: vars: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] # Server tests diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 80bfa72560..86bf747ee9 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -891,7 +891,7 @@ def _create_ocsp_task(file_name, server_type): vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name) server_func = FunctionCall(func="run server", vars=vars) - vars = dict(OCSP_ALGORITHM=algo, OCSP_SERVER_TYPE=server_type) + vars = dict(OCSP_ALGORITHM=algo, OCSP_SERVER_TYPE=server_type, TEST_NAME="ocsp") test_func = FunctionCall(func="run tests", vars=vars) tags = ["ocsp", f"ocsp-{algo}"] From 60376b88f1287daa3ebdd95b93d566cf420d786b Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 07:21:05 -0600 Subject: [PATCH 07/24] cleanup --- .evergreen/scripts/setup_tests.py | 9 ++++++--- CONTRIBUTING.md | 17 +++++++++++++---- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 1aecd9a1fc..fea81e2838 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -240,16 +240,19 @@ def handle_test_env() -> None: run_command(cmd) if test_name == "ocsp": - for name in ["OCSP_SERVER_TYPE", "OCSP_ALGORITHM"]: + if sub_test_name: + os.environ["OCSP_SERVER_TYPE"] = sub_test_name + for name in ["OCSP_SERVER_TYPE", "ORCHESTRATION_FILE"]: if name not in os.environ: raise ValueError(f"Please set {name}") server_type = os.environ["OCSP_SERVER_TYPE"] should_succeed = "true" if "valid" in server_type else "false" write_env("OCSP_TLS_SHOULD_SUCCEED", should_succeed) - ocsp_algo = os.environ["OCSP_ALGORITHM"] - write_env("CA_FILE", f"{{DRIVERS_TOOLS}}/.evergreen/ocsp/{ocsp_algo}/ca.pem") + ocsp_algo = os.environ["ORCHESTRATION_FILE"].split("-")[0] + write_env("CA_FILE", f"{DRIVERS_TOOLS}/.evergreen/ocsp/{ocsp_algo}/ca.pem") env = os.environ.copy() env["SERVER_TYPE"] = server_type + env["OCSP_ALGORITHM"] = ocsp_algo run_command(f"bash {DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh", env=env) if SSL != "nossl": diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b3423ed402..108ba17754 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -218,12 +218,12 @@ the pages will re-render and the browser will automatically refresh. ### Usage - Run `just run-server` with optional args to set up the server. - All given flags will be passed to `run-orchestration.sh` in `DRIVERS_TOOLS`. + All given flags will be passed to `run-orchestration.sh` in `$DRIVERS_TOOLS`. - Run `just setup-tests` with optional args to set up the test environment, secrets, etc. - Run `just run-tests` to run the tests in an appropriate Python environment. - When done, run `just teardown-tests` to clean up and `just stop-server` to stop the server. -## Encryption tests +### Encryption tests - Run `just run-server` to start the server. - Run `just setup-tests encryption`. @@ -236,13 +236,13 @@ the pages will re-render and the browser will automatically refresh. - Set up the test with `just setup-tests load_balancer`. - Run the tests with `just run-tests`. -## AWS tests +### AWS tests - Run `just run-server auth_aws` to start the server. - Run `just setup-tests auth_aws ` to set up the AWS test. - Run the tests with `just run-tests`. -## KMS tests +### KMS tests For KMS tests that are run locally, and expected to fail, in this case using `azure`: @@ -255,6 +255,15 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc - Run `just setup-tests kms gcp`. - Run `just run-tests`. +### OCSP tests + + - Export the algorithm, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-mustStaple.json`. + This corresponds to a config file in `$DRIVERS_TOOLS/.evergreen/orchestration/configs/servers`. + Only the rsa algorithm works on MacOS. + - Run `just run-server ocsp`. + - Run `just setup-tests ocsp valid` (options are "valid", "revoked", "valid-delegate", "revoked-delegate"). + - Run `just run-tests` + ## Enable Debug Logs - Use `-o log_cli_level="DEBUG" -o log_cli=1` with `just test` or `pytest`. - Add `log_cli_level = "DEBUG` and `log_cli = 1` to the `tool.pytest.ini_options` section in `pyproject.toml` for Evergreen patches or to enable debug logs by default on your machine. From c3398a35ba75584bf127cd3705c1147f8a4e07c1 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 08:00:07 -0600 Subject: [PATCH 08/24] cleanup --- .evergreen/scripts/configure-env.sh | 2 ++ .evergreen/scripts/run_server.py | 10 ++++------ .evergreen/scripts/setup_tests.py | 4 ---- CONTRIBUTING.md | 4 ++-- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index f23af8a811..7f142e2900 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -78,6 +78,8 @@ EOT rm -rf $DRIVERS_TOOLS BRANCH=master ORG=mongodb-labs +BRANCH=ocsp-updates +ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index f6a45c23a4..6f097f84f0 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -33,7 +33,6 @@ def start_server(): set_env("LOAD_BALANCER") elif test_name == "ocsp": - opts.ssl = True if "ORCHESTRATION_FILE" not in os.environ: found = False for opt in extra_opts: @@ -47,11 +46,10 @@ def start_server(): if opts.ssl: extra_opts.append("--ssl") - if test_name != "ocsp": - certs = ROOT / "test/certificates" - set_env("TLS_CERT_KEY_FILE", certs / "client.pem") - set_env("TLS_PEM_KEY_FILE", certs / "server.pem") - set_env("TLS_CA_FILE", certs / "ca.pem") + certs = ROOT / "test/certificates" + set_env("TLS_CERT_KEY_FILE", certs / "client.pem") + set_env("TLS_PEM_KEY_FILE", certs / "server.pem") + set_env("TLS_CA_FILE", certs / "ca.pem") cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/run-orchestration.sh", *extra_opts] run_command(cmd, cwd=DRIVERS_TOOLS) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index fea81e2838..a9fb01210f 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -318,10 +318,6 @@ def handle_test_env() -> None: setup_kms(sub_test_name) - if test_name == "ocsp": - write_env("CA_FILE", os.environ["CA_FILE"]) - write_env("OCSP_TLS_SHOULD_SUCCEED", os.environ["OCSP_TLS_SHOULD_SUCCEED"]) - if test_name == "auth_aws" and sub_test_name != "ecs-remote": auth_aws_dir = f"{DRIVERS_TOOLS}/.evergreen/auth_aws" if "AWS_ROLE_SESSION_NAME" in os.environ: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 108ba17754..84b6d5909e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -257,9 +257,9 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc ### OCSP tests - - Export the algorithm, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-mustStaple.json`. + - Export the algorithm, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-disableStapling.json`. This corresponds to a config file in `$DRIVERS_TOOLS/.evergreen/orchestration/configs/servers`. - Only the rsa algorithm works on MacOS. + MongoDB servers on MacOS and Windows do not staple OCSP responses and only support RSA. - Run `just run-server ocsp`. - Run `just setup-tests ocsp valid` (options are "valid", "revoked", "valid-delegate", "revoked-delegate"). - Run `just run-tests` From de8a1bd56d9854ab41c5fd5e15e3b0c6bcfa88da Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:13:19 -0600 Subject: [PATCH 09/24] cleanup --- .evergreen/config.yml | 2 +- .evergreen/generated_configs/tasks.yml | 132 ++++++++++--------------- .evergreen/scripts/generate_config.py | 14 ++- .evergreen/scripts/setup_tests.py | 10 +- 4 files changed, 75 insertions(+), 83 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 0973f5859b..ca9bd886dc 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -256,7 +256,7 @@ functions: include_expansions_in_env: [AUTH, SSL, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, COVERAGE, PYTHON_BINARY, LIBMONGOCRYPT_URL, MONGODB_URI, DISABLE_TEST_COMMANDS, GREEN_FRAMEWORK, NO_EXT, COMPRESSORS, MONGODB_API_VERSION, DEBUG_LOG, - OCSP_ALGORITHM, OCSP_SERVER_TYPE] + ORCHESTRATION_FILE, OCSP_SERVER_TYPE] binary: bash working_dir: "src" args: [.evergreen/just.sh, setup-tests, "${TEST_NAME}", "${SUB_TEST_NAME}"] diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 514cebbd24..31a5c9c438 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -755,10 +755,6 @@ tasks: # Ocsp tests - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -767,10 +763,6 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -779,10 +771,6 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -790,6 +778,14 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked-delegate + commands: + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-no-responder commands: - func: run server vars: @@ -798,15 +794,11 @@ tasks: - func: run tests vars: OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -815,10 +807,6 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -827,10 +815,6 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -838,6 +822,14 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate + commands: + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - func: run server vars: @@ -846,15 +838,11 @@ tasks: - func: run tests vars: OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -863,10 +851,6 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -875,10 +859,6 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa @@ -886,6 +866,14 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate + commands: + - func: run tests + vars: + OCSP_ALGORITHM: ecdsa + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-no-responder commands: - func: run server vars: @@ -894,15 +882,11 @@ tasks: - func: run tests vars: OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -911,10 +895,6 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -923,10 +903,6 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -934,6 +910,14 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate + commands: + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - func: run server vars: @@ -942,15 +926,11 @@ tasks: - func: run tests vars: OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -959,10 +939,6 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -971,10 +947,6 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -982,6 +954,14 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked-delegate + commands: + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-no-responder commands: - func: run server vars: @@ -990,15 +970,11 @@ tasks: - func: run tests vars: OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -1007,10 +983,6 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -1019,10 +991,6 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa @@ -1030,6 +998,14 @@ tasks: TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate + commands: + - func: run tests + vars: + OCSP_ALGORITHM: rsa + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-no-responder commands: - func: run server vars: @@ -1038,7 +1014,7 @@ tasks: - func: run tests vars: OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 86bf747ee9..f8432630a8 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -900,7 +900,10 @@ def _create_ocsp_task(file_name, server_type): name = file_name.replace(".json", "") task_name = f"test-ocsp-{name}-{server_type}" - commands = [server_func, test_func] + if server_type == "no-responder": + commands = [server_func, test_func] + else: + commands = [test_func] return EvgTask(name=task_name, tags=tags, commands=commands) @@ -911,9 +914,16 @@ def create_ocsp_tasks(): for path in config_path.glob("*ocsp*"): if "singleEndpoint" in path.name: continue - for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: + for server_type in [ + "valid", + "revoked", + "valid-delegate", + "revoked-delegate", + "no-responder", + ]: task = _create_ocsp_task(path.name, server_type) tasks.append(task) + return tasks diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index a9fb01210f..99000ddc95 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -245,11 +245,17 @@ def handle_test_env() -> None: for name in ["OCSP_SERVER_TYPE", "ORCHESTRATION_FILE"]: if name not in os.environ: raise ValueError(f"Please set {name}") + server_type = os.environ["OCSP_SERVER_TYPE"] - should_succeed = "true" if "valid" in server_type else "false" - write_env("OCSP_TLS_SHOULD_SUCCEED", should_succeed) ocsp_algo = os.environ["ORCHESTRATION_FILE"].split("-")[0] + if server_type == "no-reponder": + should_succeed = "mustStaple" not in ocsp_algo + else: + should_succeed = "true" if "valid" in server_type else "false" + + write_env("OCSP_TLS_SHOULD_SUCCEED", should_succeed) write_env("CA_FILE", f"{DRIVERS_TOOLS}/.evergreen/ocsp/{ocsp_algo}/ca.pem") + env = os.environ.copy() env["SERVER_TYPE"] = server_type env["OCSP_ALGORITHM"] = ocsp_algo From 76a948491d6ece2e8b4887d7f8891525372a2180 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:19:00 -0600 Subject: [PATCH 10/24] update tasks --- .evergreen/generated_configs/tasks.yml | 20 ++++++++++---------- .evergreen/scripts/generate_config.py | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 31a5c9c438..82659bffd5 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -804,7 +804,7 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - func: run tests @@ -812,7 +812,7 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: - func: run tests @@ -820,7 +820,7 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: - func: run tests @@ -828,7 +828,7 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - func: run server @@ -840,7 +840,7 @@ tasks: OCSP_ALGORITHM: ecdsa OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid commands: - func: run tests @@ -892,7 +892,7 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa, ocsp-staple] + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - func: run tests @@ -900,7 +900,7 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa, ocsp-staple] + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate commands: - func: run tests @@ -908,7 +908,7 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa, ocsp-staple] + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: - func: run tests @@ -916,7 +916,7 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa, ocsp-staple] + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - func: run server @@ -928,7 +928,7 @@ tasks: OCSP_ALGORITHM: rsa OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa, ocsp-staple] + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid commands: - func: run tests diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index f8432630a8..d40bf218dc 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -895,7 +895,7 @@ def _create_ocsp_task(file_name, server_type): test_func = FunctionCall(func="run tests", vars=vars) tags = ["ocsp", f"ocsp-{algo}"] - if "mustStaple" in file_name: + if "disableStapling" not in file_name: tags.append("ocsp-staple") name = file_name.replace(".json", "") From b16806ce54b239558330524ed37efb5e89fa053e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:29:31 -0600 Subject: [PATCH 11/24] update tasks --- .evergreen/generated_configs/tasks.yml | 104 +++++-------------------- .evergreen/scripts/generate_config.py | 11 +-- 2 files changed, 24 insertions(+), 91 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 82659bffd5..11d5e82c67 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -769,22 +769,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-no-responder commands: - func: run server @@ -813,22 +797,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - func: run server @@ -857,32 +825,32 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-no-responder commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: valid-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - func: run tests vars: OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-no-responder + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: ecdsa - OCSP_SERVER_TYPE: no-responder + OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid @@ -901,22 +869,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - func: run server @@ -945,22 +897,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked-delegate - commands: - - func: run tests - vars: - OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-no-responder commands: - func: run server @@ -989,32 +925,32 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-no-responder commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: valid-delegate + OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - func: run tests vars: OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: revoked-delegate + OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-no-responder + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: OCSP_ALGORITHM: rsa - OCSP_SERVER_TYPE: no-responder + OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index d40bf218dc..583d935b83 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -914,13 +914,10 @@ def create_ocsp_tasks(): for path in config_path.glob("*ocsp*"): if "singleEndpoint" in path.name: continue - for server_type in [ - "valid", - "revoked", - "valid-delegate", - "revoked-delegate", - "no-responder", - ]: + server_types = ["valid", "revoked", "no-responder"] + if "disableStapling" not in path.name: + server_types.extend(["valid-delegate", "revoked-delegate"]) + for server_type in server_types: task = _create_ocsp_task(path.name, server_type) tasks.append(task) From dd42342b58b3ec2ddd554e195acc6f319c829255 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:30:07 -0600 Subject: [PATCH 12/24] update tasks --- .evergreen/generated_configs/tasks.yml | 44 +++++++++++++------------- .evergreen/scripts/generate_config.py | 2 +- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 11d5e82c67..129279cc6d 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -757,7 +757,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] @@ -765,7 +765,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] @@ -777,7 +777,7 @@ tasks: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] @@ -785,7 +785,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] @@ -793,7 +793,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] @@ -805,7 +805,7 @@ tasks: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] @@ -813,7 +813,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] @@ -821,7 +821,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] @@ -833,7 +833,7 @@ tasks: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] @@ -841,7 +841,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] @@ -849,7 +849,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: ecdsa + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] @@ -857,7 +857,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] @@ -865,7 +865,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] @@ -877,7 +877,7 @@ tasks: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] @@ -885,7 +885,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] @@ -893,7 +893,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] @@ -905,7 +905,7 @@ tasks: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] @@ -913,7 +913,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] @@ -921,7 +921,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] @@ -933,7 +933,7 @@ tasks: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] @@ -941,7 +941,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] @@ -949,7 +949,7 @@ tasks: commands: - func: run tests vars: - OCSP_ALGORITHM: rsa + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 583d935b83..28bdc5f3e3 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -891,7 +891,7 @@ def _create_ocsp_task(file_name, server_type): vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name) server_func = FunctionCall(func="run server", vars=vars) - vars = dict(OCSP_ALGORITHM=algo, OCSP_SERVER_TYPE=server_type, TEST_NAME="ocsp") + vars = dict(ORCHESTRATION_FILE=file_name, OCSP_SERVER_TYPE=server_type, TEST_NAME="ocsp") test_func = FunctionCall(func="run tests", vars=vars) tags = ["ocsp", f"ocsp-{algo}"] From 25908931b0dfd66a375eb447d3ad366de3da8852 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:46:34 -0600 Subject: [PATCH 13/24] update tasks --- .evergreen/generated_configs/tasks.yml | 88 +++++++++++++++++++------- .evergreen/scripts/generate_config.py | 4 +- .evergreen/scripts/run_server.py | 1 + 3 files changed, 67 insertions(+), 26 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 129279cc6d..821babe8e7 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -755,6 +755,10 @@ tasks: # Ocsp tests - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json @@ -763,6 +767,10 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json @@ -771,10 +779,6 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-no-responder commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json @@ -783,6 +787,10 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -791,6 +799,10 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -799,10 +811,6 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -811,6 +819,10 @@ tasks: tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json @@ -819,6 +831,10 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json @@ -827,10 +843,6 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-no-responder commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json @@ -839,6 +851,10 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json @@ -847,6 +863,10 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json @@ -855,6 +875,10 @@ tasks: tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -863,6 +887,10 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -871,10 +899,6 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -883,6 +907,10 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json @@ -891,6 +919,10 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json @@ -899,10 +931,6 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-no-responder commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json @@ -911,6 +939,10 @@ tasks: tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json @@ -919,6 +951,10 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json @@ -927,10 +963,6 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-no-responder commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json @@ -939,6 +971,10 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json @@ -947,6 +983,10 @@ tasks: tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 28bdc5f3e3..2587bc4b8c 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -901,9 +901,9 @@ def _create_ocsp_task(file_name, server_type): name = file_name.replace(".json", "") task_name = f"test-ocsp-{name}-{server_type}" if server_type == "no-responder": - commands = [server_func, test_func] - else: commands = [test_func] + else: + commands = [server_func, test_func] return EvgTask(name=task_name, tags=tags, commands=commands) diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index 6f097f84f0..f6c33260c9 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -33,6 +33,7 @@ def start_server(): set_env("LOAD_BALANCER") elif test_name == "ocsp": + opts.ssl = True if "ORCHESTRATION_FILE" not in os.environ: found = False for opt in extra_opts: From 3a72797a7f4f9179e8c02e75e46c51954fa872f2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:48:54 -0600 Subject: [PATCH 14/24] fix handling of ocsp server --- .evergreen/scripts/generate_config.py | 5 +---- .evergreen/scripts/setup_tests.py | 9 +++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index 2587bc4b8c..fe87bdbfde 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -900,10 +900,7 @@ def _create_ocsp_task(file_name, server_type): name = file_name.replace(".json", "") task_name = f"test-ocsp-{name}-{server_type}" - if server_type == "no-responder": - commands = [test_func] - else: - commands = [server_func, test_func] + commands = [server_func, test_func] return EvgTask(name=task_name, tags=tags, commands=commands) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 99000ddc95..98179437f6 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -256,10 +256,11 @@ def handle_test_env() -> None: write_env("OCSP_TLS_SHOULD_SUCCEED", should_succeed) write_env("CA_FILE", f"{DRIVERS_TOOLS}/.evergreen/ocsp/{ocsp_algo}/ca.pem") - env = os.environ.copy() - env["SERVER_TYPE"] = server_type - env["OCSP_ALGORITHM"] = ocsp_algo - run_command(f"bash {DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh", env=env) + if server_type != "no-responder": + env = os.environ.copy() + env["SERVER_TYPE"] = server_type + env["OCSP_ALGORITHM"] = ocsp_algo + run_command(f"bash {DRIVERS_TOOLS}/.evergreen/ocsp/setup.sh", env=env) if SSL != "nossl": if not DRIVERS_TOOLS: From 176b086ef16dbc486a51b847fbeafff8c1644157 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 11:57:48 -0600 Subject: [PATCH 15/24] fix handling of tls --- .evergreen/scripts/run_server.py | 9 +++++---- .evergreen/scripts/setup_tests.py | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.evergreen/scripts/run_server.py b/.evergreen/scripts/run_server.py index f6c33260c9..f6a45c23a4 100644 --- a/.evergreen/scripts/run_server.py +++ b/.evergreen/scripts/run_server.py @@ -47,10 +47,11 @@ def start_server(): if opts.ssl: extra_opts.append("--ssl") - certs = ROOT / "test/certificates" - set_env("TLS_CERT_KEY_FILE", certs / "client.pem") - set_env("TLS_PEM_KEY_FILE", certs / "server.pem") - set_env("TLS_CA_FILE", certs / "ca.pem") + if test_name != "ocsp": + certs = ROOT / "test/certificates" + set_env("TLS_CERT_KEY_FILE", certs / "client.pem") + set_env("TLS_PEM_KEY_FILE", certs / "server.pem") + set_env("TLS_CA_FILE", certs / "ca.pem") cmd = ["bash", f"{DRIVERS_TOOLS}/.evergreen/run-orchestration.sh", *extra_opts] run_command(cmd, cwd=DRIVERS_TOOLS) diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index 98179437f6..dcef845b7d 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -249,11 +249,11 @@ def handle_test_env() -> None: server_type = os.environ["OCSP_SERVER_TYPE"] ocsp_algo = os.environ["ORCHESTRATION_FILE"].split("-")[0] if server_type == "no-reponder": - should_succeed = "mustStaple" not in ocsp_algo + tls_should_succeed = False else: - should_succeed = "true" if "valid" in server_type else "false" + tls_should_succeed = "true" if "valid" in server_type else "false" - write_env("OCSP_TLS_SHOULD_SUCCEED", should_succeed) + write_env("OCSP_TLS_SHOULD_SUCCEED", tls_should_succeed) write_env("CA_FILE", f"{DRIVERS_TOOLS}/.evergreen/ocsp/{ocsp_algo}/ca.pem") if server_type != "no-responder": From 673dafb60315d50c80d69b508e2ca5f8e5203810 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 12:19:44 -0600 Subject: [PATCH 16/24] update tasks --- .evergreen/generated_configs/tasks.yml | 128 +++++++++++++++++++++---- .evergreen/scripts/generate_config.py | 14 ++- 2 files changed, 122 insertions(+), 20 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 821babe8e7..754cdcf1fd 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -777,8 +777,36 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-no-responder commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json @@ -809,8 +837,36 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -841,14 +897,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-no-responder - commands: - - func: run tests - vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - OCSP_SERVER_TYPE: no-responder - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - func: run server @@ -897,8 +945,36 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json @@ -929,8 +1005,36 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: valid-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked-delegate + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-no-responder commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: ORCHESTRATION_FILE: rsa-basic-tls-ocsp-disableStapling.json @@ -961,14 +1065,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-no-responder - commands: - - func: run tests - vars: - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple.json - OCSP_SERVER_TYPE: no-responder - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa, ocsp-staple] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate commands: - func: run server diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index fe87bdbfde..d7fed803ba 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -911,12 +911,18 @@ def create_ocsp_tasks(): for path in config_path.glob("*ocsp*"): if "singleEndpoint" in path.name: continue - server_types = ["valid", "revoked", "no-responder"] - if "disableStapling" not in path.name: - server_types.extend(["valid-delegate", "revoked-delegate"]) - for server_type in server_types: + # Handle the tests that start an OCSP server. + for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: task = _create_ocsp_task(path.name, server_type) tasks.append(task) + # Soft Fail Test: No OCSP Responder + server that does not staple. + if "basic-tls-ocsp-disableStapling.json" in path.name: + task = _create_ocsp_task(path.name, "no-responder") + tasks.append(task) + # Malicious Server Test 2: No OCSP Responder + server w/ Must- Staple cert that does not staple. + elif "basic-tls-ocsp-mustStaple-disableStapling.json" in path.name: + task = _create_ocsp_task(path.name, "no-responder") + tasks.append(task) return tasks From 123f70511de62895370750bfd92f7ea1b37f83dc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 12:27:41 -0600 Subject: [PATCH 17/24] update tasks --- .evergreen/generated_configs/tasks.yml | 48 -------------------------- .evergreen/scripts/generate_config.py | 5 +++ 2 files changed, 5 insertions(+), 48 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 754cdcf1fd..09a172ec14 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -813,18 +813,6 @@ tasks: OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - - func: run tests - vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: valid - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - func: run server @@ -837,18 +825,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - - func: run tests - vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: valid-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: - func: run server @@ -921,18 +897,6 @@ tasks: OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - - func: run tests - vars: - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: valid - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked commands: - func: run server @@ -945,18 +909,6 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-valid-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - - func: run tests - vars: - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: valid-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate commands: - func: run server diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index d7fed803ba..ba349a2e9e 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -913,6 +913,11 @@ def create_ocsp_tasks(): continue # Handle the tests that start an OCSP server. for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: + if ( + "valid" in server_type + and "basic-tls-ocsp-mustStaple-disableStapling.json" in path.name + ): + continue task = _create_ocsp_task(path.name, server_type) tasks.append(task) # Soft Fail Test: No OCSP Responder + server that does not staple. From 81e6308c00a51b12ad9482c414ed87ba53d1b164 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 7 Mar 2025 12:37:21 -0600 Subject: [PATCH 18/24] update tasks --- .evergreen/scripts/generate_config.py | 1 + .evergreen/scripts/setup_tests.py | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index ba349a2e9e..e5371474a1 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -913,6 +913,7 @@ def create_ocsp_tasks(): continue # Handle the tests that start an OCSP server. for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: + # Malicious server tests are never valid. if ( "valid" in server_type and "basic-tls-ocsp-mustStaple-disableStapling.json" in path.name diff --git a/.evergreen/scripts/setup_tests.py b/.evergreen/scripts/setup_tests.py index dcef845b7d..b75a821c3a 100644 --- a/.evergreen/scripts/setup_tests.py +++ b/.evergreen/scripts/setup_tests.py @@ -247,9 +247,10 @@ def handle_test_env() -> None: raise ValueError(f"Please set {name}") server_type = os.environ["OCSP_SERVER_TYPE"] - ocsp_algo = os.environ["ORCHESTRATION_FILE"].split("-")[0] - if server_type == "no-reponder": - tls_should_succeed = False + orch_file = os.environ["ORCHESTRATION_FILE"] + ocsp_algo = orch_file.split("-")[0] + if server_type == "no-responder": + tls_should_succeed = "false" if "mustStaple-disableStapling" in orch_file else "true" else: tls_should_succeed = "true" if "valid" in server_type else "false" From 9e99604bdfaad277570ee19dfa5aa6e669c43abe Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 8 Mar 2025 12:56:54 -0600 Subject: [PATCH 19/24] update tasks --- .evergreen/generated_configs/tasks.yml | 186 ++++++++++++------------- .evergreen/scripts/generate_config.py | 61 ++++---- 2 files changed, 126 insertions(+), 121 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 09a172ec14..467d44fddc 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -753,187 +753,151 @@ tasks: tags: [load-balancer, noauth, nossl] # Ocsp tests - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid + - name: test-ocsp-edcsa-valid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-invalid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-valid-delegate + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-delegate-valid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-revoked-delegate + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-delegate-invalid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-disableStapling-no-responder + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-soft-fail commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-valid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: revoked - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - - func: run tests - vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: revoked-delegate - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - - func: run tests - vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - OCSP_SERVER_TYPE: no-responder - TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid - commands: - - func: run server - vars: - TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - - func: run tests - vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked + tags: [ocsp, ocsp-edcsa, ocsp-staple] + - name: test-ocsp-edcsa-invalid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-valid-delegate + tags: [ocsp, ocsp-edcsa, ocsp-staple] + - name: test-ocsp-edcsa-delegate-valid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-ecdsa-basic-tls-ocsp-mustStaple-revoked-delegate + tags: [ocsp, ocsp-edcsa, ocsp-staple] + - name: test-ocsp-edcsa-delegate-invalid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-ecdsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked + tags: [ocsp, ocsp-edcsa, ocsp-staple] + - name: test-ocsp-edcsa-malicious-invalid-cert-mustStaple-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-revoked-delegate + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-disableStapling-no-responder + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-edcsa-malicious-no-responder-mustStaple-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp - tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid + tags: [ocsp, ocsp-edcsa] + - name: test-ocsp-rsa-valid-cert-server-does-not-staple commands: - func: run server vars: @@ -945,7 +909,7 @@ tasks: OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked + - name: test-ocsp-rsa-invalid-cert-server-does-not-staple commands: - func: run server vars: @@ -957,7 +921,7 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-valid-delegate + - name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple commands: - func: run server vars: @@ -969,7 +933,7 @@ tasks: OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-revoked-delegate + - name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple commands: - func: run server vars: @@ -981,7 +945,7 @@ tasks: OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-disableStapling-no-responder + - name: test-ocsp-rsa-soft-fail commands: - func: run server vars: @@ -993,7 +957,7 @@ tasks: OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp tags: [ocsp, ocsp-rsa] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid + - name: test-ocsp-rsa-valid-cert-server-staples commands: - func: run server vars: @@ -1005,7 +969,7 @@ tasks: OCSP_SERVER_TYPE: valid TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked + - name: test-ocsp-rsa-invalid-cert-server-staples commands: - func: run server vars: @@ -1017,7 +981,7 @@ tasks: OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-valid-delegate + - name: test-ocsp-rsa-delegate-valid-cert-server-staples commands: - func: run server vars: @@ -1029,7 +993,7 @@ tasks: OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] - - name: test-ocsp-rsa-basic-tls-ocsp-mustStaple-revoked-delegate + - name: test-ocsp-rsa-delegate-invalid-cert-server-staples commands: - func: run server vars: @@ -1041,6 +1005,42 @@ tasks: OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp tags: [ocsp, ocsp-rsa, ocsp-staple] + - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: revoked-delegate + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] + - name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple + commands: + - func: run server + vars: + TEST_NAME: ocsp + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + - func: run tests + vars: + ORCHESTRATION_FILE: rsa-basic-tls-ocsp-mustStaple-disableStapling.json + OCSP_SERVER_TYPE: no-responder + TEST_NAME: ocsp + tags: [ocsp, ocsp-rsa] # Server tests - name: test-4.0-standalone-auth-ssl-sync diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index e5371474a1..db5fb8efad 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -9,7 +9,6 @@ # Note: Run this file with `pipx run`, or `uv run`. from __future__ import annotations -import os import sys from dataclasses import dataclass from inspect import getmembers, isfunction @@ -885,8 +884,8 @@ def create_aws_tasks(): return tasks -def _create_ocsp_task(file_name, server_type): - algo = file_name.split("-")[0] +def _create_ocsp_task(algo, variant, server_type, base_task_name): + file_name = f"{algo}-basic-tls-ocsp-{variant}.json" vars = dict(TEST_NAME="ocsp", ORCHESTRATION_FILE=file_name) server_func = FunctionCall(func="run server", vars=vars) @@ -895,39 +894,45 @@ def _create_ocsp_task(file_name, server_type): test_func = FunctionCall(func="run tests", vars=vars) tags = ["ocsp", f"ocsp-{algo}"] - if "disableStapling" not in file_name: + if "disableStapling" not in variant: tags.append("ocsp-staple") - name = file_name.replace(".json", "") - task_name = f"test-ocsp-{name}-{server_type}" + task_name = f"test-ocsp-{algo}-{base_task_name}" commands = [server_func, test_func] return EvgTask(name=task_name, tags=tags, commands=commands) def create_ocsp_tasks(): tasks = [] - drivers_tools = os.environ["DRIVERS_TOOLS"] - config_path = Path(drivers_tools) / ".evergreen/orchestration/configs/servers" - for path in config_path.glob("*ocsp*"): - if "singleEndpoint" in path.name: - continue - # Handle the tests that start an OCSP server. - for server_type in ["valid", "revoked", "valid-delegate", "revoked-delegate"]: - # Malicious server tests are never valid. - if ( - "valid" in server_type - and "basic-tls-ocsp-mustStaple-disableStapling.json" in path.name - ): - continue - task = _create_ocsp_task(path.name, server_type) - tasks.append(task) - # Soft Fail Test: No OCSP Responder + server that does not staple. - if "basic-tls-ocsp-disableStapling.json" in path.name: - task = _create_ocsp_task(path.name, "no-responder") - tasks.append(task) - # Malicious Server Test 2: No OCSP Responder + server w/ Must- Staple cert that does not staple. - elif "basic-tls-ocsp-mustStaple-disableStapling.json" in path.name: - task = _create_ocsp_task(path.name, "no-responder") + tests = [ + ("disableStapling", "valid", "valid-cert-server-does-not-staple"), + ("disableStapling", "revoked", "invalid-cert-server-does-not-staple"), + ("disableStapling", "valid-delegate", "delegate-valid-cert-server-does-not-staple"), + ("disableStapling", "revoked-delegate", "delegate-invalid-cert-server-does-not-staple"), + ("disableStapling", "no-responder", "soft-fail"), + ("mustStaple", "valid", "valid-cert-server-staples"), + ("mustStaple", "revoked", "invalid-cert-server-staples"), + ("mustStaple", "valid-delegate", "delegate-valid-cert-server-staples"), + ("mustStaple", "revoked-delegate", "delegate-invalid-cert-server-staples"), + ( + "mustStaple-disableStapling", + "revoked", + "malicious-invalid-cert-mustStaple-server-does-not-staple", + ), + ( + "mustStaple-disableStapling", + "revoked-delegate", + "delegate-malicious-invalid-cert-mustStaple-server-does-not-staple", + ), + ( + "mustStaple-disableStapling", + "no-responder", + "malicious-no-responder-mustStaple-server-does-not-staple", + ), + ] + for algo in ["edcsa", "rsa"]: + for variant, server_type, base_task_name in tests: + task = _create_ocsp_task(algo, variant, server_type, base_task_name) tasks.append(task) return tasks From cb7a33abee34ddcc39319458c6767761cf35550f Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 8 Mar 2025 13:04:32 -0600 Subject: [PATCH 20/24] update tasks --- .evergreen/generated_configs/tasks.yml | 96 +++++++++++++------------- .evergreen/scripts/generate_config.py | 2 +- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/.evergreen/generated_configs/tasks.yml b/.evergreen/generated_configs/tasks.yml index 467d44fddc..02ee29e6ed 100644 --- a/.evergreen/generated_configs/tasks.yml +++ b/.evergreen/generated_configs/tasks.yml @@ -753,150 +753,150 @@ tasks: tags: [load-balancer, noauth, nossl] # Ocsp tests - - name: test-ocsp-edcsa-valid-cert-server-does-not-staple + - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-invalid-cert-server-does-not-staple + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-delegate-valid-cert-server-does-not-staple + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-delegate-invalid-cert-server-does-not-staple + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-soft-fail + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-soft-fail commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-valid-cert-server-staples + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-valid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa, ocsp-staple] - - name: test-ocsp-edcsa-invalid-cert-server-staples + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-invalid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa, ocsp-staple] - - name: test-ocsp-edcsa-delegate-valid-cert-server-staples + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-delegate-valid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: valid-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa, ocsp-staple] - - name: test-ocsp-edcsa-delegate-invalid-cert-server-staples + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa, ocsp-staple] - - name: test-ocsp-edcsa-malicious-invalid-cert-mustStaple-server-does-not-staple + tags: [ocsp, ocsp-ecdsa, ocsp-staple] + - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: revoked TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: revoked-delegate TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] - - name: test-ocsp-edcsa-malicious-no-responder-mustStaple-server-does-not-staple + tags: [ocsp, ocsp-ecdsa] + - name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple commands: - func: run server vars: TEST_NAME: ocsp - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json - func: run tests vars: - ORCHESTRATION_FILE: edcsa-basic-tls-ocsp-mustStaple-disableStapling.json + ORCHESTRATION_FILE: ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json OCSP_SERVER_TYPE: no-responder TEST_NAME: ocsp - tags: [ocsp, ocsp-edcsa] + tags: [ocsp, ocsp-ecdsa] - name: test-ocsp-rsa-valid-cert-server-does-not-staple commands: - func: run server diff --git a/.evergreen/scripts/generate_config.py b/.evergreen/scripts/generate_config.py index db5fb8efad..505c6de060 100644 --- a/.evergreen/scripts/generate_config.py +++ b/.evergreen/scripts/generate_config.py @@ -930,7 +930,7 @@ def create_ocsp_tasks(): "malicious-no-responder-mustStaple-server-does-not-staple", ), ] - for algo in ["edcsa", "rsa"]: + for algo in ["ecdsa", "rsa"]: for variant, server_type, base_task_name in tests: task = _create_ocsp_task(algo, variant, server_type, base_task_name) tasks.append(task) From ceb356870ec6fde5291edbb4cba82620ce93c4c7 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 07:26:18 -0500 Subject: [PATCH 21/24] add a note about no-responder --- CONTRIBUTING.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 84b6d5909e..4bad10b17a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -264,6 +264,8 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc - Run `just setup-tests ocsp valid` (options are "valid", "revoked", "valid-delegate", "revoked-delegate"). - Run `just run-tests` + If you are running one of the `no-responder` tests, omit the `run-server` step. + ## Enable Debug Logs - Use `-o log_cli_level="DEBUG" -o log_cli=1` with `just test` or `pytest`. - Add `log_cli_level = "DEBUG` and `log_cli = 1` to the `tool.pytest.ini_options` section in `pyproject.toml` for Evergreen patches or to enable debug logs by default on your machine. From 91f9f762ac05c74e24d2d2077ffd2608f865db9d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 09:00:58 -0500 Subject: [PATCH 22/24] use upstream --- .evergreen/scripts/configure-env.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/.evergreen/scripts/configure-env.sh b/.evergreen/scripts/configure-env.sh index 7f142e2900..f23af8a811 100755 --- a/.evergreen/scripts/configure-env.sh +++ b/.evergreen/scripts/configure-env.sh @@ -78,8 +78,6 @@ EOT rm -rf $DRIVERS_TOOLS BRANCH=master ORG=mongodb-labs -BRANCH=ocsp-updates -ORG=blink1073 git clone --branch $BRANCH https://github.com/$ORG/drivers-evergreen-tools.git $DRIVERS_TOOLS cat < ${DRIVERS_TOOLS}/.env From a674f76e1bd9fa5410508ad266bc4ed6b827b8b8 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 10:05:45 -0500 Subject: [PATCH 23/24] Update CONTRIBUTING.md Co-authored-by: Noah Stapp --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4bad10b17a..e55f26458d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -257,7 +257,7 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc ### OCSP tests - - Export the algorithm, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-disableStapling.json`. + - Export the orchestration file, e.g. `export ORCHESTRATION_FILE=rsa-basic-tls-ocsp-disableStapling.json`. This corresponds to a config file in `$DRIVERS_TOOLS/.evergreen/orchestration/configs/servers`. MongoDB servers on MacOS and Windows do not staple OCSP responses and only support RSA. - Run `just run-server ocsp`. From 4ce1c18603a7bc527ef9102e2d333eb1c3112663 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 10 Mar 2025 10:05:55 -0500 Subject: [PATCH 24/24] Update CONTRIBUTING.md Co-authored-by: Noah Stapp --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e55f26458d..1d8783d9d1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -261,7 +261,7 @@ For KMS tests that run remotely and are expected to pass, in this case using `gc This corresponds to a config file in `$DRIVERS_TOOLS/.evergreen/orchestration/configs/servers`. MongoDB servers on MacOS and Windows do not staple OCSP responses and only support RSA. - Run `just run-server ocsp`. - - Run `just setup-tests ocsp valid` (options are "valid", "revoked", "valid-delegate", "revoked-delegate"). + - Run `just setup-tests ocsp ` (options are "valid", "revoked", "valid-delegate", "revoked-delegate"). - Run `just run-tests` If you are running one of the `no-responder` tests, omit the `run-server` step.