Skip to content

Commit

Permalink
ci(NODE-4629): run csfle tests on serverless (mongodb#3442)
Browse files Browse the repository at this point in the history
  • Loading branch information
@baileympearson @ZLY201
baileympearson authored and ZLY201 committed Nov 5, 2022
1 parent b60ef6f commit f103af6
Show file tree
Hide file tree
Showing 34 changed files with 150 additions and 40 deletions.
40 changes: 39 additions & 1 deletion .evergreen/config.in.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,47 @@ functions:
- command: shell.exec
type: test
params:
working_dir: "src"
silent: true
working_dir: src
script: |
cat <<EOT > prepare_client_encryption.sh
export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION}
export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}'
export AWS_ACCESS_KEY_ID='${AWS_ACCESS_KEY_ID}'
export AWS_SECRET_ACCESS_KEY='${AWS_SECRET_ACCESS_KEY}'
export AWS_DEFAULT_REGION='us-east-1'
export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
EOT
- command: shell.exec
type: test
params:
working_dir: src
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}
# Disable xtrace (just in case it was accidentally set).
set +x
source ./prepare_client_encryption.sh
rm -f ./prepare_client_encryption.sh
export VERSION=${VERSION}
export DRIVERS_TOOLS=${DRIVERS_TOOLS}
source ${PROJECT_DIRECTORY}/.evergreen/prepare-crypt-shared-lib.sh
echo "CRYPT_SHARED_LIB_PATH: $CRYPT_SHARED_LIB_PATH"
# Get access to the AWS temporary credentials:
echo "adding temporary AWS credentials to environment"
# CSFLE_AWS_TEMP_ACCESS_KEY_ID, CSFLE_AWS_TEMP_SECRET_ACCESS_KEY, CSFLE_AWS_TEMP_SESSION_TOKEN
. "$DRIVERS_TOOLS"/.evergreen/csfle/set-temp-creds.sh
MONGODB_URI="${MONGODB_URI}" \
AUTH=${AUTH} SSL=${SSL} TEST_CSFLE=true \
MONGODB_API_VERSION="${MONGODB_API_VERSION}"
export MONGODB_API_VERSION="${MONGODB_API_VERSION}"
export AUTH="auth"
Expand Down Expand Up @@ -917,6 +953,8 @@ tasks:
- name: "test-serverless"
tags: ["serverless"]
commands:
- func: install dependencies
- func: bootstrap kms servers
- func: "run serverless tests"

- name: run-spec-benchmark-tests
Expand Down
38 changes: 38 additions & 0 deletions .evergreen/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,47 @@ functions:
- command: shell.exec
type: test
params:
silent: true
working_dir: src
script: |
cat <<EOT > prepare_client_encryption.sh
export CLIENT_ENCRYPTION=${CLIENT_ENCRYPTION}
export CSFLE_KMS_PROVIDERS='${CSFLE_KMS_PROVIDERS}'
export AWS_ACCESS_KEY_ID='${AWS_ACCESS_KEY_ID}'
export AWS_SECRET_ACCESS_KEY='${AWS_SECRET_ACCESS_KEY}'
export AWS_DEFAULT_REGION='us-east-1'
export KMIP_TLS_CA_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem"
export KMIP_TLS_CERT_FILE="${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem"
EOT
- command: shell.exec
type: test
params:
working_dir: src
timeout_secs: 300
shell: bash
script: |
${PREPARE_SHELL}
# Disable xtrace (just in case it was accidentally set).
set +x
source ./prepare_client_encryption.sh
rm -f ./prepare_client_encryption.sh
export VERSION=${VERSION}
export DRIVERS_TOOLS=${DRIVERS_TOOLS}
source ${PROJECT_DIRECTORY}/.evergreen/prepare-crypt-shared-lib.sh
echo "CRYPT_SHARED_LIB_PATH: $CRYPT_SHARED_LIB_PATH"
# Get access to the AWS temporary credentials:
echo "adding temporary AWS credentials to environment"
# CSFLE_AWS_TEMP_ACCESS_KEY_ID, CSFLE_AWS_TEMP_SECRET_ACCESS_KEY, CSFLE_AWS_TEMP_SESSION_TOKEN
. "$DRIVERS_TOOLS"/.evergreen/csfle/set-temp-creds.sh
MONGODB_URI="${MONGODB_URI}" \
AUTH=${AUTH} SSL=${SSL} TEST_CSFLE=true \
MONGODB_API_VERSION="${MONGODB_API_VERSION}"
export MONGODB_API_VERSION="${MONGODB_API_VERSION}"
export AUTH="auth"
Expand Down Expand Up @@ -864,6 +900,8 @@ tasks:
tags:
- serverless
commands:
- func: install dependencies
- func: bootstrap kms servers
- func: run serverless tests
- name: run-spec-benchmark-tests
tags:
Expand Down
5 changes: 4 additions & 1 deletion .evergreen/run-serverless-tests.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi
if [ -z ${SERVERLESS_ATLAS_USER+omitted} ]; then echo "SERVERLESS_ATLAS_USER is unset" && exit 1; fi
if [ -z ${SERVERLESS_ATLAS_PASSWORD+omitted} ]; then echo "SERVERLESS_ATLAS_PASSWORD is unset" && exit 1; fi

npm install mongodb-client-encryption@">=2.3.0"

npx mocha \
--config test/mocha_mongodb.json \
test/integration/crud/crud.spec.test.js \
Expand All @@ -21,4 +23,5 @@ npx mocha \
test/integration/transactions/transactions.spec.test.js \
test/integration/transactions/transactions.test.ts \
test/integration/versioned-api/versioned_api.spec.test.js \
test/integration/load-balancers/load_balancers.spec.test.js
test/integration/load-balancers/load_balancers.spec.test.js \
test/integration/client-side-encryption/client_side_encryption.spec.test.ts
22 changes: 19 additions & 3 deletions test/integration/client-side-encryption/client_side_encryption.spec.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ const SKIPPED_TESTS = new Set([
...(isAuthEnabled ? skippedAuthTests.concat(skippedNoAuthTests) : skippedNoAuthTests)
]);

const isServerless = !!process.env.SERVERLESS;

describe('Client Side Encryption (Legacy)', function () {
const testContext = new TestRunnerContext({ requiresCSFLE: true });
const testSuites = gatherTestSuites(
Expand All @@ -78,12 +80,26 @@ describe('Client Side Encryption (Legacy)', function () {
return testContext.setup(this.configuration);
});

generateTopologyTests(testSuites, testContext, spec => {
return !SKIPPED_TESTS.has(spec.description);
generateTopologyTests(testSuites, testContext, ({ description }) => {
if (SKIPPED_TESTS.has(description)) {
return false;
}
if (isServerless) {
// TODO(NODE-4730): Fix failing csfle tests against serverless
const isSkippedTest = [
'BypassQueryAnalysis decrypts',
'encryptedFieldsMap is preferred over remote encryptedFields'
].includes(description);

return !isSkippedTest;
}
return true;
});
});

describe('Client Side Encryption (Unified)', function () {
installNode18DNSHooks();
runUnifiedSuite(loadSpecTests(path.join('client-side-encryption', 'tests', 'unified')));
runUnifiedSuite(loadSpecTests(path.join('client-side-encryption', 'tests', 'unified')), () =>
isServerless ? 'Unified CSFLE tests to not run on serverless' : false
);
});
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-BypassQueryAnalysis.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-BypassQueryAnalysis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-Compact.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-Compact.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-CreateCollection.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-CreateCollection.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]

database_name: &database_name "default"
collection_name: &collection_name "default"
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-DecryptExistingData.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-DecryptExistingData.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: [
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-Delete.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-Delete.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down
3 changes: 2 additions & 1 deletion .../spec/client-side-encryption/tests/legacy/fle2-EncryptedFields-vs-EncryptedFieldsMap.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
4 changes: 2 additions & 2 deletions test/spec/client-side-encryption/tests/legacy/fle2-EncryptedFields-vs-EncryptedFieldsMap.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down Expand Up @@ -77,4 +77,4 @@ tests:
outcome:
collection:
data:
- *doc0
- *doc0
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-EncryptedFields-vs-jsonSchema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-EncryptedFields-vs-jsonSchema.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-EncryptedFieldsMap-defaults.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
4 changes: 2 additions & 2 deletions test/spec/client-side-encryption/tests/legacy/fle2-EncryptedFieldsMap-defaults.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down Expand Up @@ -54,4 +54,4 @@ tests:
outcome:
collection:
data:
- *doc0
- *doc0
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-FindOneAndUpdate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-FindOneAndUpdate.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-InsertFind-Indexed.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-InsertFind-Indexed.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down
3 changes: 2 additions & 1 deletion test/spec/client-side-encryption/tests/legacy/fle2-InsertFind-Unindexed.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"minServerVersion": "6.0.0",
"topology": [
"replicaset",
"sharded"
"sharded",
"load-balanced"
]
}
],
Expand Down
4 changes: 2 additions & 2 deletions test/spec/client-side-encryption/tests/legacy/fle2-InsertFind-Unindexed.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
runOn:
- minServerVersion: "6.0.0"
# FLE 2 Encrypted collections are not supported on standalone.
topology: [ "replicaset", "sharded" ]
topology: [ "replicaset", "sharded", "load-balanced" ]
database_name: &database_name "default"
collection_name: &collection_name "default"
data: []
Expand Down Expand Up @@ -84,4 +84,4 @@ tests:
# Before the message was "cannot query non-indexed fields with the randomized encryption algorithm"
# After: "can only execute encrypted equality queries with an encrypted equality index"
# Use a small common substring.
errorContains: "encrypt"
errorContains: "encrypt"

0 comments on commit f103af6

Please sign in to comment.