Skip to content

Commit 243d154

Browse files
abr-egnabr-egn
authored
RUST-1830 Switch to standard scripts for csfle test servers (#1113)
1 parent 8c8faaf commit 243d154

File tree

5 files changed

+71
-56
lines changed

5 files changed

+71
-56
lines changed

.evergreen/config.yml

Lines changed: 33 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ pre:
3030

3131
# Functions to run after all tasks (except those in task groups).
3232
post:
33+
- func: "stop csfle servers"
3334
- func: "stop load balancer"
3435
- func: "stop mongo orchestration"
3536
- func: "tear down aws"
@@ -357,7 +358,6 @@ buildvariants:
357358

358359
- name: in-use-encryption-openssl
359360
display_name: "In-Use Encryption (OpenSSL)"
360-
patchable: false
361361
run_on:
362362
- rhel80-small
363363
expansions:
@@ -904,7 +904,7 @@ tasks:
904904
vars:
905905
MONGODB_VERSION: 4.2
906906
TOPOLOGY: replica_set
907-
- func: "run mock azure imds server"
907+
- func: "start csfle servers"
908908
- func: "run csfle tests"
909909

910910
- name: test-in-use-encryption-4.4
@@ -915,7 +915,7 @@ tasks:
915915
vars:
916916
MONGODB_VERSION: 4.4
917917
TOPOLOGY: replica_set
918-
- func: "run mock azure imds server"
918+
- func: "start csfle servers"
919919
- func: "run csfle tests"
920920

921921
- name: test-in-use-encryption-5.0
@@ -926,7 +926,7 @@ tasks:
926926
vars:
927927
MONGODB_VERSION: 5.0
928928
TOPOLOGY: replica_set
929-
- func: "run mock azure imds server"
929+
- func: "start csfle servers"
930930
- func: "run csfle tests"
931931

932932
- name: test-in-use-encryption-6.0
@@ -937,7 +937,7 @@ tasks:
937937
vars:
938938
MONGODB_VERSION: 6.0
939939
TOPOLOGY: replica_set
940-
- func: "run mock azure imds server"
940+
- func: "start csfle servers"
941941
- func: "run csfle tests"
942942

943943
- name: test-in-use-encryption-7.0
@@ -948,7 +948,7 @@ tasks:
948948
vars:
949949
MONGODB_VERSION: 7.0
950950
TOPOLOGY: replica_set
951-
- func: "run mock azure imds server"
951+
- func: "start csfle servers"
952952
- func: "run csfle tests"
953953

954954
- name: test-in-use-encryption-rapid
@@ -959,7 +959,7 @@ tasks:
959959
vars:
960960
MONGODB_VERSION: rapid
961961
TOPOLOGY: replica_set
962-
- func: "run mock azure imds server"
962+
- func: "start csfle servers"
963963
- func: "run csfle tests"
964964

965965
- name: test-in-use-encryption-latest
@@ -970,7 +970,7 @@ tasks:
970970
vars:
971971
MONGODB_VERSION: latest
972972
TOPOLOGY: replica_set
973-
- func: "run mock azure imds server"
973+
- func: "start csfle servers"
974974
- func: "run csfle tests"
975975

976976
- name: test-in-use-encryption-openssl
@@ -980,8 +980,7 @@ tasks:
980980
vars:
981981
MONGODB_VERSION: rapid
982982
TOPOLOGY: replica_set
983-
- func: "run kmip server"
984-
- func: "run mock azure imds server"
983+
- func: "start csfle servers"
985984
- func: "run csfle tests"
986985

987986
- name: test-in-use-encryption-serverless
@@ -993,8 +992,7 @@ tasks:
993992
params:
994993
file: serverless-expansion.yml
995994
- func: "install libmongocrypt"
996-
- func: "run kmip server"
997-
- func: "run mock azure imds server"
995+
- func: "start csfle servers"
998996
- func: "run csfle serverless tests"
999997

1000998
- name: test-load-balancer-5.0
@@ -1432,26 +1430,38 @@ functions:
14321430
14331431
.evergreen/run-atlas-tests.sh
14341432
1435-
"run kmip server":
1436-
- command: shell.exec
1433+
"start csfle servers":
1434+
- command: ec2.assume_role
1435+
params:
1436+
role_arn: ${aws_test_secrets_role}
1437+
- command: subprocess.exec
14371438
params:
14381439
working_dir: src
1439-
shell: bash
1440+
binary: bash
1441+
include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
1442+
args:
1443+
- ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh
1444+
- command: subprocess.exec
1445+
params:
1446+
working_dir: src
1447+
binary: bash
14401448
background: true
1441-
script: |
1442-
${PREPARE_SHELL}
1443-
export TLS_FEATURE=${TLS_FEATURE}
1444-
.evergreen/run-csfle-kmip-servers.sh
1449+
args:
1450+
- ${DRIVERS_TOOLS}/.evergreen/csfle/start-servers.sh
1451+
- command: subprocess.exec
1452+
params:
1453+
working_dir: src
1454+
binary: bash
1455+
args:
1456+
- ${DRIVERS_TOOLS}/.evergreen/csfle/await-servers.sh
14451457

1446-
"run mock azure imds server":
1458+
"stop csfle servers":
14471459
- command: subprocess.exec
14481460
params:
14491461
working_dir: src
1450-
background: true
14511462
binary: bash
14521463
args:
1453-
- .evergreen/run-csfle-mock-azure-imds.sh
1454-
add_expansions_to_env: true
1464+
- ${DRIVERS_TOOLS}/.evergreen/csfle/stop-servers.sh
14551465

14561466
"run csfle tests":
14571467
- command: subprocess.exec

.evergreen/create-expansions.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ LD_LIBRARY_PATH: "${LD_LIBRARY_PATH}"
4343
TMPDIR: "${TMPDIR}"
4444
PATH: "${PATH}"
4545
PROJECT: "${PROJECT}"
46-
AZURE_IMDS_MOCK_PORT: 44175
46+
AZURE_IMDS_MOCK_PORT: 8080
4747
PREPARE_SHELL: |
4848
set -o errexit
4949
set -o xtrace

.evergreen/run-csfle-tests.sh

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,7 @@ if [ "$OS" = "Windows_NT" ]; then
2222
export SSL_CERT_DIR=$(cygpath /etc/ssl/certs --windows)
2323
fi
2424

25-
pushd ${DRIVERS_TOOLS}/.evergreen/csfle
26-
. ./activate-kmstlsvenv.sh
27-
popd
28-
export PYTHON=python # use the venv-provided python
29-
export AWS_DEFAULT_REGION=us-east-1
30-
. ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh
31-
32-
echo "cargo test options: $(cargo_test_options)"
25+
. ./secrets-export.sh
3326

3427
set +o errexit
3528

src/client/auth/aws.rs

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -170,24 +170,32 @@ pub(crate) struct AwsCredential {
170170
expiration: Option<bson::DateTime>,
171171
}
172172

173+
fn non_empty(s: Option<String>) -> Option<String> {
174+
match s {
175+
None => None,
176+
Some(s) if s.is_empty() => None,
177+
Some(s) => Some(s),
178+
}
179+
}
180+
173181
impl AwsCredential {
174182
/// Derives the credentials for an authentication attempt given the set of credentials the user
175183
/// passed in.
176184
pub(crate) async fn get(credential: &Credential, http_client: &HttpClient) -> Result<Self> {
177185
let access_key = credential
178186
.username
179187
.clone()
180-
.or_else(|| std::env::var("AWS_ACCESS_KEY_ID").ok());
188+
.or_else(|| non_empty(std::env::var("AWS_ACCESS_KEY_ID").ok()));
181189
let secret_key = credential
182190
.password
183191
.clone()
184-
.or_else(|| std::env::var("AWS_SECRET_ACCESS_KEY").ok());
192+
.or_else(|| non_empty(std::env::var("AWS_SECRET_ACCESS_KEY").ok()));
185193
let session_token = credential
186194
.mechanism_properties
187195
.as_ref()
188196
.and_then(|d| d.get_str("AWS_SESSION_TOKEN").ok())
189197
.map(|s| s.to_string())
190-
.or_else(|| std::env::var("AWS_SESSION_TOKEN").ok());
198+
.or_else(|| non_empty(std::env::var("AWS_SESSION_TOKEN").ok()));
191199

192200
let found_access_key = access_key.is_some();
193201
let found_secret_key = secret_key.is_some();

src/test/csfle.rs

Lines changed: 25 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -91,25 +91,25 @@ static KMS_PROVIDERS: Lazy<KmsProviderList> = Lazy::new(|| {
9191
(
9292
KmsProvider::Aws,
9393
doc! {
94-
"accessKeyId": env("AWS_ACCESS_KEY_ID"),
95-
"secretAccessKey": env("AWS_SECRET_ACCESS_KEY"),
94+
"accessKeyId": env("FLE_AWS_KEY"),
95+
"secretAccessKey": env("FLE_AWS_SECRET"),
9696
},
9797
None,
9898
),
9999
(
100100
KmsProvider::Azure,
101101
doc! {
102-
"tenantId": env("AZURE_TENANT_ID"),
103-
"clientId": env("AZURE_CLIENT_ID"),
104-
"clientSecret": env("AZURE_CLIENT_SECRET"),
102+
"tenantId": env("FLE_AZURE_TENANTID"),
103+
"clientId": env("FLE_AZURE_CLIENTID"),
104+
"clientSecret": env("FLE_AZURE_CLIENTSECRET"),
105105
},
106106
None,
107107
),
108108
(
109109
KmsProvider::Gcp,
110110
doc! {
111-
"email": env("GCP_EMAIL"),
112-
"privateKey": env("GCP_PRIVATE_KEY"),
111+
"email": env("FLE_GCP_EMAIL"),
112+
"privateKey": env("FLE_GCP_PRIVATEKEY"),
113113
},
114114
None,
115115
),
@@ -1641,6 +1641,10 @@ impl DeadlockExpectation {
16411641
}
16421642
}
16431643

1644+
const KMS_EXPIRED: &str = "127.0.0.1:9000";
1645+
const KMS_WRONG_HOST: &str = "127.0.0.1:9001";
1646+
const KMS_CORRECT: &str = "127.0.0.1:9002";
1647+
16441648
// Prose test 10. KMS TLS Tests
16451649
#[tokio::test]
16461650
async fn kms_tls() -> Result<()> {
@@ -1649,15 +1653,15 @@ async fn kms_tls() -> Result<()> {
16491653
}
16501654

16511655
// Invalid KMS Certificate
1652-
let err = run_kms_tls_test("127.0.0.1:9000").await.unwrap_err();
1656+
let err = run_kms_tls_test(KMS_EXPIRED).await.unwrap_err();
16531657
assert!(
16541658
err.to_string().contains("certificate verify failed"),
16551659
"unexpected error: {}",
16561660
err
16571661
);
16581662

16591663
// Invalid Hostname in KMS Certificate
1660-
let err = run_kms_tls_test("127.0.0.1:9001").await.unwrap_err();
1664+
let err = run_kms_tls_test(KMS_WRONG_HOST).await.unwrap_err();
16611665
assert!(
16621666
err.to_string().contains("certificate verify failed"),
16631667
"unexpected error: {}",
@@ -1716,12 +1720,12 @@ async fn kms_tls_options() -> Result<()> {
17161720
.get_mut(&KmsProvider::Azure)
17171721
.unwrap()
17181722
.0
1719-
.insert("identityPlatformEndpoint", "127.0.0.1:9002");
1723+
.insert("identityPlatformEndpoint", KMS_CORRECT);
17201724
base_providers
17211725
.get_mut(&KmsProvider::Gcp)
17221726
.unwrap()
17231727
.0
1724-
.insert("endpoint", "127.0.0.1:9002");
1728+
.insert("endpoint", KMS_CORRECT);
17251729

17261730
let cert_dir = PathBuf::from(std::env::var("CSFLE_TLS_CERT_DIR").unwrap());
17271731
let ca_path = cert_dir.join("ca.pem");
@@ -1754,17 +1758,17 @@ async fn kms_tls_options() -> Result<()> {
17541758
.get_mut(&KmsProvider::Azure)
17551759
.unwrap()
17561760
.0
1757-
.insert("identityPlatformEndpoint", "127.0.0.1:9000");
1761+
.insert("identityPlatformEndpoint", KMS_EXPIRED);
17581762
providers
17591763
.get_mut(&KmsProvider::Gcp)
17601764
.unwrap()
17611765
.0
1762-
.insert("endpoint", "127.0.0.1:9000");
1766+
.insert("endpoint", KMS_EXPIRED);
17631767
providers
17641768
.get_mut(&KmsProvider::Kmip)
17651769
.unwrap()
17661770
.0
1767-
.insert("endpoint", "127.0.0.1:9000");
1771+
.insert("endpoint", KMS_EXPIRED);
17681772

17691773
ClientEncryption::new(
17701774
TestClient::new().await.into_client(),
@@ -1782,17 +1786,17 @@ async fn kms_tls_options() -> Result<()> {
17821786
.get_mut(&KmsProvider::Azure)
17831787
.unwrap()
17841788
.0
1785-
.insert("identityPlatformEndpoint", "127.0.0.1:9001");
1789+
.insert("identityPlatformEndpoint", KMS_WRONG_HOST);
17861790
providers
17871791
.get_mut(&KmsProvider::Gcp)
17881792
.unwrap()
17891793
.0
1790-
.insert("endpoint", "127.0.0.1:9001");
1794+
.insert("endpoint", KMS_WRONG_HOST);
17911795
providers
17921796
.get_mut(&KmsProvider::Kmip)
17931797
.unwrap()
17941798
.0
1795-
.insert("endpoint", "127.0.0.1:9001");
1799+
.insert("endpoint", KMS_WRONG_HOST);
17961800

17971801
ClientEncryption::new(
17981802
TestClient::new().await.into_client(),
@@ -1832,25 +1836,25 @@ async fn kms_tls_options() -> Result<()> {
18321836

18331837
provider_test(
18341838
&client_encryption_no_client_cert,
1835-
aws_key("127.0.0.1:9002"),
1839+
aws_key(KMS_CORRECT),
18361840
&["SSL routines", "connection was forcibly closed"],
18371841
)
18381842
.await?;
18391843
provider_test(
18401844
&client_encryption_with_tls,
1841-
aws_key("127.0.0.1:9002"),
1845+
aws_key(KMS_CORRECT),
18421846
&["parse error"],
18431847
)
18441848
.await?;
18451849
provider_test(
18461850
&client_encryption_expired,
1847-
aws_key("127.0.0.1:9000"),
1851+
aws_key(KMS_EXPIRED),
18481852
&["certificate verify failed"],
18491853
)
18501854
.await?;
18511855
provider_test(
18521856
&client_encryption_invalid_hostname,
1853-
aws_key("127.0.0.1:9001"),
1857+
aws_key(KMS_WRONG_HOST),
18541858
&["certificate verify failed"],
18551859
)
18561860
.await?;

0 commit comments

Comments
 (0)