diff --git a/.evergreen/prepare-crypt-shared-lib.sh b/.evergreen/prepare-crypt-shared-lib.sh deleted file mode 100755 index b716f9e3401..00000000000 --- a/.evergreen/prepare-crypt-shared-lib.sh +++ /dev/null @@ -1,34 +0,0 @@ -MONGODB_VERSION=${VERSION} -if [ -z "$MONGODB_VERSION" ]; then - # default to latest to match behavior of run-orchestration.sh. - MONGODB_VERSION=latest -fi - -. $DRIVERS_TOOLS/.evergreen/download-mongodb.sh -get_distro -# get_distro defines $DISTRO. -echo "distro='$DISTRO' version='$MONGODB_VERSION'". -get_mongodb_download_url_for "$DISTRO" "$MONGODB_VERSION" -# get_mongodb_download_url_for defines $MONGO_CRYPT_SHARED_DOWNLOAD_URL and $EXTRACT. -if [ -z "$MONGO_CRYPT_SHARED_DOWNLOAD_URL" ]; then - echo "There is no crypt_shared library for distro='$DISTRO' and version='$MONGODB_VERSION'". -else - echo "Downloading crypt_shared package from $MONGO_CRYPT_SHARED_DOWNLOAD_URL" - download_and_extract_crypt_shared "$MONGO_CRYPT_SHARED_DOWNLOAD_URL" "$EXTRACT" - CRYPT_SHARED_LIB_PATH="$(find $(pwd) -maxdepth 1 -type f \ - -name 'mongo_crypt_v1.so' -o \ - -name 'mongo_crypt_v1.dll' -o \ - -name 'mongo_crypt_v1.dylib')" - # Expect that we always find a crypt_shared library file and set the CRYPT_SHARED_LIB_PATH - # environment variable. If we didn't, print an error message and exit. - if [ -z "$CRYPT_SHARED_LIB_PATH" ]; then - echo 'CRYPT_SHARED_LIB_PATH is empty. Exiting.' - exit 1 - fi - # If we're on Windows, convert the "cygdrive" path to Windows-style paths. - if [ "Windows_NT" = "$OS" ]; then - CRYPT_SHARED_LIB_PATH=$(cygpath -m $CRYPT_SHARED_LIB_PATH) - fi - echo "CRYPT_SHARED_LIB_PATH: $CRYPT_SHARED_LIB_PATH" - echo "export CRYPT_SHARED_LIB_PATH=$CRYPT_SHARED_LIB_PATH" >crypt_shared.sh -fi diff --git a/.evergreen/setup-fle.sh b/.evergreen/setup-fle.sh index 82877177ee2..4f6f4287c88 100644 --- a/.evergreen/setup-fle.sh +++ b/.evergreen/setup-fle.sh @@ -4,10 +4,9 @@ bash ${DRIVERS_TOOLS}/.evergreen/csfle/setup-secrets.sh source secrets-export.sh if [ -z "${RUN_WITH_MONGOCRYPTD}" ]; then - # Set up crypt shared lib if we don't want to use mongocryptd - bash .evergreen/prepare-crypt-shared-lib.sh - source crypt_shared.sh - echo "CRYPT_SHARED_LIB_PATH: $CRYPT_SHARED_LIB_PATH" + echo "crypt shared: $CRYPT_SHARED_LIB_PATH" else + rm $CRYPT_SHARED_LIB_PATH + unset CRYPT_SHARED_LIB_PATH echo "CRYPT_SHARED_LIB_PATH not set; using mongocryptd" fi diff --git a/test/integration/client-side-encryption/client_side_encryption.prose.test.js b/test/integration/client-side-encryption/client_side_encryption.prose.test.js index d067bf1804c..c017892e4c8 100644 --- a/test/integration/client-side-encryption/client_side_encryption.prose.test.js +++ b/test/integration/client-side-encryption/client_side_encryption.prose.test.js @@ -1146,7 +1146,8 @@ describe('Client Side Encryption Prose Tests', metadata, function () { mongocryptdSpawnArgs: [ '--pidfilepath=bypass-spawning-mongocryptd.pid', '--port=27021' - ] + ], + cryptSharedLibSearchPaths: [] } } } diff --git a/test/integration/client-side-encryption/driver.test.ts b/test/integration/client-side-encryption/driver.test.ts index 2b0f6447f1a..991b93491d5 100644 --- a/test/integration/client-side-encryption/driver.test.ts +++ b/test/integration/client-side-encryption/driver.test.ts @@ -718,6 +718,7 @@ describe('CSOT', function () { keyVaultClient, keyVaultNamespace: 'keyvault.datakeys', kmsProviders: getLocalKmsProvider(), + extraOptions: getEncryptExtraOptions(), schemaMap: { 'test.test': { bsonType: 'object', @@ -771,14 +772,15 @@ describe('CSOT', function () { autoEncryption: { keyVaultClient, keyVaultNamespace: 'admin.datakeys', - kmsProviders: getLocalKmsProvider() + kmsProviders: getLocalKmsProvider(), + extraOptions: getEncryptExtraOptions() } } ); }); afterEach(async function () { - await encryptedClient.close(); + await encryptedClient?.close(); }); it('the command succeeds', metadata, async function () { diff --git a/test/integration/client-side-operations-timeout/client_side_operations_timeout.unit.test.ts b/test/integration/client-side-operations-timeout/client_side_operations_timeout.unit.test.ts index 4ca8e32f913..5d7d3f61883 100644 --- a/test/integration/client-side-operations-timeout/client_side_operations_timeout.unit.test.ts +++ b/test/integration/client-side-operations-timeout/client_side_operations_timeout.unit.test.ts @@ -200,7 +200,8 @@ describe('CSOT spec unit tests', function () { mongocryptdSpawnArgs: [ `--pidfilepath=${new ObjectId().toHexString()}.pid`, '--port=27020' - ] + ], + cryptSharedLibSearchPaths: [] }, keyVaultNamespace: 'admin.datakeys', kmsProviders: { diff --git a/test/integration/crud/crud.prose.test.ts b/test/integration/crud/crud.prose.test.ts index 8665d69a1f3..8a0d80cc139 100644 --- a/test/integration/crud/crud.prose.test.ts +++ b/test/integration/crud/crud.prose.test.ts @@ -13,6 +13,7 @@ import { MongoInvalidArgumentError, MongoServerError } from '../../mongodb'; +import { getEncryptExtraOptions } from '../../tools/utils'; import { filterForCommands } from '../shared'; describe('CRUD Prose Spec Tests', () => { @@ -1023,7 +1024,8 @@ describe('CRUD Prose Spec Tests', () => { accessKeyId: 'foo', secretAccessKey: 'bar' } - } + }, + extraOptions: getEncryptExtraOptions() } } ); diff --git a/test/spec/load-balancers/non-lb-connection-establishment.json b/test/spec/load-balancers/non-lb-connection-establishment.json index 6aaa7bdf98b..f4fed13cc23 100644 --- a/test/spec/load-balancers/non-lb-connection-establishment.json +++ b/test/spec/load-balancers/non-lb-connection-establishment.json @@ -57,6 +57,19 @@ "tests": [ { "description": "operations against non-load balanced clusters fail if URI contains loadBalanced=true", + "runOnRequirements": [ + { + "maxServerVersion": "8.0.99", + "topologies": [ + "single" + ] + }, + { + "topologies": [ + "sharded" + ] + } + ], "operations": [ { "name": "runCommand", diff --git a/test/spec/load-balancers/non-lb-connection-establishment.yml b/test/spec/load-balancers/non-lb-connection-establishment.yml index e805549ac0d..7eea3957ab4 100644 --- a/test/spec/load-balancers/non-lb-connection-establishment.yml +++ b/test/spec/load-balancers/non-lb-connection-establishment.yml @@ -42,6 +42,11 @@ tests: # If the server is not configured to be behind a load balancer and the URI contains loadBalanced=true, the driver # should error during the connection handshake because the server's hello response does not contain a serviceId field. - description: operations against non-load balanced clusters fail if URI contains loadBalanced=true + runOnRequirements: + - maxServerVersion: 8.0.99 # DRIVERS-3108: Skip test on >=8.1 mongod. SERVER-85804 changes a non-LB mongod to close connection. + topologies: [ single ] + - topologies: [ sharded ] + operations: - name: runCommand object: *lbTrueDatabase diff --git a/test/tools/runner/filters/client_encryption_filter.ts b/test/tools/runner/filters/client_encryption_filter.ts index 79983816d77..3bb66df72fa 100644 --- a/test/tools/runner/filters/client_encryption_filter.ts +++ b/test/tools/runner/filters/client_encryption_filter.ts @@ -4,9 +4,44 @@ import * as process from 'process'; import { satisfies } from 'semver'; import { kmsCredentialsPresent } from '../../../csfle-kms-providers'; -import { type MongoClient } from '../../../mongodb'; +import { type AutoEncrypter, MongoClient } from '../../../mongodb'; import { Filter } from './filter'; +function getCryptSharedVersion(): AutoEncrypter['cryptSharedLibVersionInfo'] | null { + try { + const mc = new MongoClient('mongodb://localhost:27017', { + autoEncryption: { + kmsProviders: { + local: { + key: Buffer.alloc(96) + } + }, + extraOptions: { + cryptSharedLibPath: process.env.CRYPT_SHARED_LIB_PATH + } + } + }); + return mc.autoEncrypter.cryptSharedLibVersionInfo; + } catch { + try { + const mc = new MongoClient('mongodb://localhost:27017', { + autoEncryption: { + kmsProviders: { + local: { + key: Buffer.alloc(96) + } + } + } + }); + return mc.autoEncrypter.cryptSharedLibVersionInfo; + } catch { + // squash errors + } + } + + return null; +} + /** * Filter for whether or not a test needs / doesn't need Client Side Encryption * @@ -24,15 +59,18 @@ export class ClientSideEncryptionFilter extends Filter { enabled: boolean; static version = null; static libmongocrypt: string | null = null; + static cryptShared: AutoEncrypter['cryptSharedLibVersionInfo'] | null = null; override async initializeFilter(client: MongoClient, context: Record) { - let mongodbClientEncryption; + let mongodbClientEncryption: typeof import('mongodb-client-encryption'); try { // eslint-disable-next-line @typescript-eslint/no-require-imports mongodbClientEncryption = require('mongodb-client-encryption'); ClientSideEncryptionFilter.libmongocrypt = ( mongodbClientEncryption as typeof import('mongodb-client-encryption') ).MongoCrypt.libmongocryptVersion; + + ClientSideEncryptionFilter.cryptShared = getCryptSharedVersion(); } catch (failedToGetFLELib) { if (process.env.TEST_CSFLE) { console.error({ failedToGetFLELib }); @@ -53,7 +91,8 @@ export class ClientSideEncryptionFilter extends Filter { enabled: this.enabled, mongodbClientEncryption, version: ClientSideEncryptionFilter.version, - libmongocrypt: ClientSideEncryptionFilter.libmongocrypt + libmongocrypt: ClientSideEncryptionFilter.libmongocrypt, + cryptShared: ClientSideEncryptionFilter.cryptShared }; } diff --git a/test/tools/runner/hooks/configuration.ts b/test/tools/runner/hooks/configuration.ts index 1af5e7a6ee6..ee31fc506f3 100644 --- a/test/tools/runner/hooks/configuration.ts +++ b/test/tools/runner/hooks/configuration.ts @@ -176,9 +176,7 @@ const testConfigBeforeHook = async function () { auth: process.env.AUTH === 'auth', tls: process.env.SSL === 'ssl', csfle: { - enabled: this.configuration.clientSideEncryption.enabled, - version: this.configuration.clientSideEncryption.version, - libmongocrypt: this.configuration.clientSideEncryption.libmongocrypt + ...this.configuration.clientSideEncryption }, serverApi: MONGODB_API_VERSION, atlas: process.env.ATLAS_CONNECTIVITY != null,