rename KMIP tls files to align with the shared tooling in drivers evergreen tools.

Author: baileympearson

.evergreen/config.in.yml

@@ -148,8 +148,8 @@ functions:
             export AWS_REGION='${AWS_REGION}'
             export AWS_CMK_ID='${AWS_CMK_ID}'
             export AWS_DEFAULT_REGION='us-east-1'
-            export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-            export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+            export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+            export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
           EOT
           fi
     - command: subprocess.exec
@@ -184,8 +184,8 @@ functions:
             export AWS_REGION='${AWS_REGION}'
             export AWS_CMK_ID='${AWS_CMK_ID}'
             export AWS_DEFAULT_REGION='us-east-1'
-            export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-            export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+            export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+            export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
           EOT
     - command: subprocess.exec
       type: test

.evergreen/config.yml

@@ -120,8 +120,8 @@ functions:
             export AWS_REGION='${AWS_REGION}'
             export AWS_CMK_ID='${AWS_CMK_ID}'
             export AWS_DEFAULT_REGION='us-east-1'
-            export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-            export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+            export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+            export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
           EOT
           fi
     - command: subprocess.exec
@@ -155,8 +155,8 @@ functions:
             export AWS_REGION='${AWS_REGION}'
             export AWS_CMK_ID='${AWS_CMK_ID}'
             export AWS_DEFAULT_REGION='us-east-1'
-            export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-            export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+            export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+            export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
           EOT
     - command: subprocess.exec
       type: test

.evergreen/run-custom-csfle-tests.sh

@@ -16,8 +16,8 @@ set -o errexit  # Exit the script with error if any of the commands fail
 
 
 export MONGODB_URI=${MONGODB_URI}
-export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
 export TEST_CSFLE=true
 
 npm run check:csfle

.evergreen/run-socks5-tests.sh

@@ -12,8 +12,8 @@ function setup_fle() {
   export CLIENT_ENCRYPTION=true
   source .evergreen/setup-fle.sh
 
-  export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-  export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+  export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+  export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
   export TEST_CSFLE=true
 }
 

test/integration/client-side-encryption/client_side_encryption.prose.06.corpus.test.ts

@@ -201,8 +201,8 @@ describe('Client Side Encryption Prose Corpus Test', function () {
       //    Configure both objects with ``keyVaultNamespace`` set to ``keyvault.datakeys``.
       const tlsOptions = {
         kmip: {
-          tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-          tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+          tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+          tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
         }
       };
       const extraOptions = getEncryptExtraOptions();

test/integration/client-side-encryption/client_side_encryption.prose.test.js

@@ -863,8 +863,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
           kmsProviders: customKmsProviders,
           tlsOptions: {
             kmip: {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             }
           },
           extraOptions: getEncryptExtraOptions()
@@ -875,8 +875,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
           kmsProviders: invalidKmsProviders,
           tlsOptions: {
             kmip: {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             }
           },
           extraOptions: getEncryptExtraOptions()
@@ -1371,16 +1371,16 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
     beforeEach(async function () {
       const tlsCaOptions = {
         aws: {
-          tlsCAFile: process.env.KMIP_TLS_CA_FILE
+          tlsCAFile: process.env.CSFLE_TLS_CA_FILE
         },
         azure: {
-          tlsCAFile: process.env.KMIP_TLS_CA_FILE
+          tlsCAFile: process.env.CSFLE_TLS_CA_FILE
         },
         gcp: {
-          tlsCAFile: process.env.KMIP_TLS_CA_FILE
+          tlsCAFile: process.env.CSFLE_TLS_CA_FILE
         },
         kmip: {
-          tlsCAFile: process.env.KMIP_TLS_CA_FILE
+          tlsCAFile: process.env.CSFLE_TLS_CA_FILE
         }
       };
       const clientNoTlsOptions = {
@@ -1394,20 +1394,20 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
         kmsProviders: getKmsProviders(null, null, '127.0.0.1:8002', '127.0.0.1:8002'),
         tlsOptions: {
           aws: {
-            tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-            tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+            tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+            tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
           },
           azure: {
-            tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-            tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+            tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+            tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
           },
           gcp: {
-            tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-            tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+            tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+            tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
           },
           kmip: {
-            tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-            tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+            tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+            tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
           }
         },
         extraOptions: getEncryptExtraOptions()
@@ -1752,32 +1752,32 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
           },
           tlsOptions: {
             'aws:no_client_cert': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE
             },
             'azure:no_client_cert': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE
             },
             'gcp:no_client_cert': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE
             },
             'kmip:no_client_cert': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE
             },
             'aws:with_tls': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             },
             'azure:with_tls': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             },
             'gcp:with_tls': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             },
             'kmip:with_tls': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             }
           },
           keyVaultNamespace: 'db.keys'
@@ -2354,8 +2354,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
               kmsProviders: getKmsProviders(),
               tlsOptions: {
                 kmip: {
-                  tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-                  tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+                  tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+                  tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
                 }
               },
               extraOptions: getEncryptExtraOptions(),
@@ -2379,8 +2379,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () {
               kmsProviders: getKmsProviders(),
               tlsOptions: {
                 kmip: {
-                  tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-                  tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+                  tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+                  tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
                 }
               },
               extraOptions: getEncryptExtraOptions(),

test/readme.md

@@ -508,15 +508,15 @@ The following steps will walk you through how to run the tests for CSFLE.
    ```
    > **Note:** MongoDB employees can pull these values from the Evergreen project's configuration.
 
-   | Variable Name           | Description                                                                                 |
-   | ----------------------- | ------------------------------------------------------------------------------------------- |
-   | `AWS_ACCESS_KEY_ID`     | The AWS access key ID used to generate KMS messages                                         |
-   | `AWS_SECRET_ACCESS_KEY` | The AWS secret access key used to generate KMS messages                                     |
-   | `AWS_REGION`            | The AWS region where the KMS resides (e.g., `us-east-1`)                                    |
-   | `AWS_CMK_ID`            | The Customer Master Key for the KMS                                                         |
-   | `CSFLE_KMS_PROVIDERS`   | The raw EJSON description of the KMS providers. An example of the format is provided below. |
-   | `KMIP_TLS_CA_FILE`      | /path/to/mongodb-labs/drivers-evergreen-tools/.evergreen/x509gen/ca.pem                     |
-   | `KMIP_TLS_CERT_FILE`    | /path/to/mongodb-labs/drivers-evergreen-tools/.evergreen/x509gen/client.pem                 |
+   | Variable Name                | Description                                                                                 |
+   | ---------------------------- | ------------------------------------------------------------------------------------------- |
+   | `AWS_ACCESS_KEY_ID`          | The AWS access key ID used to generate KMS messages                                         |
+   | `AWS_SECRET_ACCESS_KEY`      | The AWS secret access key used to generate KMS messages                                     |
+   | `AWS_REGION`                 | The AWS region where the KMS resides (e.g., `us-east-1`)                                    |
+   | `AWS_CMK_ID`                 | The Customer Master Key for the KMS                                                         |
+   | `CSFLE_KMS_PROVIDERS`        | The raw EJSON description of the KMS providers. An example of the format is provided below. |
+   | `CSFLE_TLS_CA_FILE`          | /path/to/mongodb-labs/drivers-evergreen-tools/.evergreen/x509gen/ca.pem                     |
+   | `CSFLE_TLS_CLIENT_CERT_FILE` | /path/to/mongodb-labs/drivers-evergreen-tools/.evergreen/x509gen/client.pem                 |
 
    The value of the `CSFLE_KMS_PROVIDERS` variable will have the following format:
 
@@ -655,8 +655,8 @@ lerna run test --scope @mongosh/service-provider-server
    ```
 4. Set the following environment variables:
     ```sh
-    export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
-    export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
+    export CSFLE_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
+    export CSFLE_TLS_CLIENT_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
     ```
 5. Install the FLE lib:
    ```sh

test/tools/spec-runner/index.js

@@ -83,8 +83,8 @@ function translateClientOptions(options) {
           };
           options.autoEncryption.tlsOptions = {
             kmip: {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             }
           };
         }
@@ -93,8 +93,8 @@ function translateClientOptions(options) {
           kmsProviders['local:name2'] = options.autoEncryptOpts.kmsProviders['local:name2'];
           options.autoEncryption.tlsOptions = {
             'local:name2': {
-              tlsCAFile: process.env.KMIP_TLS_CA_FILE,
-              tlsCertificateKeyFile: process.env.KMIP_TLS_CERT_FILE
+              tlsCAFile: process.env.CSFLE_TLS_CA_FILE,
+              tlsCertificateKeyFile: process.env.CSFLE_TLS_CLIENT_CERT_FILE
             }
           };
         }

test/tools/unified-spec-runner/unified-utils.ts

@@ -247,9 +247,8 @@ export function getMatchingEventCount(event, client, entities): number {
 /**
  * parses the process.env for three required environment variables
  *
- * - CSFLE_KMS_PROVIDERS
- * - KMIP_TLS_CA_FILE
- * - KMIP_TLS_CERT_FILE
+ * - CSFLE_TLS_CA_FILE
+ * - CSFLE_TLS_CLIENT_CERT_FILE
  *
  * @throws if any required environment variable is undefined, or if we are unable to
  *   parse the CLSFE_KMS_PROVIDERS from the environment
@@ -272,24 +271,24 @@ export function getCSFLETestDataFromEnvironment(environment: Record<string, stri
     throw new AssertionError('Malformed CSFLE_KMS_PROVIDERS provided to unified tests.');
   }
 
-  if (environment.KMIP_TLS_CA_FILE == null) {
+  if (environment.CSFLE_TLS_CA_FILE == null) {
     throw new AssertionError(
-      'KMIP_TLS_CA_FILE is required to run the csfle tests.  Please make sure it is set in the environment.'
+      'CSFLE_TLS_CA_FILE is required to run the csfle tests.  Please make sure it is set in the environment.'
     );
   }
 
-  if (environment.KMIP_TLS_CERT_FILE == null) {
+  if (environment.CSFLE_TLS_CLIENT_CERT_FILE == null) {
     throw new AssertionError(
-      'KMIP_TLS_CERT_FILE is required to run the csfle tests.  Please make sure it is set in the environment.'
+      'CSFLE_TLS_CLIENT_CERT_FILE is required to run the csfle tests.  Please make sure it is set in the environment.'
     );
   }
 
   return {
     kmsProviders: parsedKMSProviders,
     tlsOptions: {
       kmip: {
-        tlsCAFile: environment.KMIP_TLS_CA_FILE,
-        tlsCertificateKeyFile: environment.KMIP_TLS_CERT_FILE
+        tlsCAFile: environment.CSFLE_TLS_CA_FILE,
+        tlsCertificateKeyFile: environment.CSFLE_TLS_CLIENT_CERT_FILE
       }
     }
   };