From 2dee25677ca246ff56f3de32bda815cdcbd889be Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 21 Dec 2023 19:32:13 -0600 Subject: [PATCH 01/37] wip handle kmip scripts --- .evergreen/config.yml | 173 +++--------------- .evergreen/run-tests.sh | 54 +----- etc/setup-encryption.sh | 38 ++++ .../client_side_encryption_prose_test.go | 8 +- mongo/integration/json_helpers_test.go | 2 +- mongo/integration/unified/entity.go | 2 +- 6 files changed, 72 insertions(+), 205 deletions(-) create mode 100644 etc/setup-encryption.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 54ad119ac9..efd3024e8a 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -123,7 +123,7 @@ functions: export UPLOAD_BUCKET="$UPLOAD_BUCKET" export PROJECT="$PROJECT" export TMPDIR="$MONGO_ORCHESTRATION_HOME/db" - export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib64/pkgconfig:$(pwd)/install/mongo-c-driver/lib/pkgconfig + export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib64/pkgconfig export LD_LIBRARY_PATH=$(pwd)/install/libmongocrypt/lib64 export PATH="$PATH" EOT @@ -299,6 +299,13 @@ functions: # Attempt to shut down a running load balancer. Ignore any errors that happen if the load # balancer is not running. DRIVERS_TOOLS=${DRIVERS_TOOLS} MONGODB_URI=${MONGODB_URI} bash ${DRIVERS_TOOLS}/.evergreen/run-load-balancer.sh stop || echo "Ignoring load balancer stop error" + - command: shell.exec + params: + shell: "bash" + script: | + ${PREPARE_SHELL} + # Clean up cse servers + bash ${DRIVERS_TOOLS}/.evergreen/csfle/stop_servers.sh - command: shell.exec params: shell: "bash" @@ -309,6 +316,7 @@ functions: cd - rm -rf $DRIVERS_TOOLS || true + fix-absolute-paths: - command: shell.exec params: @@ -506,27 +514,7 @@ functions: working_dir: src/go.mongodb.org/mongo-driver script: | ${PREPARE_SHELL} - - # Set temp credentials for AWS. - export AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" - export AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" - export AWS_DEFAULT_REGION="us-east-1" - - # Set client-side encryption credentials. - export CSFLE_TLS_CA_FILE="$PROJECT_DIRECTORY/testdata/kmip-certs/ca-ec.pem" - export CSFLE_TLS_CERTIFICATE_KEY_FILE="$PROJECT_DIRECTORY/testdata/kmip-certs/client-ec.pem" - - ${PYTHON3_BINARY} -m venv ./venv - ./venv/${VENV_BIN_DIR|bin}/pip3 install boto3 - - # Set the PYTHON environment variable to point to the active python3 binary. This is used by the - # set-temp-creds.sh script. - if [ "Windows_NT" = "$OS" ]; then - export PYTHON="$(pwd)/venv/Scripts/python" - else - export PYTHON="$(pwd)/venv/bin/python" - fi - . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh + source ./secrets-export.sh if [ "${SKIP_CRYPT_SHARED_LIB}" = "true" ]; then CRYPT_SHARED_LIB_PATH="" @@ -545,17 +533,6 @@ functions: TOPOLOGY="${TOPOLOGY}" \ MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \ BUILD_TAGS="-tags=cse" \ - AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" \ - AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" \ - AWS_DEFAULT_REGION="us-east-1" \ - CSFLE_AWS_TEMP_ACCESS_KEY_ID="$CSFLE_AWS_TEMP_ACCESS_KEY_ID" \ - CSFLE_AWS_TEMP_SECRET_ACCESS_KEY="$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY" \ - CSFLE_AWS_TEMP_SESSION_TOKEN="$CSFLE_AWS_TEMP_SESSION_TOKEN" \ - AZURE_TENANT_ID="${cse_azure_tenant_id}" \ - AZURE_CLIENT_ID="${cse_azure_client_id}" \ - AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \ - GCP_EMAIL="${cse_gcp_email}" \ - GCP_PRIVATE_KEY="${cse_gcp_private_key}" \ REQUIRE_API_VERSION="${REQUIRE_API_VERSION}" \ CRYPT_SHARED_LIB_PATH="$CRYPT_SHARED_LIB_PATH" \ make evg-test-versioned-api \ @@ -867,91 +844,14 @@ functions: export AWS_ROLE_SESSION_NAME="test" ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh web-identity - start-kms-mock-server: - - command: shell.exec - params: - shell: "bash" - script: | - ${PREPARE_SHELL} - - cd ${DRIVERS_TOOLS}/.evergreen/csfle - . ./activate-kmstlsvenv.sh - - command: shell.exec - params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/csfle - ./kmstlsvenv/bin/python3 -u kms_http_server.py -v --ca_file ../x509gen/ca.pem --cert_file ../x509gen/${CERT_FILE} --port ${PORT} - - start-kms-mock-server-require-client-cert: - - command: shell.exec - params: - shell: "bash" - script: | - ${PREPARE_SHELL} - - cd ${DRIVERS_TOOLS}/.evergreen/csfle - . ./activate-kmstlsvenv.sh - - command: shell.exec - params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/csfle - ./kmstlsvenv/bin/python3 -u kms_http_server.py -v --ca_file ../x509gen/ca.pem --cert_file ../x509gen/${CERT_FILE} --port ${PORT} --require_client_cert - start-cse-servers: - - command: shell.exec - params: - shell: "bash" - script: | - ${PREPARE_SHELL} - - cd ${DRIVERS_TOOLS}/.evergreen/csfle - . ./activate-kmstlsvenv.sh - - - command: shell.exec - params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/csfle - . ./activate-kmstlsvenv.sh - python -u kms_kmip_server.py \ - --port 5698 \ - --ca_file "${PROJECT_DIRECTORY}/testdata/kmip-certs/ca-ec.pem" \ - --cert_file "${PROJECT_DIRECTORY}/testdata/kmip-certs/server-ec.pem" - - - command: shell.exec + - command: subprocess.exec params: - shell: "bash" - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/csfle - . ./activate-kmstlsvenv.sh - python bottle.py fake_azure:imds - - - command: shell.exec - params: - script: | - # Ensure mock servers are running before starting tests. - await_server() { - for i in $(seq 300); do - # Exit code 7: "Failed to connect to host". - if curl -s "localhost:$2"; test $? -ne 7; then - return 0 - else - sleep 1 - fi - done - echo "could not detect '$1' server on port $2" - } - # * List servers to await here ... - await_server "KMS", 5698 - await_server "Azure", 8080 - - echo "finished awaiting servers" + working_dir: src/go.mongodb.org/mongo-driver + binary: bash + include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] + args: + - ./etc/setup-encryption.sh run-kms-tls-test: - command: shell.exec @@ -961,6 +861,7 @@ functions: working_dir: src/go.mongodb.org/mongo-driver script: | ${PREPARE_SHELL} + source ./secrets-export.sh export KMS_TLS_TESTCASE="${KMS_TLS_TESTCASE}" export GOFLAGS=-mod=vendor @@ -970,13 +871,6 @@ functions: TOPOLOGY="${TOPOLOGY}" \ MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \ BUILD_TAGS="-tags=cse" \ - AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" \ - AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" \ - AZURE_TENANT_ID="${cse_azure_tenant_id}" \ - AZURE_CLIENT_ID="${cse_azure_client_id}" \ - AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \ - GCP_EMAIL="${cse_gcp_email}" \ - GCP_PRIVATE_KEY="${cse_gcp_private_key}" \ make evg-test-kms \ PKG_CONFIG_PATH=$PKG_CONFIG_PATH \ LD_LIBRARY_PATH=$LD_LIBRARY_PATH @@ -989,6 +883,7 @@ functions: working_dir: src/go.mongodb.org/mongo-driver script: | ${PREPARE_SHELL} + source ./secrets-export.sh export KMS_MOCK_SERVERS_RUNNING="true" export GOFLAGS=-mod=vendor @@ -998,15 +893,6 @@ functions: TOPOLOGY="${TOPOLOGY}" \ MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \ BUILD_TAGS="-tags=cse" \ - AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" \ - AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" \ - AZURE_TENANT_ID="${cse_azure_tenant_id}" \ - AZURE_CLIENT_ID="${cse_azure_client_id}" \ - AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \ - GCP_EMAIL="${cse_gcp_email}" \ - GCP_PRIVATE_KEY="${cse_gcp_private_key}" \ - CSFLE_TLS_CA_FILE="$PROJECT_DIRECTORY/testdata/kmip-certs/ca-ec.pem" - CSFLE_TLS_CERTIFICATE_KEY_FILE="$PROJECT_DIRECTORY/testdata/kmip-certs/client-ec.pem" make evg-test-kmip \ PKG_CONFIG_PATH=$PKG_CONFIG_PATH \ LD_LIBRARY_PATH=$LD_LIBRARY_PATH @@ -1879,10 +1765,7 @@ tasks: TOPOLOGY: "server" AUTH: "noauth" SSL: "nossl" - - func: start-kms-mock-server - vars: - CERT_FILE: "expired.pem" - PORT: 8000 + - func: start-cse-servers - func: run-kms-tls-test vars: KMS_TLS_TESTCASE: "INVALID_CERT" @@ -1898,10 +1781,7 @@ tasks: TOPOLOGY: "server" AUTH: "noauth" SSL: "nossl" - - func: start-kms-mock-server - vars: - CERT_FILE: "wrong-host.pem" - PORT: 8000 + - func: start-cse-servers - func: run-kms-tls-test vars: KMS_TLS_TESTCASE: "INVALID_HOSTNAME" @@ -1917,18 +1797,7 @@ tasks: TOPOLOGY: "server" AUTH: "noauth" SSL: "nossl" - - func: start-kms-mock-server - vars: - CERT_FILE: "expired.pem" - PORT: 8000 - - func: start-kms-mock-server - vars: - CERT_FILE: "wrong-host.pem" - PORT: 8001 - - func: start-kms-mock-server-require-client-cert - vars: - CERT_FILE: "server.pem" - PORT: 8002 + - func: start-cse-servers - func: run-kmip-tests vars: TOPOLOGY: "server" diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 4b558bcd7d..91447323d4 100644 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -19,8 +19,10 @@ fi export GOROOT="${GOROOT}" export PATH="${GOROOT}/bin:${GCC_PATH}:$GOPATH/bin:$PATH" export PROJECT="${project}" -export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib64/pkgconfig:$(pwd)/install/mongo-c-driver/lib/pkgconfig + +export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib64/pkgconfig export LD_LIBRARY_PATH=$(pwd)/install/libmongocrypt/lib64 + export GOFLAGS=-mod=vendor SSL=${SSL:-nossl} @@ -38,33 +40,8 @@ if [ "$SSL" != "nossl" -a -z "${SERVERLESS+x}" ]; then fi fi -if [ -z ${AWS_ACCESS_KEY_ID+x} ]; then - export AWS_ACCESS_KEY_ID="${cse_aws_access_key_id}" - export AWS_SECRET_ACCESS_KEY="${cse_aws_secret_access_key}" -fi - -# Set temp credentials for AWS if python3 is available. -# -# Using python3-venv in Ubuntu 14.04 (an OS required for legacy server version -# tasks) requires the use of apt-get, which we wish to avoid. So, we do not set -# a python3 binary on Ubuntu 14.04. Setting AWS temp credentials for legacy -# server version tasks is unnecessary, as temp credentials are only needed on 4.2+. -if [ ! -z ${PYTHON3_BINARY} ]; then - export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" - export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" - export AWS_DEFAULT_REGION="us-east-1" - ${PYTHON3_BINARY} -m venv ./venv - - # Set the PYTHON environment variable to point to the active python3 binary. This is used by the - # set-temp-creds.sh script. - if [ "Windows_NT" = "$OS" ]; then - export PYTHON="$(pwd)/venv/Scripts/python" - else - export PYTHON="$(pwd)/venv/bin/python" - fi - - ./venv/${VENV_BIN_DIR:-bin}/pip3 install boto3 - . ${DRIVERS_TOOLS}/.evergreen/csfle/set-temp-creds.sh +if [ -f "secrets-export.sh" ]; then + source secrets-export.sh fi # If GO_BUILD_TAGS is not set, set the default Go build tags to "cse" to enable @@ -83,14 +60,6 @@ else echo "crypt_shared library will be loaded from path: $CRYPT_SHARED_LIB_PATH" fi -CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" -CSFLE_TLS_CERTIFICATE_KEY_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" - -if [ "Windows_NT" = "$OS" ]; then - CSFLE_TLS_CA_FILE=$(cygpath -m $CSFLE_TLS_CA_FILE) - CSFLE_TLS_CERTIFICATE_KEY_FILE=$(cygpath -m $CSFLE_TLS_CERTIFICATE_KEY_FILE) -fi - if [ -z ${MAKEFILE_TARGET+x} ]; then if [ "$(uname -s)" = "Darwin" ]; then # Run a subset of the tests on Darwin @@ -110,19 +79,6 @@ MONGODB_URI="${MONGODB_URI}" \ TOPOLOGY=${TOPOLOGY} \ MONGO_GO_DRIVER_COMPRESSOR=${MONGO_GO_DRIVER_COMPRESSOR} \ BUILD_TAGS="${RACE} -tags=${GO_BUILD_TAGS}" \ -AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \ -AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \ -AWS_DEFAULT_REGION="us-east-1" \ -CSFLE_AWS_TEMP_ACCESS_KEY_ID="$CSFLE_AWS_TEMP_ACCESS_KEY_ID" \ -CSFLE_AWS_TEMP_SECRET_ACCESS_KEY="$CSFLE_AWS_TEMP_SECRET_ACCESS_KEY" \ -CSFLE_AWS_TEMP_SESSION_TOKEN="$CSFLE_AWS_TEMP_SESSION_TOKEN" \ -AZURE_TENANT_ID="${cse_azure_tenant_id}" \ -AZURE_CLIENT_ID="${cse_azure_client_id}" \ -AZURE_CLIENT_SECRET="${cse_azure_client_secret}" \ -GCP_EMAIL="${cse_gcp_email}" \ -GCP_PRIVATE_KEY="${cse_gcp_private_key}" \ -CSFLE_TLS_CA_FILE="$CSFLE_TLS_CA_FILE" \ -CSFLE_TLS_CERTIFICATE_KEY_FILE="$CSFLE_TLS_CERTIFICATE_KEY_FILE" \ CRYPT_SHARED_LIB_PATH=$CRYPT_SHARED_LIB_PATH \ PKG_CONFIG_PATH=$PKG_CONFIG_PATH \ LD_LIBRARY_PATH=$LD_LIBRARY_PATH \ diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh new file mode 100644 index 0000000000..06306dd929 --- /dev/null +++ b/etc/setup-encryption.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# +# Script to set up encryption assets and servers. +set -eux + +if [ -z "$DRIVERS_TOOLS" ]; then + echo "Please define DRIVERS_TOOLS variable" + exit 1 +fi + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +PARENT_DIR=$(dirname $SCRIPT_DIR) + +# Handle the secrets +export CSFLE_TLS_CA_FILE="${PARENT_DIR}/testdata/kmip-certs/ca-ec.pem" +export CSFLE_TLS_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/server-ec.pem" +export CSFLE_TLS_CLIENT_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/client-ec.pem" + +if [ "Windows_NT" = "$OS" ]; then + export CSFLE_TLS_CA_FILE=$(cygpath -m $CSFLE_TLS_CA_FILE) + export CSFLE_TLS_CERT_FILE=$(cygpath -m $CSFLE_TLS_CERT_FILE) + export CSFLE_TLS_CLIENT_CERT_FILE=$(cygpath -m $CSFLE_TLS_CLIENT_CERT_FILE) +fi + +bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh + +# Map some of the secrets to expected environment variables. +source ./secrets-export.sh +echo "export AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh +echo "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh +echo "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh +echo "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh +echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"" >> secrets-export.sh +echo "export CSFLE_TLS_CA_FILE=\"$CSFLE_TLS_CA_FILE\"" >> secrets-export.sh +echo "export CSFLE_TLS_CERT_FILE=\"$CSFLE_TLS_CERT_FILE\"" >> secrets-export.sh + +# Start the servers. +bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh diff --git a/mongo/integration/client_side_encryption_prose_test.go b/mongo/integration/client_side_encryption_prose_test.go index b157767d2d..971bc7dac7 100644 --- a/mongo/integration/client_side_encryption_prose_test.go +++ b/mongo/integration/client_side_encryption_prose_test.go @@ -1392,7 +1392,8 @@ func TestClientSideEncryptionProse(t *testing.T) { } }) - // These tests only run when a KMS mock server is running on localhost:8000. + // These tests only run when 3 KMS HTTP servers and 1 KMS KMIP server are running. See specification for port numbers and necessary arguments: + // https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.rst#kms-tls-options-tests mt.RunOpts("10. kms tls tests", noClientOpts, func(mt *mtest.T) { kmsTlsTestcase := os.Getenv("KMS_TLS_TESTCASE") if kmsTlsTestcase == "" { @@ -1401,16 +1402,19 @@ func TestClientSideEncryptionProse(t *testing.T) { testcases := []struct { name string + port int envValue string errMessage string }{ { "invalid certificate", + 8000, "INVALID_CERT", "expired", }, { "invalid hostname", + 8001, "INVALID_HOSTNAME", "SANs", }, @@ -1433,7 +1437,7 @@ func TestClientSideEncryptionProse(t *testing.T) { bson.D{ {"region", "us-east-1"}, {"key", "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0"}, - {"endpoint", "127.0.0.1:8000"}, + {"endpoint", fmt.Sprintf("127.0.0.1:%d", tc.port)}, }, )) assert.NotNil(mt, err, "expected CreateDataKey error, got nil") diff --git a/mongo/integration/json_helpers_test.go b/mongo/integration/json_helpers_test.go index 8ddc2b6867..c4277ea668 100644 --- a/mongo/integration/json_helpers_test.go +++ b/mongo/integration/json_helpers_test.go @@ -39,7 +39,7 @@ var ( gcpEmail = os.Getenv("GCP_EMAIL") gcpPrivateKey = os.Getenv("GCP_PRIVATE_KEY") tlsCAFileKMIP = os.Getenv("CSFLE_TLS_CA_FILE") - tlsClientCertificateKeyFileKMIP = os.Getenv("CSFLE_TLS_CERTIFICATE_KEY_FILE") + tlsClientCertificateKeyFileKMIP = os.Getenv("CSFLE_TLS_CERT_FILE") ) // Helper functions to do read JSON spec test files and convert JSON objects into the appropriate driver types. diff --git a/mongo/integration/unified/entity.go b/mongo/integration/unified/entity.go index 19c6952ef6..de14cfd134 100644 --- a/mongo/integration/unified/entity.go +++ b/mongo/integration/unified/entity.go @@ -31,7 +31,7 @@ var ( var ( tlsCAFile = os.Getenv("CSFLE_TLS_CA_FILE") - tlsClientCertificateKeyFile = os.Getenv("CSFLE_TLS_CERTIFICATE_KEY_FILE") + tlsClientCertificateKeyFile = os.Getenv("CSFLE_TLS_CERT_FILE") ) type storeEventsAsEntitiesConfig struct { From 4c96bd6a940b5c4b96206101da725c2cb14bff36 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 6 Jan 2024 07:03:09 -0600 Subject: [PATCH 02/37] allow csfle to be used on macos --- .evergreen/config.yml | 2 +- .evergreen/run-tests.sh | 10 ++++++++-- Makefile | 24 ++++++++++++------------ 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index efd3024e8a..079a8d6be9 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -145,7 +145,7 @@ functions: # If this was a patch build, doing a fresh clone would not actually test the patch cp -R ${PROJECT_DIRECTORY}/ $DRIVERS_TOOLS else - git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git $DRIVERS_TOOLS + git clone --branch kmip-server-scripts https://github.com/blink1073/drivers-evergreen-tools.git $DRIVERS_TOOLS fi echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config - command: shell.exec diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 91447323d4..a243ccef53 100644 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -20,8 +20,13 @@ export GOROOT="${GOROOT}" export PATH="${GOROOT}/bin:${GCC_PATH}:$GOPATH/bin:$PATH" export PROJECT="${project}" -export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib64/pkgconfig -export LD_LIBRARY_PATH=$(pwd)/install/libmongocrypt/lib64 +if [ "$(uname -s)" = "Darwin" ]; then + export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib/pkgconfig + export DYLD_FALLBACK_LIBRARY_PATH=$(pwd)/install/libmongocrypt/lib +else + export PKG_CONFIG_PATH=$(pwd)/install/libmongocrypt/lib64/pkgconfig + export LD_LIBRARY_PATH=$(pwd)/install/libmongocrypt/lib64 +fi export GOFLAGS=-mod=vendor @@ -82,4 +87,5 @@ BUILD_TAGS="${RACE} -tags=${GO_BUILD_TAGS}" \ CRYPT_SHARED_LIB_PATH=$CRYPT_SHARED_LIB_PATH \ PKG_CONFIG_PATH=$PKG_CONFIG_PATH \ LD_LIBRARY_PATH=$LD_LIBRARY_PATH \ +MACOS_LIBRARY_PATH=$DYLD_FALLBACK_LIBRARY_PATH \ make $MAKEFILE_TARGET diff --git a/Makefile b/Makefile index 67c57d11af..2c21ef0fa9 100644 --- a/Makefile +++ b/Makefile @@ -121,7 +121,7 @@ build-aws-ecs-test: .PHONY: evg-test evg-test: - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s -p 1 ./... >> test.suite + go test -exec "env PKG_CONFIG_PATH=${PKG_CONFIG_PATH} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)}" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s -p 1 ./... >> test.suite .PHONY: evg-test-atlas-data-lake evg-test-atlas-data-lake: @@ -134,15 +134,15 @@ evg-test-enterprise-auth: .PHONY: evg-test-kmip evg-test-kmip: - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionSpec/kmipKMS >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/data_key_and_double_encryption >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/corpus >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/custom_endpoint >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/kms_tls_options_test >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionSpec/kmipKMS >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/data_key_and_double_encryption >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/corpus >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/custom_endpoint >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/kms_tls_options_test >> test.suite .PHONY: evg-test-kms evg-test-kms: - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/kms_tls_tests >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse/kms_tls_tests >> test.suite .PHONY: evg-test-load-balancers evg-test-load-balancers: @@ -185,15 +185,15 @@ evg-test-serverless: go test $(BUILD_TAGS) ./mongo/integration -run TestConvenientTransactions -v -timeout $(TEST_TIMEOUT)s >> test.suite go test $(BUILD_TAGS) ./mongo/integration -run TestCursor -v -timeout $(TEST_TIMEOUT)s >> test.suite go test $(BUILD_TAGS) ./mongo/integration/unified -run TestUnifiedSpec -v -timeout $(TEST_TIMEOUT)s >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionSpec >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionSpec >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration -run TestClientSideEncryptionProse >> test.suite .PHONY: evg-test-versioned-api evg-test-versioned-api: # Versioned API related tests are in the mongo, integration and unified packages. - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration >> test.suite - go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration/unified >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration >> test.suite + go test -exec "env PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) DYLD_LIBRARY_PATH=$(MACOS_LIBRARY_PATH)" $(BUILD_TAGS) -v -timeout $(TEST_TIMEOUT)s ./mongo/integration/unified >> test.suite .PHONY: build-kms-test build-kms-test: From 5c1d5e917accd1ed0657f091971c953494e73bc6 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 6 Jan 2024 09:25:24 -0600 Subject: [PATCH 03/37] cleanup --- .evergreen/run-tests.sh | 6 +++++- etc/setup-encryption.sh | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index a243ccef53..7e932cccd6 100644 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -10,7 +10,7 @@ if [ -z $DRIVERS_TOOLS ]; then export DRIVERS_TOOLS="$(dirname $(dirname $(dirname `pwd`)))/drivers-tools" fi -if [ "Windows_NT" = "$OS" ]; then +if [ "Windows_NT" = "${OS:-}" ]; then export GOPATH=$(cygpath -m $GOPATH) export GOCACHE=$(cygpath -m $GOCACHE) export DRIVERS_TOOLS=$(cygpath -m $DRIVERS_TOOLS) @@ -55,6 +55,10 @@ if [ -z ${GO_BUILD_TAGS+x} ]; then GO_BUILD_TAGS="cse" fi +if [[ ! -d "$(pwd)/install" ]] && [[ $GO_BUILD_TAGS == *"cse"* ]]; then + bash $(pwd)/etc/install-libmongocrypt.sh +fi + if [ "${SKIP_CRYPT_SHARED_LIB}" = "true" ]; then CRYPT_SHARED_LIB_PATH="" echo "crypt_shared library is skipped" diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 06306dd929..564a8241bd 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -16,7 +16,7 @@ export CSFLE_TLS_CA_FILE="${PARENT_DIR}/testdata/kmip-certs/ca-ec.pem" export CSFLE_TLS_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/server-ec.pem" export CSFLE_TLS_CLIENT_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/client-ec.pem" -if [ "Windows_NT" = "$OS" ]; then +if [ "Windows_NT" = "${OS:-}" ]; then export CSFLE_TLS_CA_FILE=$(cygpath -m $CSFLE_TLS_CA_FILE) export CSFLE_TLS_CERT_FILE=$(cygpath -m $CSFLE_TLS_CERT_FILE) export CSFLE_TLS_CLIENT_CERT_FILE=$(cygpath -m $CSFLE_TLS_CLIENT_CERT_FILE) From 5baf9d290deb86da8f4cd434b316935f3e8e2c17 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 06:36:27 -0600 Subject: [PATCH 04/37] better server handling --- .evergreen/config.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 079a8d6be9..25a2db85b3 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -849,9 +849,17 @@ functions: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash + background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - ./etc/setup-encryption.sh + - command: subprocess.exec + params: + working_dir: src/go.mongodb.org/mongo-driver + binary: bash + include_expansions_in_env: ["DRIVERS_TOOLS"] + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh run-kms-tls-test: - command: shell.exec From a6deedb9fcc876f6065ef6ff31f34889acefad63 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 07:41:20 -0600 Subject: [PATCH 05/37] use await encryption --- .evergreen/await-encryption.sh | 12 ++++++++++++ .evergreen/config.yml | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .evergreen/await-encryption.sh diff --git a/.evergreen/await-encryption.sh b/.evergreen/await-encryption.sh new file mode 100644 index 0000000000..f5b07c854b --- /dev/null +++ b/.evergreen/await-encryption.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# +# Script to wait for the kmip servers to start +set -eux + +if [ -z "$DRIVERS_TOOLS" ]; then + echo "Please define DRIVERS_TOOLS variable" + exit 1 +fi + +source ./secrets-export.sh +bash $DRIVERS_TOOLS/.evergreen/csfle/await_servers.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 25a2db85b3..4505b7d681 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -859,7 +859,7 @@ functions: binary: bash include_expansions_in_env: ["DRIVERS_TOOLS"] args: - - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh + - .evergreen/await-encryption.sh run-kms-tls-test: - command: shell.exec From 264f9d656402e3247b5fb26e5828a84e0cd415ad Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 07:47:27 -0600 Subject: [PATCH 06/37] fix path --- .evergreen/await-encryption.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/await-encryption.sh b/.evergreen/await-encryption.sh index f5b07c854b..04dddf62b0 100644 --- a/.evergreen/await-encryption.sh +++ b/.evergreen/await-encryption.sh @@ -8,5 +8,5 @@ if [ -z "$DRIVERS_TOOLS" ]; then exit 1 fi -source ./secrets-export.sh +source ./etc/secrets-export.sh bash $DRIVERS_TOOLS/.evergreen/csfle/await_servers.sh From f7589adb17c9018514434f9bd36cf7bc896c3e1f Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 08:06:03 -0600 Subject: [PATCH 07/37] fix path --- .evergreen/await-encryption.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.evergreen/await-encryption.sh b/.evergreen/await-encryption.sh index 04dddf62b0..1ac7ca3ee6 100644 --- a/.evergreen/await-encryption.sh +++ b/.evergreen/await-encryption.sh @@ -8,5 +8,6 @@ if [ -z "$DRIVERS_TOOLS" ]; then exit 1 fi -source ./etc/secrets-export.sh +DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $DIR../etc/secrets-export.sh bash $DRIVERS_TOOLS/.evergreen/csfle/await_servers.sh From d5e4848bd39d6bde6dc02b8ea4078502a67d74dc Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 10:41:09 -0600 Subject: [PATCH 08/37] clean up kmip handling --- .evergreen/await-encryption.sh | 13 ------------- .evergreen/config.yml | 9 +-------- .evergreen/run-tests.sh | 11 +++++++++-- etc/setup-encryption.sh | 9 --------- 4 files changed, 10 insertions(+), 32 deletions(-) delete mode 100644 .evergreen/await-encryption.sh diff --git a/.evergreen/await-encryption.sh b/.evergreen/await-encryption.sh deleted file mode 100644 index 1ac7ca3ee6..0000000000 --- a/.evergreen/await-encryption.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -# -# Script to wait for the kmip servers to start -set -eux - -if [ -z "$DRIVERS_TOOLS" ]; then - echo "Please define DRIVERS_TOOLS variable" - exit 1 -fi - -DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source $DIR../etc/secrets-export.sh -bash $DRIVERS_TOOLS/.evergreen/csfle/await_servers.sh diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 4505b7d681..69bf24ecb0 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -97,12 +97,6 @@ functions: go version go env - # Install libmongocrypt. - bash etc/install-libmongocrypt.sh - if [ "Windows_NT" = "$OS" ]; then - export PATH=$PATH:/cygdrive/c/libmongocrypt/bin - fi - cat < expansion.yml CURRENT_VERSION: "$CURRENT_VERSION" DRIVERS_TOOLS: "$DRIVERS_TOOLS" @@ -849,7 +843,6 @@ functions: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash - background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - ./etc/setup-encryption.sh @@ -859,7 +852,7 @@ functions: binary: bash include_expansions_in_env: ["DRIVERS_TOOLS"] args: - - .evergreen/await-encryption.sh + - $DRIVERS_TOOLS/.evergreen/csfle/await_servers.sh run-kms-tls-test: - command: shell.exec diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 7e932cccd6..5c1b0b698c 100644 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -55,8 +55,15 @@ if [ -z ${GO_BUILD_TAGS+x} ]; then GO_BUILD_TAGS="cse" fi -if [[ ! -d "$(pwd)/install" ]] && [[ $GO_BUILD_TAGS == *"cse"* ]]; then - bash $(pwd)/etc/install-libmongocrypt.sh +if [[ $GO_BUILD_TAGS == *"cse"* ]]; then + if [ "Windows_NT" = "$OS" ]; then + if [ ! -d /cygdrive/c/libmongocrypt/bin ]; then + bash $(pwd)/etc/install-libmongocrypt.sh + fi + export PATH=$PATH:/cygdrive/c/libmongocrypt/bin + elif [ ! -d "$(pwd)/install" ]; then + bash $(pwd)/etc/install-libmongocrypt.sh + fi fi if [ "${SKIP_CRYPT_SHARED_LIB}" = "true" ]; then diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 564a8241bd..5ed5a0f0f7 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -16,12 +16,6 @@ export CSFLE_TLS_CA_FILE="${PARENT_DIR}/testdata/kmip-certs/ca-ec.pem" export CSFLE_TLS_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/server-ec.pem" export CSFLE_TLS_CLIENT_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/client-ec.pem" -if [ "Windows_NT" = "${OS:-}" ]; then - export CSFLE_TLS_CA_FILE=$(cygpath -m $CSFLE_TLS_CA_FILE) - export CSFLE_TLS_CERT_FILE=$(cygpath -m $CSFLE_TLS_CERT_FILE) - export CSFLE_TLS_CLIENT_CERT_FILE=$(cygpath -m $CSFLE_TLS_CLIENT_CERT_FILE) -fi - bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh # Map some of the secrets to expected environment variables. @@ -31,8 +25,5 @@ echo "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh echo "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh echo "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"" >> secrets-export.sh -echo "export CSFLE_TLS_CA_FILE=\"$CSFLE_TLS_CA_FILE\"" >> secrets-export.sh -echo "export CSFLE_TLS_CERT_FILE=\"$CSFLE_TLS_CERT_FILE\"" >> secrets-export.sh -# Start the servers. bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh From 5fc1ea014e12cdb0db675907d1ec6bc2b37218ff Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 10:53:33 -0600 Subject: [PATCH 09/37] start in bg --- .evergreen/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 69bf24ecb0..a3798ba004 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -843,6 +843,7 @@ functions: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash + background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - ./etc/setup-encryption.sh From 9131503720eb65f9a6dcdb094e02325105881a6e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 12:54:38 -0600 Subject: [PATCH 10/37] try to fix expansion --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a3798ba004..b7dd9cf705 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -853,7 +853,7 @@ functions: binary: bash include_expansions_in_env: ["DRIVERS_TOOLS"] args: - - $DRIVERS_TOOLS/.evergreen/csfle/await_servers.sh + - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh run-kms-tls-test: - command: shell.exec From a730afd14cb6d4a8a884e918da9a87799eee2e6b Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 13:20:55 -0600 Subject: [PATCH 11/37] fix handling of cert file --- mongo/integration/json_helpers_test.go | 2 +- mongo/integration/unified/entity.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mongo/integration/json_helpers_test.go b/mongo/integration/json_helpers_test.go index c4277ea668..4703c9bdc9 100644 --- a/mongo/integration/json_helpers_test.go +++ b/mongo/integration/json_helpers_test.go @@ -39,7 +39,7 @@ var ( gcpEmail = os.Getenv("GCP_EMAIL") gcpPrivateKey = os.Getenv("GCP_PRIVATE_KEY") tlsCAFileKMIP = os.Getenv("CSFLE_TLS_CA_FILE") - tlsClientCertificateKeyFileKMIP = os.Getenv("CSFLE_TLS_CERT_FILE") + tlsClientCertificateKeyFileKMIP = os.Getenv("CSFLE_TLS_CLIENT_CERT_FILE") ) // Helper functions to do read JSON spec test files and convert JSON objects into the appropriate driver types. diff --git a/mongo/integration/unified/entity.go b/mongo/integration/unified/entity.go index de14cfd134..d2659cab6d 100644 --- a/mongo/integration/unified/entity.go +++ b/mongo/integration/unified/entity.go @@ -31,7 +31,7 @@ var ( var ( tlsCAFile = os.Getenv("CSFLE_TLS_CA_FILE") - tlsClientCertificateKeyFile = os.Getenv("CSFLE_TLS_CERT_FILE") + tlsClientCertificateKeyFile = os.Getenv("CSFLE_TLS_CLIENT_CERT_FILE") ) type storeEventsAsEntitiesConfig struct { From dd3b8b9785e31b90f189df0e8c36701479310e32 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 14:27:44 -0600 Subject: [PATCH 12/37] fix secrets handling --- etc/setup-encryption.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 5ed5a0f0f7..9fb681dffb 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -20,10 +20,10 @@ bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh # Map some of the secrets to expected environment variables. source ./secrets-export.sh -echo "export AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh +echo "\nexport AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh echo "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh echo "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh echo "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh -echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"" >> secrets-export.sh +echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"\n" >> secrets-export.sh bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh From 431bc4a38d32bc53cdda6f83c71b3dfd60ae03af Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 16:50:17 -0600 Subject: [PATCH 13/37] use printf --- etc/setup-encryption.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 9fb681dffb..4d06b3bb2d 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -20,10 +20,10 @@ bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh # Map some of the secrets to expected environment variables. source ./secrets-export.sh -echo "\nexport AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh -echo "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh -echo "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh -echo "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh -echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"\n" >> secrets-export.sh +printf "\nexport AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh +printf "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh +printf "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh +printf "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh +printf "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"\n" >> secrets-export.sh bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh From 25ffc375bd6c4000930219e244a37277892b80d5 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 17:05:19 -0600 Subject: [PATCH 14/37] fix file handling --- etc/setup-encryption.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 4d06b3bb2d..2417b04e97 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -20,10 +20,12 @@ bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh # Map some of the secrets to expected environment variables. source ./secrets-export.sh -printf "\nexport AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh -printf "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh -printf "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh -printf "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh -printf "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"\n" >> secrets-export.sh +echo "" >> secrets-export.sh +echo "export AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh +echo "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh +echo "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh +echo "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh +echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"" >> secrets-export.sh +echo "" >> secrets-export.sh bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh From c5c1d22665ceb013084a76e1c9a57bdddb4be960 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 17:08:00 -0600 Subject: [PATCH 15/37] more improvements --- etc/setup-encryption.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 2417b04e97..7e2c4334f6 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -20,12 +20,14 @@ bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh # Map some of the secrets to expected environment variables. source ./secrets-export.sh -echo "" >> secrets-export.sh -echo "export AZURE_TENANT_ID=\"$FLE_AZURE_TENANTID\"" >> secrets-export.sh -echo "export AZURE_CLIENT_ID=\"$FLE_AZURE_CLIENTID\"" >> secrets-export.sh -echo "export AZURE_CLIENT_SECRET=\"$FLE_AZURE_CLIENTSECRET\"" >> secrets-export.sh -echo "export GCP_EMAIL=\"$FLE_GCP_EMAIL\"" >> secrets-export.sh -echo "export GCP_PRIVATE_KEY=\"$FLE_GCP_PRIVATEKEY\"" >> secrets-export.sh -echo "" >> secrets-export.sh +cat <> ./secrets-export.sh + +export AZURE_TENANT_ID="$FLE_AZURE_TENANTID" +export AZURE_CLIENT_ID="$FLE_AZURE_CLIENTID" +export AZURE_CLIENT_SECRET="$FLE_AZURE_CLIENTSECRET" +export GCP_EMAIL="$FLE_GCP_EMAIL" +export GCP_PRIVATE_KEY="$FLE_GCP_PRIVATEKEY" + +EOT bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh From 724f3b55091bde6e8ff75be7354a2de8e88834b0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 18:05:24 -0600 Subject: [PATCH 16/37] use vault names --- etc/setup-encryption.sh | 13 ------------- mongo/integration/json_helpers_test.go | 10 +++++----- 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/etc/setup-encryption.sh b/etc/setup-encryption.sh index 7e2c4334f6..8a049415f1 100644 --- a/etc/setup-encryption.sh +++ b/etc/setup-encryption.sh @@ -17,17 +17,4 @@ export CSFLE_TLS_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/server-ec.pem" export CSFLE_TLS_CLIENT_CERT_FILE="${PARENT_DIR}/testdata/kmip-certs/client-ec.pem" bash $DRIVERS_TOOLS/.evergreen/csfle/setup_secrets.sh - -# Map some of the secrets to expected environment variables. -source ./secrets-export.sh -cat <> ./secrets-export.sh - -export AZURE_TENANT_ID="$FLE_AZURE_TENANTID" -export AZURE_CLIENT_ID="$FLE_AZURE_CLIENTID" -export AZURE_CLIENT_SECRET="$FLE_AZURE_CLIENTSECRET" -export GCP_EMAIL="$FLE_GCP_EMAIL" -export GCP_PRIVATE_KEY="$FLE_GCP_PRIVATEKEY" - -EOT - bash $DRIVERS_TOOLS/.evergreen/csfle/start_servers.sh diff --git a/mongo/integration/json_helpers_test.go b/mongo/integration/json_helpers_test.go index 4703c9bdc9..210af8e316 100644 --- a/mongo/integration/json_helpers_test.go +++ b/mongo/integration/json_helpers_test.go @@ -33,11 +33,11 @@ var ( awsTempAccessKeyID = os.Getenv("CSFLE_AWS_TEMP_ACCESS_KEY_ID") awsTempSecretAccessKey = os.Getenv("CSFLE_AWS_TEMP_SECRET_ACCESS_KEY") awsTempSessionToken = os.Getenv("CSFLE_AWS_TEMP_SESSION_TOKEN") - azureTenantID = os.Getenv("AZURE_TENANT_ID") - azureClientID = os.Getenv("AZURE_CLIENT_ID") - azureClientSecret = os.Getenv("AZURE_CLIENT_SECRET") - gcpEmail = os.Getenv("GCP_EMAIL") - gcpPrivateKey = os.Getenv("GCP_PRIVATE_KEY") + azureTenantID = os.Getenv("FLE_AZURE_TENANT_ID") + azureClientID = os.Getenv("FLE_AZURE_CLIENT_ID") + azureClientSecret = os.Getenv("FLE_AZURE_CLIENT_SECRET") + gcpEmail = os.Getenv("FLE_GCP_EMAIL") + gcpPrivateKey = os.Getenv("FLE_GCP_PRIVATE_KEY") tlsCAFileKMIP = os.Getenv("CSFLE_TLS_CA_FILE") tlsClientCertificateKeyFileKMIP = os.Getenv("CSFLE_TLS_CLIENT_CERT_FILE") ) From ef4809cf1e15e36cce466c932fa121dac0722f1a Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 20:06:40 -0600 Subject: [PATCH 17/37] update env vars --- mongo/integration/unified/entity.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mongo/integration/unified/entity.go b/mongo/integration/unified/entity.go index d2659cab6d..c01a1b13ad 100644 --- a/mongo/integration/unified/entity.go +++ b/mongo/integration/unified/entity.go @@ -579,7 +579,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err if azure, ok := ceo.KmsProviders["azure"]; ok { kmsProviders["azure"] = make(map[string]interface{}) - azureTenantID, err := getKmsCredential(azure, "tenantId", "AZURE_TENANT_ID", "") + azureTenantID, err := getKmsCredential(azure, "tenantId", "FLE_AZURE_TENANT_ID", "") if err != nil { return err } @@ -587,7 +587,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["azure"]["tenantId"] = azureTenantID } - azureClientID, err := getKmsCredential(azure, "clientId", "AZURE_CLIENT_ID", "") + azureClientID, err := getKmsCredential(azure, "clientId", "FLE_AZURE_CLIENT_ID", "") if err != nil { return err } @@ -595,7 +595,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["azure"]["clientId"] = azureClientID } - azureClientSecret, err := getKmsCredential(azure, "clientSecret", "AZURE_CLIENT_SECRET", "") + azureClientSecret, err := getKmsCredential(azure, "clientSecret", "FLE_AZURE_CLIENT_SECRET", "") if err != nil { return err } @@ -607,7 +607,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err if gcp, ok := ceo.KmsProviders["gcp"]; ok { kmsProviders["gcp"] = make(map[string]interface{}) - gcpEmail, err := getKmsCredential(gcp, "email", "GCP_EMAIL", "") + gcpEmail, err := getKmsCredential(gcp, "email", "FLE_GCP_EMAIL", "") if err != nil { return err } @@ -615,7 +615,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["gcp"]["email"] = gcpEmail } - gcpPrivateKey, err := getKmsCredential(gcp, "privateKey", "GCP_PRIVATE_KEY", "") + gcpPrivateKey, err := getKmsCredential(gcp, "privateKey", "FLE_GCP_PRIVATE_KEY", "") if err != nil { return err } From 1df79782890bec52476b0e8b9a1ccc27b5966bd1 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 20:20:45 -0600 Subject: [PATCH 18/37] fix path handling --- .evergreen/run-tests.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh index 5c1b0b698c..07793f8024 100644 --- a/.evergreen/run-tests.sh +++ b/.evergreen/run-tests.sh @@ -46,7 +46,7 @@ if [ "$SSL" != "nossl" -a -z "${SERVERLESS+x}" ]; then fi if [ -f "secrets-export.sh" ]; then - source secrets-export.sh + source $(pwd)/secrets-export.sh fi # If GO_BUILD_TAGS is not set, set the default Go build tags to "cse" to enable @@ -61,7 +61,7 @@ if [[ $GO_BUILD_TAGS == *"cse"* ]]; then bash $(pwd)/etc/install-libmongocrypt.sh fi export PATH=$PATH:/cygdrive/c/libmongocrypt/bin - elif [ ! -d "$(pwd)/install" ]; then + elif [ ! -d "$PKG_CONFIG_PATH" ]; then bash $(pwd)/etc/install-libmongocrypt.sh fi fi From 7f3f0f7ed08714e8d147b8cafd8d8476d2b2e88e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 20:26:38 -0600 Subject: [PATCH 19/37] more variable fixes --- mongo/integration/json_helpers_test.go | 10 +++++----- mongo/integration/unified/entity.go | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mongo/integration/json_helpers_test.go b/mongo/integration/json_helpers_test.go index 210af8e316..8f3b4f6f45 100644 --- a/mongo/integration/json_helpers_test.go +++ b/mongo/integration/json_helpers_test.go @@ -28,14 +28,14 @@ import ( ) var ( - awsAccessKeyID = os.Getenv("AWS_ACCESS_KEY_ID") - awsSecretAccessKey = os.Getenv("AWS_SECRET_ACCESS_KEY") + awsAccessKeyID = os.Getenv("FLE_AWS_KEY") + awsSecretAccessKey = os.Getenv("FLE_AWS_SECRET") awsTempAccessKeyID = os.Getenv("CSFLE_AWS_TEMP_ACCESS_KEY_ID") awsTempSecretAccessKey = os.Getenv("CSFLE_AWS_TEMP_SECRET_ACCESS_KEY") awsTempSessionToken = os.Getenv("CSFLE_AWS_TEMP_SESSION_TOKEN") - azureTenantID = os.Getenv("FLE_AZURE_TENANT_ID") - azureClientID = os.Getenv("FLE_AZURE_CLIENT_ID") - azureClientSecret = os.Getenv("FLE_AZURE_CLIENT_SECRET") + azureTenantID = os.Getenv("FLE_AZURE_TENANTID") + azureClientID = os.Getenv("FLE_AZURE_CLIENTID") + azureClientSecret = os.Getenv("FLE_AZURE_CLIENTSECRET") gcpEmail = os.Getenv("FLE_GCP_EMAIL") gcpPrivateKey = os.Getenv("FLE_GCP_PRIVATE_KEY") tlsCAFileKMIP = os.Getenv("CSFLE_TLS_CA_FILE") diff --git a/mongo/integration/unified/entity.go b/mongo/integration/unified/entity.go index c01a1b13ad..67628c6bf1 100644 --- a/mongo/integration/unified/entity.go +++ b/mongo/integration/unified/entity.go @@ -557,7 +557,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["aws"]["secretAccessKey"] = awsSecretAccessKey } } else { - awsAccessKeyID, err := getKmsCredential(aws, "accessKeyId", "AWS_ACCESS_KEY_ID", "") + awsAccessKeyID, err := getKmsCredential(aws, "accessKeyId", "FLE_AWS_KEY", "") if err != nil { return err } @@ -565,7 +565,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["aws"]["accessKeyId"] = awsAccessKeyID } - awsSecretAccessKey, err := getKmsCredential(aws, "secretAccessKey", "AWS_SECRET_ACCESS_KEY", "") + awsSecretAccessKey, err := getKmsCredential(aws, "secretAccessKey", "FLE_AWS_SECRET", "") if err != nil { return err } @@ -579,7 +579,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err if azure, ok := ceo.KmsProviders["azure"]; ok { kmsProviders["azure"] = make(map[string]interface{}) - azureTenantID, err := getKmsCredential(azure, "tenantId", "FLE_AZURE_TENANT_ID", "") + azureTenantID, err := getKmsCredential(azure, "tenantId", "FLE_AZURE_TENANTID", "") if err != nil { return err } @@ -587,7 +587,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["azure"]["tenantId"] = azureTenantID } - azureClientID, err := getKmsCredential(azure, "clientId", "FLE_AZURE_CLIENT_ID", "") + azureClientID, err := getKmsCredential(azure, "clientId", "FLE_AZURE_CLIENTID", "") if err != nil { return err } @@ -595,7 +595,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["azure"]["clientId"] = azureClientID } - azureClientSecret, err := getKmsCredential(azure, "clientSecret", "FLE_AZURE_CLIENT_SECRET", "") + azureClientSecret, err := getKmsCredential(azure, "clientSecret", "FLE_AZURE_CLIENTSECRET", "") if err != nil { return err } From d660aac505932ef6d7bc6f82451f63546a0bfbd9 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sun, 7 Jan 2024 20:44:20 -0600 Subject: [PATCH 20/37] fix another env var --- mongo/integration/json_helpers_test.go | 2 +- mongo/integration/unified/entity.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mongo/integration/json_helpers_test.go b/mongo/integration/json_helpers_test.go index 8f3b4f6f45..463d1e54dc 100644 --- a/mongo/integration/json_helpers_test.go +++ b/mongo/integration/json_helpers_test.go @@ -37,7 +37,7 @@ var ( azureClientID = os.Getenv("FLE_AZURE_CLIENTID") azureClientSecret = os.Getenv("FLE_AZURE_CLIENTSECRET") gcpEmail = os.Getenv("FLE_GCP_EMAIL") - gcpPrivateKey = os.Getenv("FLE_GCP_PRIVATE_KEY") + gcpPrivateKey = os.Getenv("FLE_GCP_PRIVATEKEY") tlsCAFileKMIP = os.Getenv("CSFLE_TLS_CA_FILE") tlsClientCertificateKeyFileKMIP = os.Getenv("CSFLE_TLS_CLIENT_CERT_FILE") ) diff --git a/mongo/integration/unified/entity.go b/mongo/integration/unified/entity.go index 67628c6bf1..0ae9fc006f 100644 --- a/mongo/integration/unified/entity.go +++ b/mongo/integration/unified/entity.go @@ -615,7 +615,7 @@ func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) err kmsProviders["gcp"]["email"] = gcpEmail } - gcpPrivateKey, err := getKmsCredential(gcp, "privateKey", "FLE_GCP_PRIVATE_KEY", "") + gcpPrivateKey, err := getKmsCredential(gcp, "privateKey", "FLE_GCP_PRIVATEKEY", "") if err != nil { return err } From d8c23f21a0c8b2bc634db775141b51db8b8b2277 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Jan 2024 06:35:22 -0600 Subject: [PATCH 21/37] Update contributing guide --- docs/CONTRIBUTING.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index f6d629c6d2..5ff84f21b8 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -152,6 +152,18 @@ The usage of host.docker.internal comes from the [Docker networking documentatio There is currently no arm64 support for the go1.x runtime, see [here](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Known issues running on linux/arm64 include the inability to network with the localhost from the public.ecr.aws/lambda/go Docker image. +### Encryption Tests + +Most of the tests requiring `libmongocrypt` can be run using the Docker workflow. + +However, some of the tests requires secrets handling. Please see the team [Wiki](https://wiki.corp.mongodb.com/pages/viewpage.action?spaceKey=DRIVERS&title=Testing+CSFLE) for more information. + +The test suite can be run with or without the secrets as follows: + +```bash +MAKEFILE_TARGET=evg-test-versioned-api bash .evergreen/run-tests.sh +``` + ### Load Balancer To launch the load balancer on MacOS, run the following. From cee5960cfb86d336d16258fde97cbc5845a560a2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 17 Jan 2024 12:42:17 -0600 Subject: [PATCH 22/37] Restore libmongocrypt install --- .evergreen/config.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 386fc5ab40..957eb02268 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -97,6 +97,12 @@ functions: go version go env + # Install libmongocrypt. + bash etc/install-libmongocrypt.sh + if [ "Windows_NT" = "$OS" ]; then + export PATH=$PATH:/cygdrive/c/libmongocrypt/bin + fi + cat < expansion.yml CURRENT_VERSION: "$CURRENT_VERSION" DRIVERS_TOOLS: "$DRIVERS_TOOLS" From cf3058b3fff0dc0920c7606ab7594f9c0f4f4047 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 19 Jan 2024 06:27:09 -0600 Subject: [PATCH 23/37] try without bg --- .evergreen/config.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index ff5c15c925..37b50e73b3 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -849,17 +849,9 @@ functions: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash - background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - ./etc/setup-encryption.sh - - command: subprocess.exec - params: - working_dir: src/go.mongodb.org/mongo-driver - binary: bash - include_expansions_in_env: ["DRIVERS_TOOLS"] - args: - - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh run-kms-tls-test: - command: shell.exec From 7481e220f4ee1a56bc24d90d53c97f48c1ff73f5 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 19 Jan 2024 08:17:47 -0600 Subject: [PATCH 24/37] Revert "try without bg" This reverts commit cf3058b3fff0dc0920c7606ab7594f9c0f4f4047. --- .evergreen/config.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 37b50e73b3..ff5c15c925 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -849,9 +849,17 @@ functions: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash + background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - ./etc/setup-encryption.sh + - command: subprocess.exec + params: + working_dir: src/go.mongodb.org/mongo-driver + binary: bash + include_expansions_in_env: ["DRIVERS_TOOLS"] + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh run-kms-tls-test: - command: shell.exec From d5d221505436da07313833c3cb15e83bda30d776 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 06:26:03 -0600 Subject: [PATCH 25/37] update endpoints and try without bg --- .evergreen/config.yml | 20 ++++++------- .../client_side_encryption_prose_test.go | 28 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index ff5c15c925..df2571f8a1 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -845,21 +845,21 @@ functions: ${PROJECT_DIRECTORY}/.evergreen/run-mongodb-aws-test.sh web-identity start-cse-servers: - - command: subprocess.exec + - command: ec2.assume_role params: - working_dir: src/go.mongodb.org/mongo-driver - binary: bash - background: true - include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] - args: - - ./etc/setup-encryption.sh + role_arn: ${aws_test_secrets_role} - command: subprocess.exec params: - working_dir: src/go.mongodb.org/mongo-driver + working_dir: src binary: bash - include_expansions_in_env: ["DRIVERS_TOOLS"] + include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh + - | + export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" + export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" + export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" + bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup_secrets.sh + bash ${DRIVERS_TOOLS}/.evergreen/csfle/start_servers.sh run-kms-tls-test: - command: shell.exec diff --git a/mongo/integration/client_side_encryption_prose_test.go b/mongo/integration/client_side_encryption_prose_test.go index 971bc7dac7..4820556004 100644 --- a/mongo/integration/client_side_encryption_prose_test.go +++ b/mongo/integration/client_side_encryption_prose_test.go @@ -1408,13 +1408,13 @@ func TestClientSideEncryptionProse(t *testing.T) { }{ { "invalid certificate", - 8000, + 9000, "INVALID_CERT", "expired", }, { "invalid hostname", - 8001, + 9001, "INVALID_HOSTNAME", "SANs", }, @@ -1462,12 +1462,12 @@ func TestClientSideEncryptionProse(t *testing.T) { "tenantId": azureTenantID, "clientId": azureClientID, "clientSecret": azureClientSecret, - "identityPlatformEndpoint": "127.0.0.1:8002", + "identityPlatformEndpoint": "127.0.0.1:9002", }, "gcp": { "email": gcpEmail, "privateKey": gcpPrivateKey, - "endpoint": "127.0.0.1:8002", + "endpoint": "127.0.0.1:9002", }, "kmip": { "endpoint": "127.0.0.1:5698", @@ -1483,15 +1483,15 @@ func TestClientSideEncryptionProse(t *testing.T) { "tenantId": azureTenantID, "clientId": azureClientID, "clientSecret": azureClientSecret, - "identityPlatformEndpoint": "127.0.0.1:8000", + "identityPlatformEndpoint": "127.0.0.1:9000", }, "gcp": { "email": gcpEmail, "privateKey": gcpPrivateKey, - "endpoint": "127.0.0.1:8000", + "endpoint": "127.0.0.1:9000", }, "kmip": { - "endpoint": "127.0.0.1:8000", + "endpoint": "127.0.0.1:9000", }, } @@ -1504,15 +1504,15 @@ func TestClientSideEncryptionProse(t *testing.T) { "tenantId": azureTenantID, "clientId": azureClientID, "clientSecret": azureClientSecret, - "identityPlatformEndpoint": "127.0.0.1:8001", + "identityPlatformEndpoint": "127.0.0.1:9001", }, "gcp": { "email": gcpEmail, "privateKey": gcpPrivateKey, - "endpoint": "127.0.0.1:8001", + "endpoint": "127.0.0.1:9001", }, "kmip": { - "endpoint": "127.0.0.1:8001", + "endpoint": "127.0.0.1:9001", }, } @@ -1570,22 +1570,22 @@ func TestClientSideEncryptionProse(t *testing.T) { awsMasterKeyNoClientCert := map[string]interface{}{ "region": "us-east-1", "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", - "endpoint": "127.0.0.1:8002", + "endpoint": "127.0.0.1:9002", } awsMasterKeyWithTLS := map[string]interface{}{ "region": "us-east-1", "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", - "endpoint": "127.0.0.1:8002", + "endpoint": "127.0.0.1:9002", } awsMasterKeyExpired := map[string]interface{}{ "region": "us-east-1", "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", - "endpoint": "127.0.0.1:8000", + "endpoint": "127.0.0.1:9000", } awsMasterKeyInvalidHostname := map[string]interface{}{ "region": "us-east-1", "key": "arn:aws:kms:us-east-1:579766882180:key/89fcc2c4-08b0-4bd9-9f25-e30687b580d0", - "endpoint": "127.0.0.1:8001", + "endpoint": "127.0.0.1:9001", } azureMasterKey := map[string]interface{}{ "keyVaultEndpoint": "doesnotexist.local", From d8a5b7774d61195b622189a32ad12c6d4ecf151e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 06:47:14 -0600 Subject: [PATCH 26/37] debug --- .evergreen/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index df2571f8a1..dc2553646e 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -855,6 +855,7 @@ functions: include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - | + set -eux export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" From 6c8a5bac14240e9282d575028dddd0040241d682 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 06:47:32 -0600 Subject: [PATCH 27/37] debug --- .evergreen/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index dc2553646e..2055622adf 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -859,6 +859,7 @@ functions: export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" + ls ${DRIVERS_TOOLS}/.evergreen/csfle bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup_secrets.sh bash ${DRIVERS_TOOLS}/.evergreen/csfle/start_servers.sh From 59995632da0b33c15541be5a17aa382be88a6e8f Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 06:55:15 -0600 Subject: [PATCH 28/37] debug --- .evergreen/config.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 2055622adf..93031392ca 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -856,12 +856,19 @@ functions: args: - | set -eux + echo "1" export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" + echo "2" export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" + echo "3" export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" + echo "4" ls ${DRIVERS_TOOLS}/.evergreen/csfle + echo "5" bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup_secrets.sh + echo "6" bash ${DRIVERS_TOOLS}/.evergreen/csfle/start_servers.sh + echo "7" run-kms-tls-test: - command: shell.exec From 872b14ea4b44da653401eed058120b96c69117e0 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 06:55:45 -0600 Subject: [PATCH 29/37] debug --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 93031392ca..1c59ba0ad6 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -850,7 +850,7 @@ functions: role_arn: ${aws_test_secrets_role} - command: subprocess.exec params: - working_dir: src + working_dir: src/go.mongodb.org/mongo-driver binary: bash include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: From 76864f0649ee4c138a9cdd50878c67fc28342ae2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 11:28:37 -0600 Subject: [PATCH 30/37] debug --- .evergreen/config.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 1c59ba0ad6..0340c034cd 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -863,12 +863,7 @@ functions: echo "3" export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" echo "4" - ls ${DRIVERS_TOOLS}/.evergreen/csfle - echo "5" - bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup_secrets.sh - echo "6" - bash ${DRIVERS_TOOLS}/.evergreen/csfle/start_servers.sh - echo "7" + run-kms-tls-test: - command: shell.exec From ba866d69e2b1bbc16194a652e4dd003197f60715 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 11:36:57 -0600 Subject: [PATCH 31/37] try again --- .evergreen/config.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 0340c034cd..0fee3e4e69 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -848,22 +848,19 @@ functions: - command: ec2.assume_role params: role_arn: ${aws_test_secrets_role} - - command: subprocess.exec + - command: shell.exec params: - working_dir: src/go.mongodb.org/mongo-driver + working_dir: src binary: bash include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - | - set -eux - echo "1" export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" - echo "2" export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" - echo "3" export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" - echo "4" - + ls ${DRIVERS_TOOLS}/.evergreen/csfle + bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup_secrets.sh + bash ${DRIVERS_TOOLS}/.evergreen/csfle/start_servers.sh run-kms-tls-test: - command: shell.exec From f03b774a68ef531a666ab0e78ac2b95ed4c52b00 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 11:37:34 -0600 Subject: [PATCH 32/37] cleanup --- .evergreen/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 0fee3e4e69..a7e4bd5050 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -851,9 +851,9 @@ functions: - command: shell.exec params: working_dir: src - binary: bash + shell: bash include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] - args: + script: - | export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" From 93f046f754d8dda249c2bf979baefff52619a843 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 11:38:30 -0600 Subject: [PATCH 33/37] try this --- .evergreen/config.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a7e4bd5050..b9bf1ba4f4 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -848,19 +848,13 @@ functions: - command: ec2.assume_role params: role_arn: ${aws_test_secrets_role} - - command: shell.exec + - command: subprocess.exec params: working_dir: src - shell: bash + binary: bash include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] - script: - - | - export CSFLE_TLS_CA_FILE="$(pwd)/testdata/kmip-certs/ca-ec.pem" - export CSFLE_TLS_CERT_FILE="$(pwd)/testdata/kmip-certs/server-ec.pem" - export CSFLE_TLS_CLIENT_CERT_FILE="$(pwd)/testdata/kmip-certs/client-ec.pem" - ls ${DRIVERS_TOOLS}/.evergreen/csfle - bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup_secrets.sh - bash ${DRIVERS_TOOLS}/.evergreen/csfle/start_servers.sh + args: + - etc/setup-encryption.sh run-kms-tls-test: - command: shell.exec From c1b9a184764cc981d33cc2365c9916d26d8ec459 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 24 Jan 2024 11:43:43 -0600 Subject: [PATCH 34/37] fix folder --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index b9bf1ba4f4..9a582c0748 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -850,7 +850,7 @@ functions: role_arn: ${aws_test_secrets_role} - command: subprocess.exec params: - working_dir: src + working_dir: src/go.mongodb.org/mongo-driver binary: bash include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: From 4b54dc7a9054e26ec7d14d679592e13e57ee2eb2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 25 Jan 2024 14:59:21 -0600 Subject: [PATCH 35/37] fix startup --- .evergreen/config.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 9a582c0748..a2c4fdf856 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -852,9 +852,16 @@ functions: params: working_dir: src/go.mongodb.org/mongo-driver binary: bash + background: true include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "DRIVERS_TOOLS"] args: - etc/setup-encryption.sh + - command: subprocess.exec + params: + working_dir: src/go.mongodb.org/mongo-driver + binary: bash + args: + - ${DRIVERS_TOOLS}/.evergreen/csfle/await_servers.sh run-kms-tls-test: - command: shell.exec From 50114286afe1e70251c014daab696643d372d219 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 29 Jan 2024 07:41:35 -0600 Subject: [PATCH 36/37] update to master branch --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index a2c4fdf856..428eee83c8 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -145,7 +145,7 @@ functions: # If this was a patch build, doing a fresh clone would not actually test the patch cp -R ${PROJECT_DIRECTORY}/ $DRIVERS_TOOLS else - git clone --branch kmip-server-scripts https://github.com/blink1073/drivers-evergreen-tools.git $DRIVERS_TOOLS + git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git $DRIVERS_TOOLS fi echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config - command: shell.exec From 13d78da23890490038c1fcf6be0f55d62012bf8e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 30 Jan 2024 06:42:41 -0600 Subject: [PATCH 37/37] Update docs/CONTRIBUTING.md Co-authored-by: Preston Vasquez --- docs/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 421221623c..990f58b2a6 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -156,7 +156,7 @@ There is currently no arm64 support for the go1.x runtime, see [here](https://do Most of the tests requiring `libmongocrypt` can be run using the Docker workflow. -However, some of the tests requires secrets handling. Please see the team [Wiki](https://wiki.corp.mongodb.com/pages/viewpage.action?spaceKey=DRIVERS&title=Testing+CSFLE) for more information. +However, some of the tests require secrets handling. Please see the team [Wiki](https://wiki.corp.mongodb.com/pages/viewpage.action?spaceKey=DRIVERS&title=Testing+CSFLE) for more information. The test suite can be run with or without the secrets as follows: